This free CompTIA Cloud+ study guide walks through every content domain the Cloud+ (CV0-004) exam tests, organized to the current CompTIA exam objectives.[1]
It’s interactive, not a wall of text: every module has built-in checkpoint quizzes, flashcards, and practice questions, so you learn by doing — not just reading.
The Cloud+ tests six official domains, and we teach them as six study modules in CompTIA’s order, leading with the heaviest-weighted content (Cloud Architecture is 23% of the exam, and Deployment and Security tie at 19% each). Read a module, test yourself at each checkpoint, then drill gaps with our free practice test and flashcards. This guide is a high-yield overview that maps the official content — a vendor-neutral foundation, not a single-provider manual.
CompTIA Cloud+ is one of the 14 CompTIA certifications — explore our CompTIA study guides to compare and prep across the whole family.
Cloud+ Exam Snapshot
| Detail | Cloud+ Exam |
|---|---|
| Exam code | CV0-004 (current; replaced CV0-003 in Sept 2024) |
| Questions | Maximum of 90 (multiple choice + performance-based) |
| Time | 90 minutes |
| Passing score | 750 on a 100–900 scale (scaled score, not a percentage) |
| Certifying body | CompTIA |
| Cost | About $392 (single voucher; varies by region/promo) |
| Prerequisites | None required (2–3 yrs experience + Network+ and Server+ recommended) |
| Validity | 3 years |
| Renewal | CEUs over 3 years, or pass a higher CompTIA cert |
The Cloud+ covers six domains. Cloud Architecture is the single heaviest at 23%, and Security and Deployment are tied at 19% each — together those three are over 60% of the exam, so that is where to invest first.[1] Study by weight:
Module 1 · Cloud Architecture
One official domain, 23% of the exam — the single heaviest. This is the foundation: how cloud services are modeled, made available, networked, stored, and virtualized. Get the service models and the shared responsibility model right and the rest of the exam gets dramatically easier.
1.1 Service Models & Shared Responsibility
The four cloud service models describe how much the provider manages for you. gives you raw infrastructure — you still manage the operating system and apps. adds a managed platform, so you deploy only your application and data. is a finished application you simply use. runs individual functions on demand (serverless), billed per execution.[4]
On-premises
You manage everything, from the building to the application.
IaaS — Infrastructure as a Service
Provider gives compute, storage, network. You manage OS, runtime, and apps. (VMs)
PaaS — Platform as a Service
Provider manages OS + runtime. You deploy only your app and data.
FaaS — Function as a Service
Run individual functions on demand (serverless). Billed per execution.
SaaS — Software as a Service
Provider manages all of it. You just use the application. (Webmail, CRM)
Every model is governed by the : the provider secures the cloud (physical hosts, hypervisor, network) and you secure what is in the cloud (data, configuration, identities, and access). The exact line shifts by model — in IaaS you secure the OS upward; in SaaS the provider handles almost everything except your data and access. Misreading this line is a leading cause of cloud breaches, such as publicly exposed storage buckets.[1]
1.2 Availability & Disaster Recovery
High availability is built on geography. A is a separate geographic area, and within it an is one or more isolated data centers with independent power and networking. Spreading workloads across zones (and regions) survives a single-zone failure.
pushes processing close to users to cut latency, and lets a private cloud overflow into a public one during spikes.
Disaster recovery is measured by two objectives you must know cold: (how fast you must recover) and (how much data loss is acceptable). The recovery site you choose trades cost against speed — a hot site is always running and recovers almost instantly (most expensive), a warm site is partially ready, and a cold site is just space and power (cheapest, slowest).[1]
| Site | Readiness | Recovery speed | Cost |
|---|---|---|---|
| Hot site | Fully running duplicate | Almost immediate | Highest |
| Warm site | Partially configured | Hours | Moderate |
| Cold site | Space + power only | Days | Lowest |
1.3 Cloud Networking & Storage
Cloud networking starts with the — your isolated, private slice of a public cloud — divided into public and private subnets and connected by route tables. You reach it privately over a VPN or a dedicated connection, and connect VPCs with peering or a transit gateway. In front of applications sit network functions: a (an application load balancer at Layer 7 or a network load balancer at Layer 4), a to cache content near users, an application gateway, and firewalls.[1]
Storage comes in three types you must distinguish. keeps data as objects with metadata in a flat namespace, ideal for unstructured data at huge scale. presents raw volumes attached to a VM like a disk, with low latency for databases.
presents a shared file system for many clients. (hot, warm, cold, archive) then trades retrieval speed for cost based on how often data is accessed.
| Type / tier | What it is | Best for |
|---|---|---|
| Object storage | Objects + metadata, flat namespace | Unstructured data, backups, media, big scale |
| Block storage | Raw volumes attached to a VM | Databases, low-latency boot/OS disks |
| File storage | Shared NFS/SMB file system | Shared application files, lift-and-shift |
| Hot tier | Fast, higher cost | Frequently accessed data |
| Cold tier | Slower, cheaper | Infrequently accessed data |
| Archive tier | Slowest, lowest cost | Long-retention, rarely accessed data |
1.4 Virtualization, Containers & Cost
Two ways to package compute dominate the exam. runs full virtual machines on a , each with its own guest OS — strong isolation, but heavy. A shares the host kernel and packages just the app and its dependencies — lightweight, fast to start, and portable. (Kubernetes) manages containers at scale. Cloud-native design favors containers, , and architecture.[1]
Virtual machine
- Includes a full guest operating system
- Isolated by the hypervisor
- Heavier — gigabytes, slower to start
- Strong isolation; runs any OS
Container
- Shares the host OS kernel
- Isolated by namespaces/cgroups
- Lightweight — megabytes, starts in seconds
- Portable and dense; orchestrated by Kubernetes
Cost is its own tested topic. Billing models include pay-as-you-go (on demand), (committed term for a discount), (cheap spare capacity that can be reclaimed), and dedicated hosts. You control spend with (for cost allocation), (matching size to demand), and resource metering.
| Model | How it works | Best for |
|---|---|---|
| Pay-as-you-go | Pay per use, no commitment | Variable or unpredictable workloads |
| Reserved | Commit 1–3 yrs for a discount | Steady, predictable baseline load |
| Spot | Steep discount, can be reclaimed | Fault-tolerant, interruptible batch jobs |
| Dedicated host | A physical server for one tenant | Licensing or compliance requirements |
Checkpoint · Cloud Architecture
Question 1 of 10
What is the primary benefit of implementing a multi-cloud strategy?
Module 2 · Deployment
One official domain, 19% of the exam. This is where designs become running systems — choosing a deployment model and strategy, planning a migration, and using code to provision resources. CV0-004 leans heavily on automation here.
2.1 Deployment Models & Strategies
First choose a deployment model. A is provider-owned and shared by many tenants; a is dedicated to one organization; a connects the two so workloads can move between them; and a community cloud is shared by organizations with common needs.[4]
Then choose a deployment strategy for releasing changes safely. A runs two identical environments and flips all traffic at once, giving instant rollback. A releases to a small subset first and expands gradually. A updates instances in batches so the service stays up. In-place updates the existing servers directly — simplest, but riskiest.
Blue-green
Two identical environments; flip all traffic to the new one at once. Instant rollback.
Canary
Release to a small subset of users first; expand gradually if healthy.
Rolling
Update instances in batches so the service stays available throughout.
In-place
Update the existing servers directly. Simplest, but riskier and harder to roll back.
2.2 Cloud Migration (the 6 R’s)
Moving existing applications to the cloud follows one of the 6 R’s. moves an app with little or no change (fastest, cheapest up front). Replatform makes minor optimizations (e.g., a managed database).
Re-architect and refactor redesign the app to be cloud-native (most effort, most benefit). Retain keeps it where it is, and Retire decommissions what is no longer needed.[1]
Plan migrations around real considerations: cost, networking, management overhead, service availability, , environmental factors (power and cooling), and regulatory or compliance requirements. Migration direction can be on-premises-to-cloud, cloud-to-on-premises (repatriation), or cloud-to-cloud.
| Strategy | What you do | Effort |
|---|---|---|
| Rehost | Lift and shift, no change | Lowest |
| Replatform | Minor optimizations (e.g., managed DB) | Low |
| Re-architect | Redesign as cloud-native | High |
| Refactor | Rewrite code for the cloud | Highest |
| Retain | Keep on-premises for now | None |
| Retire | Decommission — no longer needed | None |
2.3 Infrastructure as Code
(IaC) defines and provisions infrastructure through machine-readable files instead of manual clicking. Because the same code applied repeatedly yields the same result (idempotency), deployments become repeatable, version-controlled, testable, and auditable.
does the same for system and app configuration. Common formats are JSON and YAML; flags when running infrastructure no longer matches its declared state.[2]
Scripting logic — variables, conditionals, operators, data types, and functions — drives this code. A simple example provisions a tagged storage bucket declaratively:
resource "storage_bucket" "logs" {
name = "app-logs-prod"
storage_class = "COLDLINE" # cold tier for cheap retention
versioning = true
tags = {
environment = "prod"
team = "platform"
}
}Checkpoint · Deployment
Question 1 of 10
In cloud deployment, what is the primary function of a cloud gateway?
Module 3 · Operations
One official domain, 17% of the exam. Operations is the day-to-day discipline of keeping cloud workloads observable, appropriately scaled, backed up, and maintained across their lifecycle.
3.1 Observability & Scaling
is understanding a system’s internal state from its outputs — the three pillars are logs (discrete events, collected, aggregated, and retained), metrics (numeric measurements over time), and traces(a single request’s path across services). Pair them with alerting — triage and response when a metric crosses a threshold — so problems are caught early.[1]
Scaling matches capacity to demand. adds or removes instances (scaling out/in) — the cloud-preferred approach, needing a load balancer and stateless design. resizes a single instance (scaling up/down) — simpler but often needs a restart and is capped by the largest instance. does this automatically, triggered by load, trends, or events, or on a schedule.
Horizontal (scale out/in)
- Add or remove instances (scale out / in)
- No downtime; the cloud-preferred approach
- Needs a load balancer and stateless design
- Near-limitless capacity
Vertical (scale up/down)
- Resize an instance — more CPU/RAM (scale up / down)
- Often needs a restart (brief downtime)
- Simple; no app changes required
- Limited by the largest instance size
3.2 Backup, Recovery & Lifecycle
Know the three backup types and their trade-off. A copies everything — slowest to make, fastest to restore. An copies only what changed since the last backup of any type — smallest and fastest, but restore needs the whole chain. A copies everything changed since the last full backup — restore needs only the full plus the latest differential.[1]
Full
A complete copy of all data. Largest and slowest to create; fastest to restore (one set).
Incremental
Only data changed since the last backup of any type. Smallest and fastest; slowest restore (needs the chain).
Differential
All data changed since the last full backup. Mid-size; restore needs only the full + latest differential.
Good practice combines on-site backups (fast restore) with off-site copies and (protection from site-wide disasters), encrypts the backups, and tests them for both recoverability and integrity — an untested backup is a hope, not a plan. Finally, manage the resource lifecycle: patching and updates (major vs minor), and decommissioning at end of life or end of support.
| Type | Backs up | Create speed | Restore |
|---|---|---|---|
| Full | Everything | Slowest | Fastest (one set) |
| Incremental | Changes since last backup (any) | Fastest | Slowest (needs full + all increments) |
| Differential | Changes since last full | Medium | Medium (needs full + latest differential) |
Checkpoint · Operations
Question 1 of 10
What is the purpose of using a cloud service catalog?
Module 4 · Security
One official domain, 19% of the exam — tied for second. Cloud security spans identity, compliance, encryption, controls, and recognizing attacks. It is broad, so map each concept to a concrete control.
4.1 IAM, Compliance & Encryption
controls who or what can access which resources. Keep authentication (proving identity) and authorization (what you may do) straight: authentication uses passwords, tokens, certificates, federation (), OpenID Connect, and ; authorization uses models like , group-based access, , and discretionary access. Always enforce , and keep an audit trail for accountability.[1]
Compliance shapes where and how data lives — data sovereignty, ownership, locality, classification, and retention — against industry standards like SOC 2, PCI DSS, and ISO 27001. Encryption protects data two ways: (TLS, on the wire) and (on disk). Protect the keys themselves with .
| Concept | Question it answers | Examples |
|---|---|---|
| Authentication | Who are you? | Password, MFA, token, SAML, OpenID Connect |
| Authorization | What may you do? | RBAC, group-based, OAuth 2.0, discretionary |
| Accounting | What did you do? | Audit trail / logs |
4.2 Security Controls & Attacks
Layer security controls for defense in depth: endpoint protection, , an (detect vs prevent), DDoS protection, IAM policies, and firewalls — network ACLs, a for web attacks, and network security groups. Apply (verify every request, assume breach), hardening, patching, benchmarks (CIS), and container security (prefer unprivileged containers).[5]
Recognize common attacks and the suspicious activity that signals them — deviation from a baseline, unnecessary open ports, and unusual events. Key types: vulnerability exploitation (human error, outdated software), social engineering (phishing), malware (), , and zombie instances.
| Attack | What it is | Defense |
|---|---|---|
| Phishing | Trick users into revealing credentials | MFA, training, email filtering |
| Ransomware | Encrypts data, demands payment | Tested backups, least privilege, patching |
| DDoS | Flood a service to deny access | DDoS protection, rate limiting, WAF |
| Cryptojacking | Steal compute to mine crypto | Monitor usage/baseline, restrict IAM |
| Privilege escalation | Gain higher permissions than granted | Least privilege, patch, audit IAM |
Checkpoint · Security
Question 1 of 10
Which protocol is primarily used for securely transferring files to and from a cloud storage service?
Module 5 · DevOps Fundamentals
One official domain, 10% of the exam — the smallest, and brand new in CV0-004. It tests source control, CI/CD pipelines, system integration, and the DevOps toolchain. The weight is small, but these are high-yield, easy points if you know the vocabulary.
5.1 Source Control & CI/CD
(Git) tracks every change to source code and enables collaboration through branch management: developers commit and push to a branch, open a for code review, and merge once approved. This discipline is the foundation of .[2]
A automates the path from commit to release. Continuous integration frequently merges, builds, and tests code to catch problems early; continuous delivery/deployment automatically releases the tested artifact (a container or VM image, or a package such as RPM, Debian, ZIP, or tar) to staging or production. Artifacts live in public or private repositories.
- 1
Source / commit
Developer commits code to version control (Git); a pull request triggers the pipeline.
- 2
Build
Compile and package the code into an artifact (e.g., a container image).
- 3
Test
Run automated unit, integration, and security tests to catch issues early.
- 4
Artifact / registry
Store the validated artifact in a repository or image registry.
- 5
Deploy (CD)
Release to staging (continuous delivery) or production (continuous deployment).
- 6
Monitor
Observe metrics, logs, and traces; feed problems back to the next iteration.
5.2 Integration & DevOps Tools
Systems integrate through web services — (lightweight, stateless, JSON over HTTP), SOAP (strict, XML-based), and RPC — plus modern patterns like , WebSockets, and event-driven architectures that let microservices communicate asynchronously and stay loosely coupled.[1]
Finally, memorize the DevOps toolchain by what each tool does — the exam names them explicitly:
| Tool | Category | What it does |
|---|---|---|
| Git | Version control | Tracks code changes, branching, merging |
| Docker | Containers | Builds and runs container images |
| Kubernetes | Orchestration | Deploys, scales, and manages containers |
| Terraform | Infrastructure as Code | Provisions infrastructure declaratively |
| Ansible | Configuration mgmt | Agentless automation and config |
| Jenkins / GitHub Actions | CI/CD | Automates build, test, and deploy pipelines |
| Grafana | Visualization | Dashboards for metrics and monitoring |
| ELK stack | Logging | Collects, stores, and visualizes logs |
Checkpoint · DevOps Fundamentals
Question 1 of 10
In cloud computing, what is the primary purpose of orchestration?
Module 6 · Troubleshooting
One official domain, 12% of the exam. This domain rewards a disciplined method and recognizing the telltale symptoms of deployment, network, and security problems in the cloud. Expect performance-based questions here.
6.1 Deployment & Network Issues
Deployment issues include incompatibility, misconfigurations (resource allocation, permissions, oversubscription, sizing), outdated component definitions, deprecation, outages (full or partial), and resource limits. Two of the most common: (too many calls, rejected until you slow down) and a (a hard cap that blocks new resources). Regional service availability — a feature not offered in your region — is another classic trap.[1]
Network issues often come down to a broken service: DHCP (scope exhaustion), DNS (can reach an IP but not a name), NTP (clock drift breaking auth and certificates), or NAT. Then there is latency, bandwidth/throughput, IP addressing problems like network overlap after peering, missing or misconfigured routes, and VLAN switching issues (misconfigured tags, access vs trunk ports).
| Symptom | Likely cause | Fix / check |
|---|---|---|
| API calls suddenly failing (429s) | API throttling / rate limit | Back off + retry, cache, raise quota |
| Can't launch more instances | Service quota reached | Request a quota increase |
| Reaches IP but not by name | DNS failure | Check DNS server + client DNS settings |
| Clients can't get an IP | DHCP scope exhaustion | Expand the scope; check the DHCP service |
| Conflicts after VPC peering | Network (IP range) overlap | Re-IP one network; check route tables |
| Auth/cert errors network-wide | NTP clock drift | Fix time sync (NTP) |
6.2 Security Issues & Method
Security issues to troubleshoot include cipher suite deprecations (old TLS algorithms disabled, breaking connections), authorization problems (privilege escalation, unauthorized access), authentication problems (leaked credentials), software vulnerabilities, and unauthorized software running in the environment. The fix is usually to patch, rotate credentials, tighten authorization, and remove what should not be there.[1]
Whatever the layer, work a structured method: identify the problem, theorize a cause, test it, plan, implement or escalate, then verify and document. Use observability data (logs, metrics, traces) to isolate the failing layer — deployment, network, or security — before changing anything.
- 1
Identify the problem
Gather information, review logs/metrics, and reproduce the issue. Determine what changed.
- 2
Establish a theory of probable cause
Consider the layers: deployment config, network, security, resource limits, or a regional outage.
- 3
Test the theory
Confirm or rule out the cause (e.g., check quotas, DNS, IAM policy). Re-theorize or escalate if wrong.
- 4
Establish a plan of action
Plan the fix and weigh its effects (downtime, cost, blast radius).
- 5
Implement the solution or escalate
Apply the change (often via IaC for repeatability) or escalate to the provider/team.
- 6
Verify and document
Confirm full functionality, add monitoring/preventive measures, and document the cause and fix.
Checkpoint · Troubleshooting
Question 1 of 10
In cloud computing, what is the most likely cause of increased latency in data transfer between a user and an application hosted in the cloud?
How to Use This Cloud+ Study Guide
This guide is built to be worked, not just read. The most efficient path to a pass:
- Study by weight. Cloud Architecture (23%), then Security and Deployment (19% each) are over 60% of the exam — master service models, the shared responsibility model, deployment strategies, and IAM first.
- Check off as you go. Use the Study Guide Contents to mark each section done; it raises your exam-readiness score.
- Take every checkpoint. The end-of-module quizzes show you exactly which domains need another pass.
- Drill the weak domain. Send your weak area into the flashcards and a practice test until the score climbs.
- Practice the PBQs. Performance-based questions reward hands-on skill — practice provisioning, reading configs, and walking the troubleshooting method until it’s automatic.
Cloud+ Concept Questions
Common Cloud+ concepts candidates search while studying — each answered briefly and backed by an official source. Test yourself, then drill them as flashcards.
Cloud+ Glossary
The high-yield Cloud+ terms in one place — hover any dotted term in the guide, or flip the whole deck here as a self-grading flashcard set.
- API throttling
- A provider limiting the rate of API calls; exceeding it causes errors until requests slow down.
- Auto-scaling
- Automatically adjusting capacity based on triggers such as load, schedule, or events.
- Availability zone
- One or more isolated data centers within a region, with independent power and networking, used to build high availability.
- Block storage
- Raw volumes attached to a VM like a virtual disk; low latency, used for databases.
- Blue-green deployment
- Two identical environments; switch all traffic to the new one at once, with instant rollback.
- Canary deployment
- Release a new version to a small subset of users first, then expand gradually if healthy.
- CDN
- Content Delivery Network — distributed edge servers that cache content close to users to cut latency.
- CI/CD pipeline
- An automated workflow that builds, tests, and deploys code through defined stages.
- Cloud bursting
- A hybrid pattern where a private cloud overflows extra workload into a public cloud during demand spikes.
- Configuration as Code
- Managing system and application configuration as version-controlled code for consistent, repeatable environments.
- Container
- A lightweight, portable unit that packages an app with its dependencies and shares the host OS kernel; smaller and faster than a VM.
- Cryptojacking
- Unauthorized use of cloud resources to mine cryptocurrency.
- CVE
- Common Vulnerabilities and Exposures — a public catalog of known security flaws, each with a unique ID.
- DevOps
- A culture and practice uniting development and operations to deliver software faster and more reliably through automation.
- Differential backup
- Backs up all data changed since the last full backup.
- DLP
- Data Loss Prevention — tools that detect and block sensitive data from leaving the organization.
- Docker
- A platform for building, shipping, and running applications in containers.
- Drift detection
- Identifying when running infrastructure no longer matches its declared (code) state.
- Edge computing
- Processing data near where it is generated to reduce latency and bandwidth use.
- Encryption at rest
- Encrypting stored data so it is unreadable if the media is stolen.
- Encryption in transit
- Protecting data as it crosses networks, typically with TLS.
- FaaS
- Function as a Service — run individual functions on demand (serverless), billed per execution.
- Federation
- Letting users authenticate with one trusted identity provider to access multiple systems (e.g., via SAML).
- File storage
- A shared file system (NFS/SMB) accessible by multiple clients.
- Full backup
- A complete copy of all data — slowest to create, fastest to restore.
- GraphQL
- A query language for APIs that lets clients request exactly the data they need in one call.
- Horizontal scaling
- Adding or removing instances (scaling out/in); the cloud-preferred approach.
- Hybrid cloud
- A mix of public and private (and/or on-prem) cloud connected so workloads can move between them.
- Hypervisor
- Software that creates and runs virtual machines by abstracting and sharing physical hardware.
- IaaS
- Infrastructure as a Service — the provider supplies compute, storage, and networking; you manage the OS, runtime, and applications.
- IAM
- Identity and Access Management — controlling who or what can access which cloud resources and actions.
- IDS / IPS
- Intrusion Detection (alerts) and Intrusion Prevention (alerts and blocks) systems for malicious traffic.
- Incremental backup
- Backs up only data changed since the last backup of any type; small and fast, slower to restore.
- Infrastructure as Code
- Defining and provisioning infrastructure through machine-readable files; repeatable, version-controlled, and testable.
- Kubernetes
- An open-source platform that automates deploying, scaling, and managing containers.
- Least privilege
- Granting only the minimum access needed to do a job.
- Lift and shift
- Rehosting — migrating an application to the cloud with little or no change.
- Load balancer
- A device or service that distributes traffic across multiple resources; ALB works at Layer 7, NLB at Layer 4.
- Loosely coupled
- A design where components depend minimally on each other, so one can change or fail without breaking the others.
- MFA
- Multifactor Authentication — requiring two or more factors to sign in.
- Microservices
- An architecture that splits an application into small, independently deployable services that communicate over APIs.
- OAuth 2.0
- An authorization framework letting an app access resources on a user's behalf without sharing their password.
- Object storage
- Stores data as objects with metadata in a flat namespace; ideal for unstructured data at massive scale.
- Observability
- Understanding a system's internal state from its outputs — logs, metrics, and traces.
- PaaS
- Platform as a Service — the provider manages the OS and runtime; you deploy and manage only your application and data.
- Private cloud
- Cloud infrastructure dedicated to a single organization, on-premises or hosted.
- Public cloud
- Cloud infrastructure owned by a provider and shared by many tenants over the internet.
- Pull request
- A proposal to merge code changes, enabling review and discussion before integration.
- Ransomware
- Malware that encrypts data and demands payment for the decryption key.
- RBAC
- Role-Based Access Control — permissions assigned to roles, and roles assigned to users.
- Region
- A separate geographic area of a cloud provider's infrastructure, composed of multiple availability zones.
- Replication
- Continuously copying data to another location for availability and disaster recovery.
- Reserved instance
- Discounted capacity committed for a fixed term in exchange for lower rates.
- REST
- Representational State Transfer — a stateless web-service style using HTTP verbs and resources.
- Rightsizing
- Matching resource size and type to actual workload demand to cut waste and cost.
- Rolling deployment
- Update instances in batches so the service stays available throughout.
- RPO
- Recovery Point Objective — the maximum acceptable amount of data loss, measured as time since the last good backup.
- RTO
- Recovery Time Objective — the maximum acceptable time to restore a service after an outage.
- SaaS
- Software as a Service — the provider manages everything and you simply use the application over the internet.
- Secrets management
- Securely storing and controlling access to credentials, keys, and tokens.
- Service quota
- A provider-imposed limit on resources that can block new deployments when reached.
- Shared responsibility model
- The split of security duties: the provider secures the cloud (hardware, host, network); the customer secures what is in the cloud (data, configuration, access).
- Spot instance
- Spare cloud capacity offered at a steep discount that the provider can reclaim with little notice.
- Tagging
- Labeling cloud resources with key-value metadata for cost allocation, automation, and organization.
- Terraform
- An Infrastructure-as-Code tool that provisions infrastructure across providers using declarative config.
- Tiered storage
- Placing data on hot, warm, cold, or archive tiers based on access frequency and cost.
- Vendor lock-in
- Dependence on one provider's proprietary services that makes switching costly or difficult.
- Version control
- Tracking and managing changes to source code over time (e.g., with Git).
- Vertical scaling
- Increasing or decreasing the size of a single instance (scaling up/down).
- Virtualization
- Running multiple virtual machines on one physical host via a hypervisor, each with its own guest OS.
- VPC
- Virtual Private Cloud — an isolated, logically private section of a public cloud where you launch resources.
- WAF
- Web Application Firewall — filters HTTP traffic to block web attacks like SQL injection.
- Workload orchestration
- Automating the deployment, scaling, networking, and lifecycle of containers (e.g., Kubernetes).
- Zero day
- A vulnerability exploited before a fix exists.
- Zero Trust
- A model that trusts no user or device by default and verifies every request (NIST SP 800-207).
Cloud+ Study Guide FAQ
The Cloud+ CV0-004 exam has a maximum of 90 questions and you get 90 minutes. Questions are a mix of multiple choice and performance-based questions (PBQs) that require completing tasks in a simulated cloud environment rather than just picking an answer.
You need a scaled score of 750 on a scale of 100 to 900. It is not a simple percentage — CompTIA converts your raw score so every exam form demands the same ability level, so do not try to estimate it as a percent correct.
Cloud Architecture (23%), Deployment (19%), Operations (17%), Security (19%), DevOps Fundamentals (10%), and Troubleshooting (12%). Cloud Architecture is the heaviest single domain, and Security and Deployment are tied for second at 19% each.
CV0-004 is the current version and replaced CV0-003 in September 2024. It added a dedicated DevOps Fundamentals domain (CI/CD, infrastructure as code, source control), expanded automation and security content, and reorganized the objectives around modern multi-cloud practices. Study to CV0-004, not the retired CV0-003.
Study by weight: lead with Cloud Architecture (23%), then Deployment and Security (19% each). Read each module, take the checkpoint quiz, then drill your weak domains with our free practice test and flashcards. Practice the performance-based tasks until cloud workflows feel automatic.
A single exam voucher is about $392 USD (it varies by region and promotion). There are no required prerequisites, though CompTIA recommends 2 to 3 years of experience as a systems administrator or cloud engineer, plus CompTIA Network+ and Server+ or equivalent knowledge.
The certification is valid for three years. You renew through the CompTIA Continuing Education program — earning continuing-education units (CEUs) over the three years, or by passing a higher-level CompTIA certification.
Yes — this study guide, the module checkpoints, the glossary, the concept questions, the practice test, and the flashcards are 100% free, with no account required.
Cloud+ is an intermediate-level exam — its difficulty is breadth (architecture, deployment, operations, security, DevOps, and troubleshooting across multiple cloud providers) plus vendor-neutral, scenario-heavy and performance-based questions. Broad, organized review and plenty of practice questions are the key.
References
- 1.CompTIA. “Cloud+ (CV0-004) Certification Exam Objectives.” comptia.org. ↑
- 2.CompTIA. “The New CompTIA Cloud+ (CV0-004) — what changed.” comptia.org. ↑
- 3.CompTIA. “CompTIA Continuing Education (renewal & CEUs).” comptia.org. ↑
- 4.National Institute of Standards and Technology. “SP 800-145 — The NIST Definition of Cloud Computing.” csrc.nist.gov. ↑
- 5.National Institute of Standards and Technology. “SP 800-207 — Zero Trust Architecture.” csrc.nist.gov. ↑
- 6.National Institute of Standards and Technology. “SP 800-146 — Cloud Computing Synopsis and Recommendations.” csrc.nist.gov. ↑

Career Employer
Career Employer is the ultimate resource to help you get started working the job of your dreams. We cover topics from general career information, career searching, exam preparation with free study materials, career interviewing, and becoming successful in your career of choice.
All PostsCareer Employer’s Editorial Process
Here at Career Employer, we focus a lot on providing factually accurate information that is always up to date. We strive to provide correct information using strict editorial processes, article editing, and fact-checking for all of the information found on our website. We only utilize trustworthy and relevant resources. To find out more, make sure to read our full editorial process page here.
