Question 1

A company has decided to replicate cloud resources in several different geographic locations. Which of the following terms BEST describes this approach?

Accepted Answer

C

Explanation: Redundancy is a term that describes the approach of replicating cloud resources in several different geographic locations. Redundancy can increase the availability, reliability, and performance of cloud services by providing backup or alternative resources in case of failures, disasters, or high demand. Redundancy can also reduce latency by serving users from the nearest location. Redundancy can be implemented at different levels, such as data, network, server, or application. For example, a geo- distributed database is a type of redundancy that offers asynchronous replication across two data centers or cloud regions1. Redundancy is different from disaster recovery, deduplication, and data sovereignty, which are other terms related to cloud computing. Disaster recovery is a term that describes the process of restoring normal operations after a disaster or disruption. Disaster recovery can involve using redundant resources, but it is not the same as redundancy. Deduplication is a term that describes the technique of eliminating redundant copies of data from a storage device, which can reduce the storage space required and improve the efficiency of the storage system. Deduplication does not involve replicating cloud resources in different locations, but rather consolidating and removing duplicates. Data sovereignty is a term that describes the legal and regulatory aspects of data storage and processing in different geographic locations. Data sovereignty can affect the choice of cloud regions and providers, as some countries or regions may have specific laws or regulations that govern the access, transfer, and protection of data. Data sovereignty does not imply redundancy, but rather compliance. Therefore, the correct term for replicating cloud resources in several different geographic locations is redundancy. Reference: Geography and regions | Documentation | Google Cloud, What is Database Geo-Distribution? - Yugabyte, Georedundancy: geographical redundancy | Stackscale.

Question 2

A cloud systems administrator needs to log in to a remote Linux server that is hosted in a public cloud. Which of the following protocols will the administrator MOST likely use?

Accepted Answer

C

Explanation: Secure Shell (SSH) is a protocol that allows secure and encrypted communication between a client and a server over a network. SSH can be used to log in to a remote Linux server that is hosted in a public cloud, as well as to execute commands, transfer files, or tunnel other protocols. SSH uses public-key cryptography to authenticate the client and the server, and to encrypt the data exchanged between them. SSH is widely supported by most Linux distributions and cloud providers, and it can be accessed by various tools, such as PuTTY, OpenSSH, or WinSCP. SSH is more secure and reliable than other protocols, such as RDP, VNC, or Telnet, which may not support encryption, authentication, or compression. Reference: CompTIA Cloud Essentials+ Certification Exam Objectives1, CompTIA Cloud Essentials+ Study Guide, Chapter 6: Cloud Connectivity and Load Balancing2, How To Use The Remote Desktop Protocol To Connect To A Linux Server2

Question 3

After performing an initial assessment of a cloud-hosted architecture, a department wants to gain the support of upper management. Which of the following should be presented to management?

Accepted Answer

A

Explanation: A project charter is a document that defines the scope, objectives, and stakeholders of a project. It also provides a high-level overview of the project’s benefits, risks, assumptions, constraints, and deliverables. A project charter is used to gain the support and approval of upper management and other key stakeholders before initiating a project. A project charter is one of the outputs of the cloud assessment process, which involves evaluating the feasibility, suitability, and readiness of an organization to adopt cloud services. Reference: CompTIA Cloud Essentials+ (CLO-002) Study Guide, Chapter 4: Cloud Assessment, Section 4.1: Cloud Assessment Process, page 9712; CompTIA Cloud Essentials+ Certification Exam Objectives, Objective 4.1: Given a scenario, analyze and report the outputs of a cloud assessment, page 143

Question 4

Which of the following types of risk is MOST likely to be associated with moving all data to one cloud provider?

Accepted Answer

A

Explanation: Vendor lock-in is the type of risk that is most likely to be associated with moving all data to one cloud provider. Vendor lock-in refers to the situation where a customer is dependent on a particular vendor’s products and services to such an extent that switching to another vendor becomes difficult, time-consuming, or expensive. Vendor lock-in can limit the customer’s flexibility, choice, and control over their cloud environment, and expose them to potential issues such as price increases, service degradation, security breaches, or compliance violations. Vendor lock-in can also prevent the customer from taking advantage of new technologies, innovations, or opportunities offered by other vendors. Vendor lock-in can be caused by various factors, such as proprietary formats, standards, or protocols, lack of interoperability or compatibility, contractual obligations or penalties, or high switching costs12 Reference: CompTIA Cloud Essentials+ Certification Exam Objectives3, CompTIA Cloud Essentials+ Study Guide, Chapter 2: Business Principles of Cloud Environments2, Moving All Data to One Cloud Provider: Understanding Risks1

Question 5

Which of the following metrics defines how much data loss a company can tolerate?

Accepted Answer

E

Explanation: RPO stands for recovery point objective, which is the maximum amount of data loss that a company can tolerate in the event of a disaster, failure, or disruption. RPO is measured in time, from the point of the incident to the last valid backup of the data. RPO helps determine how frequently the company needs to back up its data and how much data it can afford to lose. For example, if a company has an RPO of one hour, it means that it can lose up to one hour’s worth of data without causing significant harm to the business. Therefore, it needs to back up its data at least every hour to meet its RPO. RPO is different from other metrics such as RTO, TCO, MTTR, and ROI. RTO stands for recovery time objective, which is the maximum amount of time that a company can tolerate for restoring its data and resuming its normal operations after a disaster. TCO stands for total cost of ownership, which is the sum of all the costs associated with acquiring, maintaining, and operating a system or service over its lifetime. MTTR stands for mean time to repair, which is the average time that it takes to fix a faulty component or system. ROI stands for return on investment, which is the ratio of the net profit to the initial cost of a project or investment. Reference: Recovery Point Objective: A Critical Element of Data Recovery - G2, What is a Recovery Point Objective? RPO Definition + Examples, Cloud Computing Pricing Models - CompTIA Cloud Essentials+ (CLO-002) Cert Guide

Question 6

Which of the following storage types will BEST allow data to be backed up and retained for long periods of time?

Accepted Answer

C

Explanation: Object storage is a type of cloud storage that stores data as objects, which consist of data, metadata, and a unique identifier. Object storage is ideal for backing up and retaining data for long periods of time, as it offers the following benefits: Scalability: Object storage can store virtually unlimited amounts of data, as objects are stored in a flat namespace that can span multiple servers, clusters, or regions. Object storage does not have the limitations of hierarchical file systems or block storage volumes, which can become fragmented or inefficient as they grow. Durability: Object storage can ensure high levels of data durability, as objects are replicated across multiple locations or zones. Object storage also supports versioning, which allows users to keep multiple versions of the same object and restore them if needed. Object storage can also use erasure coding, which splits objects into data and parity fragments and distributes them across different nodes, enabling data recovery in case of failures. Cost-effectiveness: Object storage can reduce the cost of storing data for long periods of time, as it typically uses commodity hardware and low-cost disks. Object storage also offers tiered storage options, which allow users to move data between different performance and price levels based on their access frequency and retention requirements. For example, users can store data in cold or archive tiers, which offer lower storage costs but higher retrieval latency and fees. Solid state storage is a type of storage that uses flash memory chips to store data. Solid state storage offers high performance, low latency, and low power consumption, but it is also more expensive and less durable than other types of storage. Solid state storage is more suitable for storing data that requires frequent and fast access, such as databases, applications, or operating systems, rather than backing up and retaining data for long periods of time. Block storage is a type of storage that divides data into fixed-sized blocks and assigns them unique identifiers. Block storage is commonly used to create storage volumes that can be attached to virtual machines or servers and act as local disks. Block storage offers high performance, low latency, and flexibility, but it also has some drawbacks for backing up and retaining data for long periods of time, such as: Scalability: Block storage has limited scalability, as storage volumes have a fixed size and capacity that cannot be easily changed. Block storage also requires more management and maintenance, as users have to provision, format, mount, and backup storage volumes manually or using scripts. Durability: Block storage has lower durability, as storage volumes are vulnerable to corruption, deletion, or failure. Block storage does not support versioning, which means users cannot restore previous versions of their data. Block storage also does not use erasure coding, which means users have to rely on RAID or other backup methods to ensure data redundancy and availability. Cost-effectiveness: Block storage has higher cost, as it typically uses more expensive and power- hungry disks. Block storage also charges users based on the provisioned size of the storage volumes, regardless of how much data they actually store. Block storage also incurs additional costs for data transfer, snapshot, and backup services. File storage is a type of storage that organizes data into files and folders within a hierarchical file system. File storage is commonly used to store and share data that can be accessed by multiple users or applications using standard protocols, such as NFS or SMB. File storage offers simplicity, compatibility, and convenience, but it also has some limitations for backing up and retaining data for long periods of time, such as: Scalability: File storage has limited scalability, as file systems have a maximum number of files and folders that they can support. File storage also suffers from performance degradation and inefficiency as file systems grow larger and more complex. File storage also requires more management and maintenance, as users have to create, delete, move, and backup files and folders manually or using scripts. Durability: File storage has lower durability, as files and folders are susceptible to corruption, deletion, or failure. File storage does not support versioning, which means users cannot restore previous versions of their data. File storage also does not use erasure coding, which means users have to rely on RAID or other backup methods to ensure data redundancy and availability. Cost-effectiveness: File storage has higher cost, as it typically uses more expensive and power-hungry disks. File storage also charges users based on the provisioned size of the file systems, regardless of how much data they actually store. File storage also incurs additional costs for data transfer, snapshot, and backup services. Reference: CompTIA Cloud Essentials+ CLO-002 Study Guide, Chapter 2: Cloud Concepts, Section 2.5: Cloud Storage, pages 66-69 6 Types of Backups for Cloud Storage 4 Types of Cloud Backup Services and How to Choose Cloud or tape for long-term data retention? How to Set Up Backup Retention to Purge Older Backups

Question 7

Which of the following results from implementing a proprietary SaaS solution when an organization does not ensure the solution adopts open standards? (Choose two.)

Accepted Answer

A, E

Explanation: A proprietary SaaS solution is one that uses a specific vendor’s software and platform, which may not be compatible with other vendors’ solutions or industry standards. This can result in vendor lock- in, which means that the organization becomes dependent on the vendor and cannot easily switch to another provider or solution without significant costs or risks. Vendor lock-in can also limit the organization’s ability to negotiate better terms or prices with the vendor. Integration issues can arise when the proprietary SaaS solution does not support open standards, which are widely accepted and interoperable protocols or formats that enable different systems or applications to communicate and exchange data. Open standards can facilitate integration with other cloud or on-premise solutions, as well as enhance portability and scalability of the cloud services. If the SaaS solution does not adopt open standards, the organization may face challenges or limitations in integrating the solution with its existing or future IT environment, which can affect the functionality, performance, and security of the cloud services. Reference: CompTIA Cloud Essentials+ Certification Study Guide, Second Edition (Exam CLO-002), Chapter 2: Cloud Concepts, Section 2.3: Cloud Service Models, p. 62-63.

Question 8

A company’s new systems administrator has been asked to create a new user for the human
resources department. Which of the following will help the systems administrator understand the
user privileges for each role in the company?

Accepted Answer

A

Explanation: An identity and access control management policy is a document that defines the roles, responsibilities, and rules for managing the identities and access rights of users in an organization1. It specifies how users are authenticated, authorized, and audited when they access the organization’s resources, such as systems, applications, data, and networks1. An identity and access control management policy also describes the processes and procedures for creating, modifying, suspending, and deleting user accounts and privileges, as well as the standards and guidelines for selecting and managing passwords, tokens, certificates, and other authentication factors1. An identity and access control management policy can help the systems administrator understand the user privileges for each role in the company, as it defines the access levels and permissions that are granted to different types of users, such as employees, contractors, vendors, partners, and customers1. The policy also outlines the criteria and conditions for granting, changing, or revoking access rights, based on the principle of least privilege and the need-to-know basis1. By following the identity and access control management policy, the systems administrator can ensure that the new user for the human resources department has the appropriate and secure access to the resources that are relevant to their job function and responsibilities1. Reference: 1: CompTIA Cloud Essentials+ Certification Study Guide, Second Edition (Exam CLO-002), Chapter 3: Cloud Planning, Section 3.2: Cloud Adoption, Subsection 3.2.1: Identity and Access Management

Question 9

A company wants to ensure its existing functionalities are not compromised by the addition of a new functionality. Which of the following is the BEST testing technique?

Accepted Answer

A

Explanation: Regression testing is the best testing technique to ensure that the existing functionalities are not compromised by the addition of a new functionality. Regression testing is the type of testing performed to ensure that a code change in software does not affect the product’s existing functionality. This ensures that the product functions correctly with new functionality, bug fixes, or changes to existing features. To validate the impact of the shift, previously executed test cases are re- executed1. Regression testing can be done manually or by using automated tools. Some of the most commonly used tools for regression testing are Selenium, WATIR, QTP, RFT, Winrunner, and Silktest2. Reference: CompTIA Cloud Essentials+ CLO-002 Study Guide, Chapter 5: Cloud Service Operations, Section 5.3: Cloud Service Testing, p. 217-2181

Question 10

Which of the following are aspects of cloud data availability? (Choose two.)

Accepted Answer

D, E

Explanation: Cloud data availability is the process of ensuring that data is accessible to end users and applications, when and where they need it. It defines the degree or extent to which data is readily usable along with the necessary IT and management procedures, tools and technologies required to enable, manage and continue to make data available1. Cloud data availability is influenced by several aspects, such as: Zones: Zones are logical or physical partitions of a cloud region that have independent power, cooling, and networking infrastructure. They are designed to isolate failures within a region and provide high availability and fault tolerance for cloud services and data. For example, Google Cloud2 and Azure3 offer availability zones that allow users to distribute their resources and data across multiple zones within a region, ensuring that if one zone experiences an outage, the other zones can continue to function and serve the data. Geo-redundancy: Geo-redundancy is the practice of replicating or storing data across multiple geographic locations or regions. It is intended to improve data availability and durability by protecting data from regional disasters, network failures, or malicious attacks. For example, Google Cloud2 and Azure3 offer geo-redundant storage options that allow users to store their data in two or more regions, ensuring that if one region becomes unavailable, the data can be accessed from another region. Resource tagging is the practice of assigning metadata or labels to cloud resources, such as instances, volumes, or buckets. It is used to organize, manage, and monitor cloud resources and data, but it does not directly affect data availability. Data sovereignty is the concept that data is subject to the laws and regulations of the country or region where it is stored or processed. It is a legal and compliance issue that affects data security, privacy, and governance, but it does not directly affect data availability. Locality is the concept that data is stored or processed close to the source or destination of the data. It is used to optimize data performance, latency, and bandwidth, but it does not directly affect data availability. Auto-scaling is the practice of automatically adjusting the amount or type of cloud resources, such as instances, nodes, or pods, based on the demand or load of the data. It is used to optimize data efficiency, scalability, and reliability, but it does not directly affect data availability. Reference: Cloud Storage | Google Cloud Data Availability: Ensuring Continued Functioning of Business Ops What are Azure availability zones? | Microsoft Learn What is Data Availability? - Definition from Techopedia

Question 11

A cloud systems administrator needs to migrate several corporate applications to a public cloud
provider and decommission the internal hosting environment. This migration must be completed by
the end of the month. Because these applications are internally developed to meet specific business
accounting needs, the administrator cannot use an alternative application.
Which of the following BEST describes the approach the administrator should use?

Accepted Answer

C

Explanation: Lift and shift is a cloud migration strategy that involves moving an application or workload from one environment to another without making significant changes to its architecture, configuration, or code. This approach is suitable for applications that are not cloud-native, have complex dependencies, or have tight deadlines for migration. Lift and shift can help reduce the cost and risk of maintaining legacy infrastructure, improve scalability and availability, and leverage cloud services and features12. Hybrid deployment is a cloud deployment model that involves using both public and private cloud resources to deliver services and applications. This approach is suitable for applications that have varying performance, security, or compliance requirements, or that need to integrate with existing on-premises systems. Hybrid deployment can help optimize the use of resources, increase flexibility and agility, and balance trade-offs between cost and control34. Phased migration is a cloud migration strategy that involves moving an application or workload from one environment to another in stages or increments. This approach is suitable for applications that have modular components, low interdependencies, or high complexity. Phased migration can help reduce the impact of migration on business operations, test the functionality and performance of each component, and address any issues or challenges along the way . Rip and replace is a cloud migration strategy that involves discarding an application or workload from one environment and replacing it with a new one in another environment. This approach is suitable for applications that are outdated, incompatible, or inefficient, or that have high maintenance costs. Rip and replace can help modernize the application architecture, design, and code, improve the user experience and functionality, and take advantage of cloud-native features and services . Reference: [CompTIA Cloud Essentials+ CLO-002 Study Guide], Chapter 3: Management and Technical Operations, Section 3.3: Cloud Migration, p. 123-125 [CompTIA Cloud+ CV0-003 Study Guide], Chapter 5: Deploying a Cloud Solution, Section 5.2: Cloud Migration, p. 241-244 [CompTIA Cloud Essentials+ CLO-002 Study Guide], Chapter 1: Cloud Concepts, Section 1.3: Cloud Deployment Models, p. 25-28 [CompTIA Cloud+ CV0-003 Study Guide], Chapter 1: Cloud Architecture and Design, Section 1.2: Cloud Deployment Models, p. 19-22 [CompTIA Cloud Essentials+ CLO-002 Study Guide], Chapter 3: Management and Technical Operations, Section 3.3: Cloud Migration, p. 125-126 [CompTIA Cloud+ CV0-003 Study Guide], Chapter 5: Deploying a Cloud Solution, Section 5.2: Cloud Migration, p. 244-245 [CompTIA Cloud Essentials+ CLO-002 Study Guide], Chapter 3: Management and Technical Operations, Section 3.3: Cloud Migration, p. 126-127 [CompTIA Cloud+ CV0-003 Study Guide], Chapter 5: Deploying a Cloud Solution, Section 5.2: Cloud Migration, p. 245-246 [CompTIA Cloud Essentials+ CLO-002 Study Guide], ISBN: 978-1-119-64768-9, Publisher: Wiley [CompTIA Cloud+ CV0-003 Study Guide], ISBN: 978-1-119-64767-2, Publisher: Wiley

Question 12

Which of the following would BEST provide access to a Windows VDI?

Accepted Answer

A

Explanation: RDP stands for Remote Desktop Protocol, which is a protocol that allows a user to remotely access and control a Windows-based computer or virtual desktop from another device over a network. RDP can be used to provide access to a Windows VDI, which is a virtual desktop infrastructure that delivers Windows desktops and applications as a cloud service. RDP can provide a full graphical user interface, keyboard, mouse, and audio support, as well as features such as clipboard sharing, printer redirection, and file transfer. RDP can be accessed by using the built-in Remote Desktop Connection client in Windows, or by using third-party applications or web browsers. RDP is more suitable for accessing a Windows VDI than other protocols, such as VPN, SSH, or HTTPS, which may not support the same level of functionality, performance, or security. Reference: CompTIA Cloud Essentials+ Certification Exam Objectives1, CompTIA Cloud Essentials+ Study Guide, Chapter 6: Cloud Connectivity and Load Balancing2, How To Use The Remote Desktop Protocol To Connect To A Linux Server1

Question 13

A vendor stipulates it will provide incident response within two hours of a severity level A incident. Which of the following does this describe?

Accepted Answer

D

Explanation: A service level agreement (SLA) is a contract between a service provider and a customer that defines the expected level of service, performance, availability, and quality of the service, as well as the responsibilities, obligations, and penalties of both parties. An SLA typically includes metrics and indicators to measure and monitor the service, such as response time, uptime, throughput, etc. An SLA also specifies the severity levels of incidents and the corresponding resolution times, such as two hours for a severity level A incident, which is the most critical and urgent. An SLA is different from a maintenance agreement, which is a contract that covers the repair and upkeep of equipment or software; a managed service agreement, which is a contract that covers the outsourcing of certain IT functions or processes to a third-party provider; or an operating level agreement, which is an internal agreement between different departments or units within an organization that support the delivery of a service. Reference: CompTIA Cloud Essentials+ Certification Exam Objectives1, CompTIA Cloud Essentials+ Study Guide, Chapter 2: Business Principles of Cloud Environments2, Service Level Agreements for Managed Services3

Question 14

A company's finance team is reporting increased cloud costs against the allocated cloud budget.
Which of the following is the BEST approach to match some of the cloud operating costs with the
appropriate departments?

Accepted Answer

C

Explanation: Chargeback is the best approach to match some of the cloud operating costs with the appropriate departments. Chargeback is a process where the IT department bills each department for the amount of cloud resources they use, such as compute, storage, network, or software. Chargeback can help the company to allocate the cloud costs more accurately and fairly, as well as to encourage the departments to optimize their cloud consumption and reduce waste. Chargeback can also provide the company with more visibility and accountability of the cloud usage and spending across the organization12 Chargeback is different from showback, which is a process where the IT department shows each department the amount of cloud resources they use, but does not charge them for it. Showback can also help the company to increase the awareness and transparency of the cloud costs, but it may not have the same impact on the behavior and efficiency of the departments as chargeback12 Right-sizing and scaling are not approaches to match the cloud costs with the departments, but rather techniques to adjust the cloud resources to the actual demand and performance of the applications or services. Right-sizing and scaling can help the company to save money and improve the cloud utilization, but they do not address the issue of cost allocation or attribution34 Reference: CompTIA Cloud Essentials+ Certification Exam Objectives, CompTIA Cloud Essentials+ Study Guide, Chapter 2: Business Principles of Cloud Environments, IT Chargeback vs Showback: What’s The Difference?2, Cloud Essentials+ Certification Training

Question 15

A systems administrator must select a CSP while considering system uptime and access to critical servers. Which of the following is the MOST important criterion when choosing the CSP?

Accepted Answer

D

Explanation: Encryption in transit is the process of protecting data from unauthorized access or modification while it is being transferred from one location to another, such as from an on-premises data center to a cloud service provider. Encryption in transit uses cryptographic techniques to scramble the data and make it unreadable to anyone who intercepts it, except for the intended recipient who has the key to decrypt it. Encryption in transit is one of the best approaches to optimize data security in an IaaS migration, as it reduces the risk of data breaches, tampering, or leakage during the data transfer. Encryption in transit can be implemented using various methods, such as Transport Layer Security (TLS), Secure Sockets Layer (SSL), Internet Protocol Security (IPsec), or Secure Shell (SSH). Encryption in transit is different from other options, such as reviewing the risk register, performing a vulnerability scan, or performing server hardening. Reviewing the risk register is the process of identifying, analyzing, and prioritizing the potential threats and impacts to the data and the cloud environment. Performing a vulnerability scan is the process of detecting and assessing the weaknesses or flaws in the data and the cloud infrastructure that could be exploited by attackers. Performing server hardening is the process of applying security measures and configurations to the cloud servers to reduce their attack surface and improve their resilience. While these options are also important for data security, they do not directly address the data protection during the migration process, which is the focus of the question. Reference: What is encryption in transit? - Definition from WhatIs.com, Data Encryption in Transit Guidelines - UC Berkeley Security, Cloud Computing Security - CompTIA Cloud Essentials+ (CLO-002) Cert Guide

Free COMPTIA Cloud Essentials+ CLO-002 Actual Exam Questions