Medium CV0-004 practice questions
Applied — put a concept to work in a realistic situation. 132 medium questions available — no sign-up, always free.
A cloud operations team receives thousands of alerts daily from their monitoring platform. On-call engineers report that most alerts are transient CPU spikes that self-resolve within a minute, and they have started ignoring notifications, which caused a genuine outage to go unnoticed for 20 minutes. Which action should the team take FIRST to reduce alert fatigue while preserving detection of real incidents?
A cloud operations team monitors a customer-facing API whose traffic varies significantly by time of day and day of week. Static threshold alerts on request latency generate misses during low-traffic periods (real spikes go unnoticed) and false alarms during known peak hours. Which monitoring approach best improves alert accuracy across these varying traffic patterns?
A mobile app backend runs behind a managed API gateway. During a marketing promotion, users report intermittent failures. The application logs show a burst of HTTP 429 responses returned by the gateway itself, while backend service CPU, memory, and latency metrics all remain well within normal ranges. What is the MOST likely root cause?
A financial services company must retain cloud audit logs for seven years to satisfy regulatory requirements. During a recent compliance audit, investigators raised concerns that a privileged administrator could tamper with or delete logs to hide malicious activity. Which control best ensures the integrity and non-repudiation of the retained audit logs?
A retail company runs a stateless web application across an auto scaling group behind a load balancer. During a recent incident, the load balancer continued sending traffic to instances that had crashed at the application layer even though the operating system was still running, resulting in intermittent HTTP 500 errors for customers. The architect wants to ensure that unhealthy instances are automatically detected and replaced without manual intervention. Which design change BEST addresses this requirement?
A media company runs a nightly video transcoding pipeline that processes thousands of independent jobs. The work is fault-tolerant and can be restarted if a worker is terminated, and there is no strict deadline as long as jobs complete before morning. The cloud team wants to minimize compute cost for this batch workload while retaining the ability to scale out to hundreds of workers. Which compute purchasing and scaling strategy best fits these requirements?
A cloud operations team must retain daily backups for 7 days, weekly backups for 5 weeks, and monthly backups for 12 months while minimizing storage cost. Backups are currently created manually, which has led to inconsistent retention and growing storage bills. Which approach best automates this requirement?
A financial services company runs nightly automated backups of its production database to a separate cloud region. During a quarterly audit, the compliance team asks for evidence that the backups can actually be used to recover the system within the documented RTO. The operations team confirms backup jobs complete successfully every night with no errors. What is the MOST important additional action the operations team should take to satisfy the auditor and reduce recovery risk?
A company performs a full backup of a 5 TB file server every night to cloud object storage, retaining 30 days of history. The daily data change rate is only about 2%. The cloud storage bill for backups has grown to an unsustainable level, and the backup window is beginning to exceed the overnight maintenance period. Which change will MOST effectively reduce both storage consumption and backup duration while preserving the 30-day recovery capability?
A database administrator is migrating a transactional (OLTP) PostgreSQL database to a cloud IaaS virtual machine. The workload generates a high volume of small, random read/write operations and requires consistent sub-millisecond latency to meet application SLAs. The team must select the appropriate storage design for the database data volume. Which storage choice BEST meets these requirements?
A cloud engineer must deploy a new version of a customer-facing web application with zero downtime. Requirements state that the new version must be fully tested in a production-identical environment before receiving live traffic, and that traffic must be able to revert instantly to the previous version if post-deployment validation fails. Which deployment strategy BEST meets these requirements?
A financial services company must retain full control over the cryptographic key material used to encrypt data stored in a cloud provider's managed key service, per regulatory requirements. Auditors require that the company generate the key material on-premises and be able to revoke the provider's ability to use it at any time. Which approach best meets these requirements?
A DevOps team wants to reduce deployment risk for a high-traffic web service. They release a new version to only 5% of production traffic, monitor error rates and latency, and gradually increase the percentage to 100% if metrics remain healthy. If problems appear, they roll back the small exposed portion. Which deployment strategy is this team using?
A media company hosts a video streaming website on a single region's object storage bucket fronted by a web server. Users in Europe and Asia complain of slow load times and buffering for static assets (images, thumbnails, and pre-recorded video segments), while North American users report acceptable performance. The company wants to reduce latency for global users with minimal changes to its origin infrastructure and predictable cost. Which design change should the architect implement?
A media startup hosts a growing library of on-demand training videos in a single-region object storage bucket. Users worldwide report inconsistent buffering, and the company's monthly egress costs from the storage service have risen sharply as viewership expands. The architecture team must reduce global latency while lowering repeat data-transfer charges from origin storage. Which design change BEST meets both goals?
A cloud team manages dozens of public-facing services, each fronted by a TLS certificate that must be renewed annually. Last quarter, an expired certificate caused a customer-facing outage because no one noticed the renewal deadline. The team wants a durable solution that prevents recurrence while minimizing manual effort. Which approach BEST addresses the root cause?
A DevOps team builds an application artifact in their CI pipeline, deploys it to a staging environment for QA testing, and then rebuilds the artifact from the same source branch before deploying to production. QA-approved builds occasionally behave differently in production. Which change to the pipeline BEST resolves this inconsistency?
A development team practicing continuous delivery is struggling with long-lived feature branches that cause painful merge conflicts and delay integration by weeks. Leadership wants developers to integrate their code into the main line at least daily while still being able to hide incomplete functionality from end users in production. Which combination of practices best achieves this goal?
A cloud engineering team has a CI/CD pipeline that automatically builds, tests, and deploys code to production whenever a merge to the main branch occurs. After a recent incident where an untested schema change reached production, leadership requires that changes to the production environment receive human sign-off while keeping all lower-environment deployments fully automated. Which change to the pipeline BEST satisfies this requirement?
A DevOps team's CI/CD pipeline runs sequentially: it compiles code, then runs unit tests, then runs a set of independent integration test suites (database, API, and messaging), and finally packages the artifact. Total pipeline time has grown to 45 minutes, and developers complain about slow feedback. Analysis shows the three integration test suites do not depend on one another and collectively account for 25 minutes of runtime. Which change would MOST effectively reduce total pipeline duration without sacrificing test coverage?
A development team currently runs security scans only after code is deployed to a staging environment, which frequently discovers vulnerabilities late and forces costly rework. The security team wants to catch coding flaws such as SQL injection and insecure functions as early as possible in the CI/CD pipeline, ideally before the application is even built. Which practice should the team implement to best achieve this goal?
A DevOps team's CI/CD pipeline runs the following stages in order: build, unit tests, container image scan, integration tests, and deploy to staging. Developers complain that they wait more than 30 minutes for feedback on syntax and logic errors because the slower integration tests run before failures in simpler checks surface. Which change to the pipeline best improves the speed of feedback for the most common defects while preserving overall quality gates?
A DevOps team pushes a new application version through their CI/CD pipeline to production. Minutes after deployment completes, monitoring shows a spike in HTTP 500 errors caused by a defect that passed automated tests. The team needs the fastest, most reliable way to restore service while they investigate. Which capability should the pipeline provide to meet this need?
Users of a newly deployed application server are intermittently unable to authenticate against the corporate identity provider using OIDC tokens. The error logs on the application server show 'token used before issued' and 'token expired' messages even for freshly issued tokens. Other application servers behind the same load balancer authenticate successfully. Following a structured troubleshooting methodology, what should the administrator investigate FIRST on the failing server?
During a compliance audit, a security engineer discovers that an object storage bucket containing customer PII is accessible to anyone on the internet because its access control policy grants read permissions to all principals. The organization must remain compliant with data protection regulations while keeping the data available to an internal analytics application running in the same cloud account. Which action BEST remediates the exposure while preserving required functionality?