100% Real & Accurate CNX-001 Questions and Answers with Free and Fast Updates [Q23-Q48]

Share

100% Real & Accurate CNX-001 Questions and Answers with Free and Fast Updates

Get Unlimited Access to CNX-001 Certification Exam Cert Guide


CompTIA CNX-001 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Network Security: This section of the exam measures the skills of Security Engineers and covers core practices for protecting network infrastructure. It includes applying firewall rules, implementing access control measures, and designing secure segmentation strategies. The content emphasizes threat mitigation techniques, secure configuration of networking devices, and adherence to compliance frameworks, preparing professionals to safeguard both internal and external network assets effectively.
Topic 2
  • Network Architecture Design: This section of the exam measures the skills of Network Architects and covers the ability to design scalable, secure, and efficient network architectures. It focuses on understanding design principles, selecting appropriate network components, and aligning architecture decisions with organizational needs. Candidates are expected to demonstrate a solid grasp of topology planning, high-availability configurations, and integration of cloud and on-premise systems to ensure reliability and performance.
Topic 3
  • Network Troubleshooting: This section of the exam measures the skills of Network Support Engineers and covers diagnosing and resolving connectivity and performance issues across various network layers. It focuses on identifying root causes, using diagnostic tools, and applying systematic troubleshooting methodologies. The goal is to ensure that professionals can minimize downtime, restore service quickly, and prevent recurring problems by maintaining a resilient and stable network environment.
Topic 4
  • Network Operations, Monitoring, and Performance: This section of the exam measures skills of Network Operations Specialists and covers day-to-day operational management of network environments. It involves configuring monitoring tools, analyzing performance data, and responding to alerts. Candidates are evaluated on their ability to maintain network health, optimize throughput, and ensure consistent uptime by applying best practices for proactive performance tuning and operations management.

 

NEW QUESTION # 23
A network architect needs to build a new data center for a large company that has business units that process retail financial transactions. Which of the following information should the architect request from the company?

  • A. Statement of work
  • B. Business case study
  • C. Internal reference architecture
  • D. Regulatory requirements

Answer: D

Explanation:
Before designing a facility that will handle retail financial transactions, you need to understand all applicable compliance and security mandates (e.g. PCI DSS, SOX, GDPR). Those regulatory requirements will drive your choices around physical security, network segmentation, encryption, logging, redundancy, and operational controls, ensuring the data center meets its legal and industry-specific obligations.


NEW QUESTION # 24
A company is expanding operations and opening a new facility. The executive leadership team decides to purchase an insurance policy that will cover the cost of rebuilding the facility in case of a natural disaster.
Which of the following describes the team's decision?

  • A. Memorandum of understanding
  • B. Business continuity
  • C. Risk transference
  • D. Disaster recovery

Answer: C

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Risk transference is a risk management strategy in which the financial impact of a risk is shifted to a third party, such as an insurance company. In this scenario, the purchase of an insurance policy to cover potential damage or loss from a natural disaster is an example of transferring risk, not avoiding, mitigating, or accepting it.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide under "Risk Management Concepts":
"Risk transference involves moving the responsibility or financial burden of a risk to a third party, often through the purchase of insurance or third-party service agreements." This approach is contrasted with mitigation (reducing risk), acceptance (living with the risk), or avoidance (eliminating the risk).


NEW QUESTION # 25
A call center company provides its services through a VoIP infrastructure. Recently, the call center set up an application to manage its documents on a cloud application. The application is causing recurring audio losses for VoIP callers. The network administrator needs to fix the issue with the least expensive solution. Which of the following is the best approach?

  • A. Creating two VLANs, one for voice and the other for data
  • B. Setting up VoIP devices to use a voice codec with a higher compression rate
  • C. Configuring QoS rules at the internet router to prioritize the VoIP calls
  • D. Adding a second internet link and physically splitting voice and data networks into different routes

Answer: C

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Quality of Service (QoS) rules at the internet router can prioritize VoIP traffic over other data, such as cloud document access. VoIP is sensitive to latency and jitter, and configuring QoS ensures that voice packets are prioritized during congestion. This is the most cost-effective solution that doesn't require additional infrastructure.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Traffic Management and Prioritization":
"QoS policies are essential for ensuring that latency-sensitive traffic, such as VoIP, is prioritized over other types of data, particularly in bandwidth-limited scenarios." Other options:
* A. Adding a second internet link is effective but not cost-efficient.
* C. VLANs provide segmentation but don't guarantee bandwidth prioritization.
* D. Changing the codec may reduce bandwidth usage, but doesn't address prioritization directly.


NEW QUESTION # 26
A network administrator receives a ticket from one of the company's offices about video calls that work normally for one minute and then get very choppy. The network administrator pings the video server from that site to ensure that it is reachable:
(Ping output shows responses with varying latency times, including spikes: 11ms, 672ms, 849ms, 92ms, etc.)

Which of the following is most likely the cause of the video call issue?

  • A. Throughput
  • B. Jitter
  • C. Loss
  • D. Latency

Answer: B

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Jitter refers to the variation in packet delay during transmission. In the ping output shown, the response times fluctuate significantly (11ms, 672ms, 849ms, 34ms), indicating inconsistent network performance. Such variation leads to a poor experience in real-time applications likevideo calls. High jitter causes packets to arrive out of order, resulting in stuttering or choppy audio/video.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Troubleshooting Real-Time Network Services":
"Jitter is the deviation in packet arrival times and directly affects real-time communications such as VoIP and video conferencing. Consistent latency is tolerable; inconsistent latency (jitter) is disruptive." Other options:
* A. Throughput refers to bandwidth and would cause consistent slowness.
* C. Latency alone, if stable, is acceptable; it's the inconsistency here that causes issues.
* D. Loss would be indicated by missing packets; the ping results show replies to all packets.


NEW QUESTION # 27
A company is expanding its network and needs to ensure improved stability and reliability. The proposed solution must fulfill the following requirements:
* Detection and prevention of network loops
* Automatic configuration of ports
* Standard protocol (not proprietary)
Which of the following protocols is the most appropriate?

  • A. SIP
  • B. STP
  • C. BGP
  • D. RTSP

Answer: B

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
STP (Spanning Tree Protocol) is a Layer 2 standard protocol that prevents switching loops in Ethernet networks by creating a loop-free logical topology. It can automatically block and unblock redundant paths based on network changes, ensuring reliability and avoiding broadcast storms.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Ethernet Loop Prevention and Switching Protocols":
"STP is a standard Layer 2 protocol used to detect and prevent network loops, enhancing network stability in switched topologies." Other options:
* B. SIP is a signaling protocol used in VoIP.
* C. RTSP is for media streaming control.
* D. BGP is a routing protocol, not for Layer 2 loop prevention.


NEW QUESTION # 28
Security policy states that all inbound traffic to the environment needs to be restricted, but all external outbound traffic is allowed within the hybrid cloud environment. A new application server was recently set up in the cloud. Which of the following would most likely need to be configured so that the server has the appropriate access set up? (Choose two.)

  • A. Screened subnet
  • B. Application gateway
  • C. Network security group
  • D. IPS
  • E. Port security
  • F. Firewall

Answer: C,F

Explanation:
A perimeter firewall enforces the organization's "deny inbound by default, allow all outbound" policy at the edge of the cloud environment, while an Azure-style NSG applies the same rule set at the VM/subnet level.
Together they ensure no inbound connections slip through and that outbound traffic remains unrestricted.


NEW QUESTION # 29
An organization's Chief Technical Officer is concerned that changes to the network using IaC are causing unscheduled outages. Which of the following best mitigates this risk?

  • A. Making code changes to the master branch
  • B. Forking the code repository before making changes
  • C. Enforcing code review of the change by the author
  • D. Adding review/approval steps to the CI/CD pipelines

Answer: D

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
The best way to prevent unscheduled outages caused by Infrastructure as Code (IaC) changes is to implement automated review and approval gates in the CI/CD pipeline. This ensures that all changes undergo validation, peer review, testing, and possibly approval from stakeholders before being deployed, thus reducing the likelihood of production-impacting issues.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "CI/CD Security and IaC Controls":
"Incorporating approval gates and automated validation into CI/CD pipelines helps detect misconfigurations and unauthorized changes before deployment, reducing the risk of outages." Other options:
* A. Making changes directly to the master branch violates best practices.
* B. Self-review (by the author) lacks objectivity and fails peer validation.
* C. Forking creates a copy but does not introduce formal validation processes.


NEW QUESTION # 30
A company is migrating an application to the cloud for modernization. The engineer needs to provide dependencies between application and database tiers in the environment. Which of the following should the engineer reference in order to best meet this requirement?

  • A. SOW
  • B. Internal knowledge base article
  • C. CMDB
  • D. Diagram of physical server locations
  • E. WBS

Answer: C

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
A CMDB (Configuration Management Database) is a centralized repository used to store information about IT assets and their relationships, including configuration items such as servers, applications, and databases. It provides visibility into dependencies between infrastructure components, including application and database tiers. This is essential for cloud migration and modernization projects where understanding interdependencies ensures accurate planning and reduces risks.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under the "Infrastructure Documentation and Planning" domain:
"CMDBs are used to track asset relationships, allowing network and systems engineers to visualize and manage dependencies between services, applications, and infrastructure components critical for change management and cloud migration." Other options:
* A. Internal knowledge base articles may offer general guidance but not structured dependency mapping.
* C. WBS (Work Breakdown Structure) outlines tasks and deliverables, not technical dependencies.
* D. Physical server diagrams are not relevant in virtualized/cloud environments.
* E. SOW (Statement of Work) defines project scope but lacks infrastructure-level detail.


NEW QUESTION # 31
An outage occurred after a software upgrade on core switching. A network administrator thinks that the firmware installed had a bug. Which of the following should the network administrator do next?

  • A. Test the theory to determine cause.
  • B. Establish a plan of action to resolve the issue.
  • C. Implement the solution.
  • D. Document lessons learned.

Answer: A

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
According to the structured troubleshooting methodology outlined in the CNX-001 objectives, once a potential root cause is identified (in this case, a suspected firmware bug), the next step is to test the theory to confirm the cause before taking action. This helps prevent misdiagnosis and unnecessary configuration changes.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Structured Troubleshooting Methodology":
"After identifying symptoms and forming a theory of probable cause, the next step is to test the theory to verify it is the actual cause of the problem." Other options:
* A. Establishing a plan of action comes after confirming the cause.
* C. Documenting lessons learned is the final step.
* D. Implementing the solution should only occur after the issue is confirmed.


NEW QUESTION # 32
A SaaS company's new service currently is being provided through four servers. The company's end users are having connection issues, which is affecting about 25% of the connections. Which of the following ismostlikely the root cause of this issue?

  • A. The service is using a least-connection load-balancing method with one server down.
  • B. The service is using round-robin load balancing through a DNS server with one server down.
  • C. Load balancing is configured with a health check in front of these servers, and one of these servers is unavailable.
  • D. The service is using weighted load balancing with 40% of the traffic on server A, 20% on server B,
    20% on server C, and server D is down.

Answer: B

Explanation:
With simple round-robin DNS distributing 25% of requests to each of four servers, a single server outage directly causes exactly 25% of connections to fail, matching the reported impact.


NEW QUESTION # 33
A partner is migrating a client from on premises to a hybrid cloud. Given the following project status information, the initial project timeline estimates need to be revised:

Which of the following documents needs to be revised tobestreflect the current status of the project?

  • A. SOW
  • B. SLA
  • C. WBS
  • D. BIA

Answer: C

Explanation:
The Work Breakdown Structure is where each project phase and its duration are documented in detail. Since the estimated timelines for discovery, design, implementation, and knowledge transfer have all slipped, you update the WBS to reflect the new, actual phase durations.


NEW QUESTION # 34
A large commercial enterprise that runs a global video streaming platform recently acquired a small business that serves customers in a geographic area with limited connectivity to the global telecommunications infrastructure. The executive leadership team issued a mandate to deliver the highest possible video streaming quality to all customers around the world. Which of the following solutions should the enterprise architect suggest to meet the requirements?

  • A. Use a geographically weighted DNS solution to distribute the traffic.
  • B. Serve the customers in the acquired area with a highly compressed version of content.
  • C. Utilize CDN for all customers regardless of geographic location.
  • D. Deploy multiple local load balancers in the newly added geographic area.

Answer: C

Explanation:
A global Content Delivery Network caches and serves video streams from edge nodes close to end users, minimizing latency and packet loss over limited backhaul links and ensuring the highest possible quality everywhere. By offloading traffic to a CDN, even customers in regions with constrained connectivity will receive optimized streams from the nearest POP rather than traversing the congested core network.


NEW QUESTION # 35
A network administrator needs to resolve connectivity issues in a hybrid cloud setup. Workstations and VMs are not able to access Application A. Workstations are able to access Server B.
INSTRUCTIONS
Click on workstations, VMs, firewalls, and NSGs to troubleshoot and gather information. Type help in the terminal to view a list of available commands.
Select the appropriate device(s) requiring remediation and identify the associated issue(s).
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.











Answer:

Explanation:
See explanation below.
Explanation:

Firewalls # VPN tunnel down
The IPsec tunnel between on-prem Firewall 1 and cloud Firewall 2 (ipip0/ipip2) is down, so no traffic can traverse to the cloud.
Application NSG # Misconfigured rule
There's a "block" rule for 10.3.9.0/24 # 192.2.1.0/24, preventing legitimate on-prem clients from reaching Application A.


NEW QUESTION # 36
An architect needs to deploy a new payroll application on a cloud host. End users' access to the application will be based on the end users' role. In addition, the host mustbe deployed on the 192.168.77.32/30 subnet.
Which of the following Zero Trust elements are being implemented in this design? (Choose two.)

  • A. Microsegmentation
  • B. WAF
  • C. Least privilege
  • D. Device trust
  • E. MFA
  • F. CASB

Answer: A,C

Explanation:
Least privilege: Granting users access to the payroll app strictly according to their roles enforces the principle of least privilege.
Microsegmentation: Placing the host in its own 192.168.77.32/30 subnet isolates it from other workloads, achieving microsegmentation.


NEW QUESTION # 37
After a malicious actor used an open port in a company's lobby, a network architect needs to enhance network security. The solution must enable:
Security posture check
Auto remediation capabilities
Network isolation
Device and user authentication
Which of the following technologies best meets these requirements?

  • A. 802.1X
  • B. Microsegmentation
  • C. NAC
  • D. IPS

Answer: C

Explanation:
NAC solutions perform health#and#posture assessments before granting network access, authenticate both devices and users, automatically quarantine or remediate noncompliant machines, and enforce dynamic isolation policies, fully satisfying all four requirements.


NEW QUESTION # 38
A global company has depots in various locations. A proprietary application was deployed locally at each of the depots, but issues with getting the consolidated data instantly occurred. The Chief Information Officer decided to centralize the application and deploy it in the cloud. After the cloud deployment, users report the application is slow. Which of the following is most likely the issue?

  • A. Overutilization
  • B. Latency
  • C. Throttling
  • D. Packet loss

Answer: B

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
When an application is moved from local deployment to a centralized cloud deployment, remote users must connect over the WAN. If the application is sensitive to delays, latency becomes a significant issue, especially across geographically distributed regions. This is a common performance concern for centralized applications serving remote offices.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Cloud Performance and WAN Connectivity":
"Cloud-hosted applications accessed by remote users may suffer from latency-related performance issues.
Optimization strategies may include CDN, caching, or edge deployment."
Other options:
* A. Throttling usually refers to bandwidth or rate-limiting, not general slowness.
* B. Overutilization is possible, but infrastructure was said to be centralized and new.
* C. Packet loss would likely cause disconnects or failures, not just slowness.


NEW QUESTION # 39
A network administrator recently deployed new Wi-Fi 6E access points in an office and enabled 6GHz coverage. Users report that when they are connected to the new 6GHz SSID, the performance is worse than the 5GHz SSID. The network administrator suspects that there is a source of 6GHz interference in the office.
Using the troubleshooting methodology, which of the following actions should the network administrator do next?

  • A. Document the list of channels that are experiencing interference.
  • B. Change the channels being used bythe 6GHz radios in the APs.
  • C. Use a spectrum analyzer and check the 6GHz spectrum.
  • D. Test to see if the changes have improved network performance.

Answer: C

Explanation:
Before making configuration changes, you should verify and pinpoint the suspected interference source by analyzing the 6 GHz band. A spectrum analyzer will reveal any non-Wi-Fi transmissions or overlapping noise that's degrading performance, allowing you to target your remediation effectively.


NEW QUESTION # 40
A customer asks a MSP to propose a ZTA design for its globally distributed remote workforce. Given the following requirements:
Authentication should be provided through the customer's SAML identity provider.
Access should not be allowed from countries where the business does not operate.
Secondary authentication should be added to the workflow to allow for passkeys.
Changes to the user's device posture and hygiene should require reauthentication into the network.
Access to the network should only be allowed to originate from corporate-owned devices.
Which of the following solutions should the MSP recommend to meet the requirements?

  • A. Configure geolocation settings to block certain IP addresses.
    Enforce MFA.
    Federate the solution via SSO.
    Enable continuous access policies on the WireGuard tunnel.
    Create a trusted endpoints policy.
  • B. Enforce certificate-based authentication.
    Permit unauthenticated remote connectivity only from corporate IP addresses.
    Enable geofencing.
    Use cookie-based session tokens that do not expire for remembering user log-ins.
    Increase RADIUS server timeouts.
  • C. Chain the existing identity provider to a new SAML.
    Require the use of time-based one-time passcode hardware tokens.
    Enable debug logging on the VPN clients by default.
    Disconnect users from the network only if their IP address changes.
  • D. Enforce posture assessment only during the initial network log-on.
    Implement RADIUS for SSO.
    Restrict access from all non-U.S. IP addresses.
    Configure a BYOD access policy.
    Disable auditing for remote access.

Answer: A

Explanation:
Federate the solution via SSO ensures authentication is handled by the customer's SAML identity provider.
Enforce MFA supports secondary authentication with passkeys.
Configure geolocation settings to block certain IP addresses prevents access from unauthorized countries.
Enable continuous access policies on the WireGuard tunnel forces re-authentication whenever device posture or hygiene changes.
Create a trusted endpoints policy restricts access to corporate-owned devices only.


NEW QUESTION # 41
A network engineer needs to implement a cloud native solution. The solution must allow the recording of network conversation metadata of the host and appliances attached to a VPC. Which of the following will accomplish these goals with the least effort?

  • A. Installing a cloud monitoring agent
  • B. Enabling network flow
  • C. Implementing QoS network tagging
  • D. Configuring SNMP traps

Answer: B

Explanation:
Enabling VPC (or equivalent) flow logs is the native, zero-agent way to capture metadata about every network conversation, source/destination IPs, ports, protocols, bytes transferred, across both hosts and managed appliances in your virtual network. It requires minimal setup (just a checkbox or API call) and scales automatically with your VPC.


NEW QUESTION # 42
A company is transitioning from on-premises to a hybrid environment. Due to regulatory standards, the company needs to achieve a high level of reliability and high availability for the connection between its data center and the cloud provider. Which of the following solutions best meets the requirements?

  • A. Establish a Direct Connect with the cloud provider and peer to two different VPCs in the cloud network.
  • B. Establish a Direct Connect with the cloud provider and a redundant connection with a VPN over the internet.
  • C. Establish a VPN with two tunnels to a transit gateway at the cloud provider.
  • D. Establish two Direct Connect connections to the cloud provider using two different suppliers.

Answer: D

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Establishing two Direct Connect (or equivalent private connectivity services such as Azure ExpressRoute) connections with two different providers ensures maximum redundancy and reliability. This setup complies with high availability (HA) and fault-tolerance design best practices for regulated industries, where minimal downtime and service continuity are critical.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Hybrid Connectivity and High Availability":
"Redundant connections to cloud providers should use physically separate paths and providers to ensure fault tolerance and meet reliability requirements in hybrid cloud environments."
"Direct connections provide higher availability and consistent performance than VPNs." Other options:
* A. Peering to two VPCs does not ensure link redundancy.
* B. Combining Direct Connect with VPN offers backup but less reliability than dual Direct Connects.
* D. VPNs over the internet are lower in reliability and do not meet high availability standards required for regulated industries.


NEW QUESTION # 43
A network architect is designing a new network for a rural hospital system. Given the following requirements:
*Highly available
*Consistent data transmission
*Resilient to simultaneous failures
Which of the following topologies should the architect use?

  • A. Collapsed core
  • B. Star
  • C. Mesh
  • D. Hub-and-spoke

Answer: B

Explanation:
A full-mesh topology provides multiple redundant, direct paths between every site, eliminating single points of failure, ensuring consistent transmission even if one or more links fail, and maximizing overall availability.


NEW QUESTION # 44
A network administrator must connect a remote building at a manufacturing plant to the main building via a wireless connection. Which of the following should the administrator choose to get the greatest possible range from the wireless connection? (Choose two.)

  • A. Omnidirectional antenna
  • B. Built-in antenna
  • C. Patch antenna
  • D. 5GHz
  • E. 6GHz
  • F. 2.4GHz

Answer: C,F

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
2.4GHz has longer range and better wall penetration than higher frequencies like 5GHz or 6GHz.A patch antenna (a type of directional antenna) focuses the signal in one direction, greatly improving range and reliability over long distances between buildings.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Wireless Deployment and Antenna Selection":
"2.4GHz offers extended range over 5GHz. Directional antennas such as patch antennas concentrate signals toward a target, improving distance communication." Other options:
* B & C. Higher frequencies provide faster speeds but shorter range.
* D. Omnidirectional antennas spread signal in all directions, not ideal for point-to-point.
* F. Built-in antennas are generally low gain and insufficient for building-to-building links.


NEW QUESTION # 45
A company hosts a cloud-based e-commerce application and only wants the application accessed from certain locations. The network team configures a cloud firewall with WAF enabled, but users can access the application globally. Which of the following should the network team do?

  • A. Reconfigure WAF rules
  • B. Configure a NAT gateway
  • C. Implement a CDN
  • D. Configure geo-restriction

Answer: D

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
A Web Application Firewall (WAF) is primarily used for inspecting HTTP/HTTPS requests and filtering out malicious traffic, such as SQL injection or cross-site scripting (XSS) attacks. However, WAFs do not restrict access based on geographical location by default.
To control access to the cloud-hosted application based on geographical location, the correct measure is to implement geo-restriction (geo-blocking). This technique limits access to cloud-based resources by using the source IP's geographical origin. Geo-restriction is typically enforced at the cloud firewall or load balancer level.
Relevant Extract from CompTIA CloudNetX CNX-001 Official Objectives:
"Cloud access control policies can enforce geo-restriction settings, ensuring applications and services are only accessible from authorized geographic regions." Also found under "Security Controls in Cloud Deployments" section:
"Geo-restriction uses IP geolocation data to restrict access to services based on geographic criteria, supporting compliance and security requirements."


NEW QUESTION # 46
A cloud architect needs to change the network configuration at a company that uses GitOps to document and implement network changes. The Git repository uses main as the default branch, and the main branch is protected. Which of the following should the architect do after cloning the repository?

  • A. Create a new branch for the change, then create a pull request including the changes.
  • B. Use the main branch to make and commit the changes back to the remote repository.
  • C. Check out the development branch, then perform and commit the changes back to the remote repository.
  • D. Rebase the remote main branch after making the changes to implement.

Answer: A

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
With GitOps, all infrastructure changes are tracked as code and committed to version-controlled repositories.
When the main branch is protected, changes should not be committed directly. Instead, best practices require that a new feature or change branch be created, followed by a pull request (PR) for peer review and approval before merging into the protected branch.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Infrastructure as Code and GitOps":
"In GitOps workflows, changes are made in feature branches, reviewed via pull requests, and merged into protected branches only after validation, ensuring auditability and control over infrastructure deployments." Other options:
* A. Direct commits to protected branches are restricted and violate GitOps practices.
* C. The development branch may exist, but the question specifies main is the default, and the correct process requires a PR.
* D. Rebase is for integrating histories, not submitting approved changes.


NEW QUESTION # 47
A network engineer identified several failed log-in attempts to the VPN from a user's account. When the engineer inquired, the user mentioned the IT help desk called and asked them to change their password.
Which of the following types of attacks occurred?

  • A. Evil twin
  • B. On-path
  • C. Social engineering
  • D. Initialization vector

Answer: C

Explanation:
The attacker tricked the user into revealing credentials by impersonating the help desk over the phone-an archetypal social engineering tactic.


NEW QUESTION # 48
......

Reliable Study Materials for CNX-001 Exam Success For Sure: https://www.updatedumps.com/CompTIA/CNX-001-updated-exam-dumps.html

100% Latest Most updated CNX-001 Questions and Answers: https://drive.google.com/open?id=1mX0x_e_6KtsBnW481A3ZotXbVz_GOwmF