A company is moving to the cloud and wants to enhance the provisioning of compute, storage,
security, and networking. Which of the following will be leveraged?
A
Explanation:
Infrastructure as code (IaC) is a DevOps practice that uses code to define and deploy infrastructure,
such as networks, virtual machines, load balancers, and connection topologies1. IaC ensures
consistency, repeatability, and scalability of the infrastructure, as well as enables automation and
orchestration of the provisioning process2. IaC is different from infrastructure templates, which are
predefined configurations that can be reused for multiple deployments3. Infrastructure orchestration
is the process of coordinating multiple automation tasks to achieve a desired state of the
infrastructure4. Infrastructure automation is the broader term for any technique that uses
technology to perform infrastructure tasks without human intervention5.
Reference:
CompTIA Cloud Essentials CLO-002 Certification Study Guide, Chapter 4: Operating in the Cloud,
page 137
What is infrastructure as code (IaC)?, Azure DevOps | Microsoft Learn
CompTIA Cloud Essentials+ Certification Study Guide, Second Edition (Exam CLO-002), Chapter 4:
Operating in the Cloud, page 137
Infrastructure Automation: 7 DevOps Tools for Orchestration, Secrets Management, and More,
Apriorit Blog
Infrastructure As Code Vs Configuration Management, DevOpsCube Blog
Which of the following services would restrict connectivity to cloud resources?
B
Explanation:
A firewall is a network security device that monitors and controls incoming and outgoing network
traffic based on predefined security rules1. A firewall can block or allow connection requests to cloud
resources based on the source, destination, port, protocol, or content of the packets2. A firewall can
be deployed as a hardware appliance, a software application, or a cloud service3.
Reference:
Firewalls, Intrusion Prevention and VPNs, Information Security | University of Houston-Clear Lake
Firewalls, IDS, and IPS Explanation and Comparison, Study-CCNA
CompTIA Cloud Essentials+ Certification Study Guide, Second Edition (Exam CLO-002), Chapter 4:
Operating in the Cloud, page 143
Which of the following cloud characteristics helps transform from a typical capital expenditure model
to an operating expenditure model?
A
Explanation:
Pay-as-you-go is a pricing model in which customers pay only for the resources they consume, such
as compute, storage, network, or software services4. Pay-as-you-go helps transform from a typical
capital expenditure model to an operating expenditure model by eliminating the upfront costs of
purchasing and maintaining physical infrastructure and software licenses5. Pay-as-you-go also
provides flexibility and scalability to adjust the resource consumption according to the changing
business needs6.
Reference:
Consumption and fixed cost models, Microsoft Azure Well-Architected Framework
What is Cloud Elasticity in Cloud Computing?, The Iron.io Blog
CompTIA Cloud Essentials CLO-002 Certification Study Guide, Chapter 2: Business Principles of Cloud
Environments, page 51
Which of the following DevOps options is used to integrate with cloud solutions?
B
Explanation:
API stands for Application Programming Interface, which is a set of rules and protocols that allow
different software components or systems to communicate and exchange data. API is used to
integrate with cloud solutions because it enables developers to access the cloud services and
resources programmatically, without having to deal with the underlying infrastructure or platform
details. API also allows for automation, scalability, and interoperability of cloud applications and
services.
Reference: Chapter 3: Cloud Computing Concepts and Models, Section 3.2: Cloud Service Models,
Subsection 3.2.1: Software as a Service (SaaS), Page 87; Chapter 4: Cloud Computing Principles and
Design, Section 4.3: Cloud Characteristics and Risks, Subsection 4.3.2: Cloud Characteristics, Page
121; from https://www.comptia.org/training/books/cloud-essentials-clo-002-study-guide or
CompTIA Cloud Essentials+ sources.
A document that outlines the scope of a project, specific deliverables, scheduling, and additional
specific details from the client/buyer is called a:
A
Explanation:
A statement of work (SOW) is a document that outlines the scope of a project, specific deliverables,
scheduling, and additional specific details from the client/buyer1. A SOW defines what the service
provider will do for the client and how they will do it, as well as the expected outcomes and quality
standards2. A SOW is typically used as a supplement to a master service agreement (MSA) or a
contract that establishes the general terms and conditions of the business relationship3.
Reference:
CompTIA Cloud Essentials CLO-002 Certification Study Guide, Chapter 2: Business Principles of Cloud
Environments, page 65
Statement of Work (SOW): What Is It & How to Write One, The Blueprint
Master Services Agreement vs Statement Of Work, Difference between MSA & SOW, PandaDoc
The cloud consumer compliance team requires the IT department to patch and update cloud
resources properly. Which of the following cloud service delivery models will BEST suit this need?
D
Explanation:
Infrastructure as a service (IaaS) is a cloud service delivery model that provides on-demand
infrastructure resources to organizations via the cloud, such as compute, storage, networking, and
virtualization4. IaaS is the most suitable cloud service delivery model for patching and updating cloud
resources properly, as it gives the cloud consumer compliance team more control and flexibility over
the operating system, middleware, virtual machines, and any apps or data5. IaaS also enables
automation and orchestration of the provisioning process, as well as scalability and reliability of the
infrastructure6.
Reference:
IaaS vs PaaS vs SaaS vs DBaaS: Cloud Service Models Differences, The App Solutions
PaaS vs IaaS vs SaaS: What’s the difference?, Google Cloud
CompTIA Cloud Essentials CLO-002 Certification Study Guide, Chapter 1: Cloud Computing Concepts,
page 23
Which of the following are the main advantages of using ML/AI for data analytics in the cloud as
opposed to on premises? (Choose two.)
B,E
Explanation:
Elasticity and pay-as-you-go are two main advantages of using ML/AI for data analytics in the cloud
as opposed to on premises. Elasticity refers to the ability of cloud computing to dynamically adjust
the amount of resources allocated to a workload according to the changing demand7. This allows
ML/AI applications to access a large pool of compute resources when needed, such as GPUs or TPUs,
without having to purchase or maintain them on premises8. Pay-as-you-go is a pricing model in
which customers pay only for the resources they consume, such as compute, storage, network, or
software services9. This allows ML/AI applications to save money by avoiding upfront costs or
overprovisioning of resources on premises10.
Reference:
What is Cloud Elasticity in Cloud Computing?, The Iron.io Blog
Machine Learning in the Cloud: Complete Guide [2023], Run.AI
Consumption and fixed cost models, Microsoft Azure Well-Architected Framework
CompTIA Cloud Essentials CLO-002 Certification Study Guide, Chapter 2: Business Principles of Cloud
Environments, page 51
A web application was deployed, and files are available globally to improve user experience. Which
of the following technologies is being used?
B
Explanation:
A content delivery network (CDN) is a technology that distributes web content across multiple
servers in different geographic locations to improve user experience11. A CDN can be used to deploy
web applications and files globally, so that users can access them faster and more reliably from their
nearest server12. A CDN also reduces bandwidth consumption and network congestion by caching
static content at the edge servers13.
Reference:
What is a content delivery network (CDN)?, IBM
Where to A/B Test: Front-End vs Back-End vs CDN vs API, Medium
Content Delivery Networks (CDNs), MDN Web Docs
Volume, variety, velocity, and veracity are the four characteristics of:
B
Explanation:
Big Data is a term that refers to data sets that are too large, complex, or diverse to be processed by
traditional methods1. Big Data is characterized by four V’s: volume, variety, velocity, and veracity2.
Volume refers to the amount of data being generated and collected. Variety refers to the different
types of data, such as structured, unstructured, or semi-structured. Velocity refers to the speed at
which the data is created, processed, and analyzed. Veracity refers to the quality and reliability of the
data.
Reference:
Understanding The 4 V’s Of Big Data, Forbes
Volume, velocity, and variety: Understanding the three V’s of big data, DataSource.ai
A SaaS provider specifies in a user agreement that the customer agrees that any misuse of the
service will be the responsibility of the customer. Which of the following risk response methods was
applied?
C
Explanation:
Transference is a risk response method that involves shifting the responsibility or impact of a risk to a
third party3. Transference does not eliminate the risk, but it reduces the exposure or liability of the
original party. A common example of transference is insurance, where the risk is transferred to the
insurer in exchange for a premium4. In this case, the SaaS provider transfers the risk of misuse of the
service to the customer by specifying it in the user agreement.
Reference:
Avoid, Mitigate, Transfer, or Accept? PMP Exam Guide, ProjectPractical
Avoid, Mitigate, Accept or Transfer?, St Andrews Consulting
A cloud administrator for an ISP identified a vulnerability in the software that controls all the firewall
rules for a geographic are
a. To ensure the software upgrade is properly tested, approved, and applied, which of the following
processes should the administrator follow?
D
Explanation:
Change management is an IT practice that aims to minimize disruptions to IT services while making
changes to critical systems and services5. Change management involves planning, testing,
approving, and implementing changes in a controlled and systematic manner6. A change is defined
as adding, modifying, or removing anything that could have a direct or indirect effect on services5. In
this case, the cloud administrator should follow the change management process to ensure that the
software upgrade is properly tested, approved, and applied.
Reference:
Change management types, Atlassian
Change management vs Configuration management, Virima
A small online retailer is looking for a solution to handle the high load on its servers during the
holiday season. The retailer is not currently ready to move its IT operations completely to the cloud.
Which of the following will BEST fit these requirements?
C
Explanation:
Cloud bursting is a configuration method that uses cloud computing resources whenever on-
premises infrastructure reaches peak capacity. When organizations run out of computing resources in
their internal data center, they burst the extra workload to external third-party cloud services. Cloud
bursting is a convenient and cost-effective way to to support workloads with varying demand
patterns and seasonal spikes in demand12. Elasticity and scalability are related concepts, but they
are not specific solutions for the retailer’s problem. Elasticity refers to the ability of a cloud service to
automatically adjust the amount of resources allocated to a workload based on the current
demand3. Scalability refers to the ability of a cloud service to handle increasing or decreasing
workloads by adding or removing resources4. Self-service is a feature of cloud computing that allows
users to provision, manage, and monitor their own cloud resources without the need for human
intervention5. While these features are beneficial for cloud consumers, they do not address the
retailer’s need to handle the high load on its servers during the holiday season without moving its IT
operations completely to the cloud.
https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-cloud-bursting/
https://aws.amazon.com/what-is/cloud-bursting/
https://www.geeksforgeeks.org/cloud-bursting-vs-cloud-scaling/
A business analyst is drafting a risk assessment.
Which of the following components should be included in the draft? (Choose two.)
E,F
Explanation:
A risk assessment is a process of identifying, analyzing, and controlling hazards and risks within a
situation or a place1. According to the CompTIA Cloud Essentials+ Certification Study Guide, Second
Edition (Exam CLO-002), a risk assessment should include the following steps2:
Identify the assets that are relevant to the scope of the assessment. Assets can be physical, such as
hardware and software, or non-physical, such as data and information.
Identify the threats and vulnerabilities that could affect the assets. Threats are sources of potential
harm, such as natural disasters, cyberattacks, or human errors. Vulnerabilities are weaknesses or
gaps in the security or protection of the assets, such as outdated software, misconfigured settings, or
lack of encryption.
Analyze the likelihood and impact of each threat-vulnerability pair. Likelihood is the probability of a
threat exploiting a vulnerability, and impact is the severity of the consequences if that happens. The
combination of likelihood and impact determines the level of risk for each pair.
Evaluate the risks and prioritize them based on their level. Risks can be categorized as low, medium,
high, or critical, depending on the organization’s risk appetite and tolerance. Risk appetite is the
amount of risk that the organization is willing to accept, and risk tolerance is the degree of variation
from the risk appetite that the organization can endure.
Implement appropriate controls to mitigate or reduce the risks. Controls are measures or actions
that can prevent, detect, or correct the occurrence or impact of a risk. Controls can be
administrative, technical, or physical, and they can have different functions, such as preventive,
detective, corrective, deterrent, or compensating.
Based on these steps, two components that should be included in the draft of a risk assessment are
asset inventory and data classification. Asset inventory is the process of identifying and documenting
the assets that are within the scope of the assessment1. Data classification is the process of
categorizing data based on its sensitivity, value, and criticality to the organization3. These
components are essential for determining the potential risks and impacts that could affect the assets
and data, and for applying the appropriate controls and protection levels.
https://www.comptia.org/training/books/cloud-essentials-clo-002-study-guide
https://books.google.com/books/about/CompTIA_Cloud_Essentials+_Certification.html?id=S2TNDw
AAQBAJ
Which of the following is a cloud service model that organizations use when their third-party ERP
tool is provided as a complete service?
B
Explanation:
SaaS, or software as a service, is a cloud service model that provides ready-to-use, cloud-hosted
application software to customers. Customers do not need to install, manage, or maintain the
software; they simply access it via an internet connection, usually through a web browser. SaaS
applications are typically offered on a subscription or pay-per-use basis. Examples of SaaS
applications include email, CRM, ERP, office productivity, and collaboration tools12.
SaaS is different from the other cloud service models in terms of the level of abstraction and control.
In SaaS, the cloud service provider manages everything from the underlying infrastructure to the
application software, while the customer only controls the application settings and data. In contrast,
in IaaS (infrastructure as a service), the customer has more control and responsibility over the
servers, storage, networking, and operating systems, while the cloud service provider only manages
the physical infrastructure. In PaaS (platform as a service), the customer has control and
responsibility over the applications and data, while the cloud service provider manages the
underlying infrastructure and the development tools and platforms12.
Therefore, when an organization uses a third-party ERP tool as a complete service, it is using the SaaS
cloud service model. The organization does not need to worry about the installation, configuration,
or maintenance of the ERP software; it only needs to access it via the internet and pay for the
usage. The cloud service provider takes care of the rest.
https://www.comptia.org/training/books/cloud-essentials-clo-002-study-guide
https://www.amazon.com/CompTIA-Essentials-Certification-Second-CLO-002/dp/1260461785
A cloud systems administrator needs to migrate several corporate applications to a public cloud
provider and decommission the internal hosting environment. This migration must be completed by
the end of the month. Because these applications are internally developed to meet specific business
accounting needs, the administrator cannot use an alternative application.
Which of the following BEST describes the approach the administrator should use?
C
Explanation:
Lift and shift is a cloud migration strategy that involves moving an application or workload from one
environment to another without making significant changes to its architecture, configuration, or
code. This approach is suitable for applications that are not cloud-native, have complex
dependencies, or have tight deadlines for migration. Lift and shift can help reduce the cost and risk of
maintaining legacy infrastructure, improve scalability and availability, and leverage cloud services
and features12.
Hybrid deployment is a cloud deployment model that involves using both public and private cloud
resources to deliver services and applications. This approach is suitable for applications that have
varying performance, security, or compliance requirements, or that need to integrate with existing
on-premises systems. Hybrid deployment can help optimize the use of resources, increase flexibility
and agility, and balance trade-offs between cost and control34.
Phased migration is a cloud migration strategy that involves moving an application or workload from
one environment to another in stages or increments. This approach is suitable for applications that
have modular components, low interdependencies, or high complexity. Phased migration can help
reduce the impact of migration on business operations, test the functionality and performance of
each component, and address any issues or challenges along the way .
Rip and replace is a cloud migration strategy that involves discarding an application or workload from
one environment and replacing it with a new one in another environment. This approach is suitable
for applications that are outdated, incompatible, or inefficient, or that have high maintenance costs.
Rip and replace can help modernize the application architecture, design, and code, improve the user
experience and functionality, and take advantage of cloud-native features and services .
Reference:
[CompTIA Cloud Essentials+ CLO-002 Study Guide], Chapter 3: Management and Technical
Operations, Section 3.3: Cloud Migration, p. 123-125
[CompTIA Cloud+ CV0-003 Study Guide], Chapter 5: Deploying a Cloud Solution, Section 5.2: Cloud
Migration, p. 241-244
[CompTIA Cloud Essentials+ CLO-002 Study Guide], Chapter 1: Cloud Concepts, Section 1.3: Cloud
Deployment Models, p. 25-28
[CompTIA Cloud+ CV0-003 Study Guide], Chapter 1: Cloud Architecture and Design, Section 1.2:
Cloud Deployment Models, p. 19-22
[CompTIA Cloud Essentials+ CLO-002 Study Guide], Chapter 3: Management and Technical
Operations, Section 3.3: Cloud Migration, p. 125-126
[CompTIA Cloud+ CV0-003 Study Guide], Chapter 5: Deploying a Cloud Solution, Section 5.2: Cloud
Migration, p. 244-245
[CompTIA Cloud Essentials+ CLO-002 Study Guide], Chapter 3: Management and Technical
Operations, Section 3.3: Cloud Migration, p. 126-127
[CompTIA Cloud+ CV0-003 Study Guide], Chapter 5: Deploying a Cloud Solution, Section 5.2: Cloud
Migration, p. 245-246
[CompTIA Cloud Essentials+ CLO-002 Study Guide], ISBN: 978-1-119-64768-9, Publisher: Wiley
[CompTIA Cloud+ CV0-003 Study Guide], ISBN: 978-1-119-64767-2, Publisher: Wiley