Questions for the CLO-002 were updated on : Dec 25 ,2025
An analyst is reviewing a report on a company's cloud resources expenditures. The analyst has noted
that a data warehouse team uses a significant amount of high-speed storage for live databases and
backups. Which of the following should the analyst recommend for improved cost and efficiency?
B
Explanation:
High-speed storage, such as solid-state drives (SSDs), is more expensive and faster than slower
storage, such as hard disk drives (HDDs). High-speed storage is suitable for live databases that
require low latency and high performance, but not for backups that are rarely accessed and do not
need fast retrieval. Therefore, the analyst should recommend moving the backups to slower storage,
which can reduce the cost and improve the efficiency of the cloud resources expenditures. Moving
the backups to slower storage can also free up more space for the live database on the high-speed
storage1.
Configuring the live database for redundant clustering, configuring geo-redundancy for backups, or
moving the backups to another availability zone are not recommended for improved cost and
efficiency, as they would increase the complexity and expense of the cloud resources. Redundant
clustering and geo-redundancy are techniques for enhancing the availability and reliability of the
data, but they also require more storage and network resources2. Moving the backups to another
availability zone may improve the fault tolerance and latency of the backups, but it may also incur
additional fees for data transfer and storage3. Reference: Choose between SSD and HDD storage -
Google Cloud; Cloud Computing vs. Cloud Storage | Pure Storage; Cloud Storage vs. Local Storage |
Enterprise Storage Forum.
A company is considering moving its database application to a public cloud provider. The application
is regulated and requires the data to meet confidentiality standards. Which of the following BEST
addresses this requirement?
C
Explanation:
Encryption is the process of transforming data into an unreadable format using a secret key or
algorithm. Encryption is the best way to address the requirement of data confidentiality, as it ensures
that only authorized parties can access and understand the data, while unauthorized parties
cannot. Encryption can protect data at rest, in transit, and in use, which are the three possible states
of data in cloud computing environments1. Encryption can also help comply with various regulations
and standards that require data protection, such as GDPR, HIPAA, or PCI DSS2.
Authorization, validation, and sanitization are not the best ways to address the requirement of data
confidentiality, as they do not provide the same level of protection as encryption. Authorization is
the process of granting or denying access to data or resources based on the identity or role of the
user or system. Authorization can help control who can access the data, but it does not prevent
unauthorized access or leakage of the data3. Validation is the process of verifying the accuracy,
completeness, and quality of the data. Validation can help ensure the data is correct and consistent,
but it does not prevent the data from being exposed or compromised4. Sanitization is the process of
removing sensitive or confidential data from a storage device or a data set. Sanitization can help
prevent the data from being recovered or reused, but it does not protect the data while it is stored or
processed5. Reference: Data security and encryption best practices; An Overview of Cloud
Cryptography; What is Data Validation? | Talend; Data Sanitization - an overview | ScienceDirect
Topics; What is Encryption? | Cloudflare.
A company is deploying a new application and must decide whether to build an infrastructure to host
the application on premises or in the cloud. Which of the following BEST describes the financial
impact of hosting the application in the cloud?
A
Explanation:
Hosting the application in the cloud means that the company does not need to invest in building and
maintaining an infrastructure to host the application on premises. This reduces the company’s capital
expense, which is the money spent on acquiring or upgrading fixed assets, such as servers, storage,
network, and software1. Instead, the company can pay for the cloud services that they use on a
subscription or consumption basis, which is considered an operating expense, which is the money
spent on the day-to-day running of the business1. Hosting the application in the cloud can also
provide other financial benefits, such as lower energy costs, higher scalability, and faster time to
market2.
The other options are not correct, as they do not describe the financial impact of hosting the
application in the cloud accurately. The company will not be able to defer licensing costs, as they will
still need to pay for the software licenses that they use in the cloud, either as part of the cloud
service fee or separately3. The provider will not share responsibility for the company’s monthly bill,
as the company will be solely responsible for paying for the cloud services that they consume, based
on the provider’s pricing model and terms of service4. Monthly operating costs will not remain
constant despite usage, as the cloud services are typically charged based on the amount of resources
or features that the company uses, such as storage, bandwidth, CPU, memory, or transactions4.
Therefore, the monthly operating costs will vary depending on the usage and demand of the
application. Reference: Capital Expenditure (CapEx) Definition; Cloud Computing Benefits: 7 Key
Advantages for Your Business; Cloud Computing Licensing: What You Need to Know; Cloud
Computing Pricing Models: A Comprehensive Guide.
An analyst is reviewing a report on a company's cloud resource usage. The analyst has noticed many
of the cloud instances operate at a fraction of the full processing capacity. Which of the following
actions should the analyst consider to lower costs and improve efficiency?
C
Explanation:
Right-sizing compute resource instances is the process of matching instance types and sizes to
workload performance and capacity requirements at the lowest possible cost. It’s also the process of
identifying opportunities to eliminate or downsize instances without compromising capacity or other
requirements, which results in lower costs and higher efficiency1. Right-sizing is a key mechanism for
optimizing cloud costs, but it is often ignored or delayed by organizations when they first move to the
cloud. They lift and shift their environments and expect to right-size later. Speed and performance
are often prioritized over cost, which results in oversized instances and a lot of wasted spend on
unused resources2.
Right-sizing compute resource instances is the best action that the analyst should consider to lower
costs and improve efficiency, as it can help reduce the amount of resources and money spent on
instances that operate at a fraction of the full processing capacity. Right-sizing can also improve the
performance and reliability of the instances by ensuring that they have enough resources to meet
the workload demands. Right-sizing is an ongoing process that requires continuous monitoring and
analysis of the instance usage and performance metrics, as well as the use of tools and frameworks
that can simplify and automate the right-sizing decisions1.
Consolidating into fewer instances, using spot instances, or negotiating better prices on the
company’s reserved instances are not the best actions that the analyst should consider to lower costs
and improve efficiency, as they have some limitations and trade-offs compared to right-sizing.
Consolidating into fewer instances can reduce the number of instances, but it does not necessarily
optimize the type and size of the instances. Consolidating can also introduce performance and
availability issues, such as increased latency, reduced redundancy, or single points of failure3. Using
spot instances can reduce the cost of instances, but it also introduces the risk of interruption and
termination, as spot instances are subject to fluctuating prices and availability based on the supply
and demand of the cloud provider4. Negotiating better prices on the company’s reserved instances
can reduce the cost of instances, but it also requires a long-term commitment and upfront payment,
which reduces the flexibility and scalability of the cloud environment5. Reference: Right Sizing -
Cloud Computing Services; The 6-Step Guide To Rightsizing Your Instances - CloudZero; Consolidating
Cloud Services: How to Do It Right | CloudHealth by VMware; Spot Instances - Amazon Elastic
Compute Cloud; Reserved Instances - Amazon Elastic Compute Cloud.
A business analyst at a large multinational organization has been tasked with checking to ensure an
application adheres to GDPR rules. Which of the following topics would be BEST for the analyst to
research?
C
Explanation:
Right-sizing compute resource instances is the process of matching instance types and sizes to
workload performance and capacity requirements at the lowest possible cost. It’s also the process of
identifying opportunities to eliminate or downsize instances without compromising capacity or other
requirements, which results in lower costs and higher efficiency1. Right-sizing is a key mechanism for
optimizing cloud costs, but it is often ignored or delayed by organizations when they first move to the
cloud. They lift and shift their environments and expect to right-size later. Speed and performance
are often prioritized over cost, which results in oversized instances and a lot of wasted spend on
unused resources2.
Right-sizing compute resource instances is the best action that the analyst should consider to lower
costs and improve efficiency, as it can help reduce the amount of resources and money spent on
instances that operate at a fraction of the full processing capacity. Right-sizing can also improve the
performance and reliability of the instances by ensuring that they have enough resources to meet
the workload demands. Right-sizing is an ongoing process that requires continuous monitoring and
analysis of the instance usage and performance metrics, as well as the use of tools and frameworks
that can simplify and automate the right-sizing decisions1.
Consolidating into fewer instances, using spot instances, or negotiating better prices on the
company’s reserved instances are not the best actions that the analyst should consider to lower costs
and improve efficiency, as they have some limitations and trade-offs compared to right-sizing.
Consolidating into fewer instances can reduce the number of instances, but it does not necessarily
optimize the type and size of the instances. Consolidating can also introduce performance and
availability issues, such as increased latency, reduced redundancy, or single points of failure3. Using
spot instances can reduce the cost of instances, but it also introduces the risk of interruption and
termination, as spot instances are subject to fluctuating prices and availability based on the supply
and demand of the cloud provider4. Negotiating better prices on the company’s reserved instances
can reduce the cost of instances, but it also requires a long-term commitment and upfront payment,
which reduces the flexibility and scalability of the cloud environment5. Reference: Right Sizing -
Cloud Computing Services; The 6-Step Guide To Rightsizing Your Instances - CloudZero; Consolidating
Cloud Services: How to Do It Right | CloudHealth by VMware; Spot Instances - Amazon Elastic
Compute Cloud; Reserved Instances - Amazon Elastic Compute Cloud.
Which of the following is the result of performing a physical-to-virtual migration of desktop
workstations?
C
Explanation:
VDI, or Virtual Desktop Infrastructure, is the result of performing a physical-to-virtual migration of
desktop workstations. VDI is a technology that allows users to access and run desktop operating
systems and applications from a centralized server in a data center or a cloud, instead of from a
physical machine on their premises. VDI provides users with virtual desktops that are delivered over
a network to various devices, such as laptops, tablets, or thin clients1. VDI offers several benefits,
such as improved security, reduced costs, increased flexibility, and enhanced performance2.
SaaS, or Software as a Service, is not the result of performing a physical-to-virtual migration of
desktop workstations, but a cloud service model that provides ready-to-use software applications
that run on the cloud provider’s infrastructure and are accessed via a web browser or an API3. SaaS
does not involve migrating desktop workstations, but using software applications that are hosted and
managed by the cloud provider.
IaaS, or Infrastructure as a Service, is not the result of performing a physical-to-virtual migration of
desktop workstations, but a cloud service model that provides access to basic computing resources,
such as servers, storage, network, and virtualization, that are hosted on the cloud provider’s data
centers and are rented on-demand. IaaS does not involve migrating desktop workstations, but
renting infrastructure resources that can be used to host various workloads.
VPN, or Virtual Private Network, is not the result of performing a physical-to-virtual migration of
desktop workstations, but a technology that creates a secure and encrypted connection between a
device and a network over the internet. VPN does not involve migrating desktop workstations, but
connecting to a network that can provide access to remote resources or services. Reference: What is
VDI? Virtual Desktop Infrastructure Definition - VMware; VDI Benefits: 7 Advantages of Virtual
Desktop Infrastructure; What is SaaS? Software as a service | Microsoft Azure; [What is IaaS?
Infrastructure as a service | Microsoft Azure]; [What is a VPN? | HowStuffWorks].
Resource consumption in a company's laaS environment has been stable; however, a few servers
have recently experienced spikes in CPU usage for days at a time. Costs are rising steadily, and it is
unclear who owns the servers. Which of the following would work BEST to allow the company to
charge the appropriate department? (Select TWO).
E,F
Explanation:
Resource tagging is the process of applying metadata tags to cloud resources, such as servers,
storage, or network, that contain information about the resource’s associated workload,
environment, ownership, or other attributes. Resource tagging can help with identifying, organizing,
and managing cloud resources, as well as tracking their cost and usage1. By employing resource
tagging, the company can assign tags to the servers that indicate which department owns them, and
use those tags to filter and report on the resource consumption and billing.
Compute usage reports are reports that provide detailed information about the usage of compute
resources, such as servers, in a cloud environment. Compute usage reports can show metrics such as
CPU, memory, disk, or network utilization, as well as the duration and frequency of usage2. By
reviewing the compute usage reports, the company can monitor the performance and demand of
the servers, and identify the causes and patterns of the spikes in CPU usage. Compute usage reports
can also help with optimizing the compute resources, such as scaling, right-sizing, or consolidating
the
A cloud administrator patched a known vulnerability in an operating system. This is an example of
risk:
C
Explanation:
Patching a known vulnerability in an operating system is an example of risk mitigation. Risk
mitigation is the process of reducing the impact or likelihood of a risk by implementing controls or
countermeasures. By patching the vulnerability, the cloud administrator is preventing or minimizing
the potential damage that could be caused by an exploit. Risk mitigation is one of the four main risk
response strategies, along with risk avoidance, risk transference, and risk acceptance. Reference:
CompTIA Cloud Essentials+ CLO-002 Study Guide, Chapter 5: Risk Management, page 1631 and page
1662.
Which of the following risks can an organization transfer by adopting the cloud?
A
Explanation:
One of the risks that an organization can transfer by adopting the cloud is data breach due to a break-
in at the facility. This is because the cloud service provider (CSP) is responsible for the physical
security of the data center where the data is stored and processed. The CSP should have adequate
measures to prevent unauthorized access, theft, or damage to the hardware and infrastructure. By
outsourcing the data storage and processing to the CSP, the organization transfers the risk of physical
breach to the CSP. However, the organization still retains the risk of data breach due to other factors,
such as network attacks, misconfiguration, or human error. Therefore, the organization should also
implement appropriate controls to protect the data in transit and at rest, such as encryption,
authentication, and monitoring. Reference: CompTIA Cloud Essentials+ CLO-002 Study Guide,
Chapter 5: Risk Management, page 1661 and page 1692. The Top Cloud Computing Risk Treatment
Options | CSA3.
Which of the following cloud deployment models has on-premises and off-site data?
D
Explanation:
A hybrid cloud is a cloud deployment model that has on-premises and off-site data. A hybrid cloud is
a combination of public and private clouds that are connected by a common network and share data
and applications. A hybrid cloud allows an organization to leverage the benefits of both public and
private clouds, such as scalability, cost-efficiency, security, and control. A hybrid cloud also enables
an organization to move workloads and data between the clouds based on performance, availability,
compliance, and cost requirements. For example, an organization can use a private cloud for
sensitive data and applications, and a public cloud for less critical data and applications, or for
temporary or seasonal workloads. A hybrid cloud can also provide backup and disaster recovery
solutions by replicating data and applications between the clouds. Reference: CompTIA Cloud
Essentials+ CLO-002 Study Guide, Chapter 2: Cloud Computing Concepts, page 511. Cloud
Deployment Models: What’s the Difference? | VMware News & Stories2. What are the different
types of cloud computing? | Google Cloud3. 5 Types of Cloud Deployment Models and How to Use
Them - MUO4.
The optimal, sequential order in which cloud resources should be recovered in the event of a major
failure would be defined in the:
B
Explanation:
A disaster recovery plan (DRP) is a document that defines the procedures and resources needed to
restore normal operations after a major disruption. A DRP typically includes the following elements:
The scope and objectives of the plan
The roles and responsibilities of the DR team
The inventory and location of critical assets and resources
The recovery strategies and procedures for different scenarios
The testing and maintenance schedule for the plan
The communication plan for internal and external stakeholders
One of the key components of a DRP is the recovery sequence, which is the optimal, sequential order
in which cloud resources should be recovered in the event of a major failure. The recovery sequence
is based on the priority and dependency of the resources, as well as the recovery time objective
(RTO) and recovery point objective (RPO) of the business. The recovery sequence helps to minimize
the downtime and data loss, and ensure the continuity of the business operations.
A recovery point objective (RPO) is the maximum acceptable amount of data loss measured in time.
It indicates how often the data should be backed up and how much data can be restored after a
disaster. A recovery time objective (RTO) is the maximum acceptable amount of time that a system
or application can be offline after a disaster. It indicates how quickly the system or application should
be restored and how much downtime can be tolerated by the business.
An incident response plan (IRP) is a document that defines the procedures and actions to be taken in
response to a security breach or cyberattack. An IRP typically includes the following elements:
The scope and objectives of the plan
The roles and responsibilities of the incident response team
The incident identification and classification criteria
The incident containment, eradication, and recovery steps
The incident analysis and reporting methods
The incident prevention and improvement measures
A network topology diagram is a visual representation of the physical and logical layout of a network.
It shows the devices, connections, and configurations of the network. A network topology diagram
can help to identify the potential points of failure, the impact of a failure, and the recovery options
for a network. However, it does not define the optimal, sequential order in which cloud resources
should be recovered in the event of a major failure.
Reference: The following sources were used to create this answer:
Disaster recovery planning guide | Cloud Architecture Center - Google Cloud
What is Disaster Recovery and Why Is It Important? - Google Cloud
Key considerations when building a disaster recovery plan for private cloud - Continuity Central
12 Essential Points Of the Disaster Recovery Plan Checklist - NAKIVO
Building a Cloud Disaster Recovery Plan: Tips and Approaches - MSP360
Which of the following BEST specifies how software components interoperate in a cloud
environment?
B
Explanation:
A disaster recovery plan (DRP) is a document that defines the procedures and resources needed to
restore normal operations after a major disruption. A DRP typically includes the following elements:
The scope and objectives of the plan
The roles and responsibilities of the DR team
The inventory and location of critical assets and resources
The recovery strategies and procedures for different scenarios
The testing and maintenance schedule for the plan
The communication plan for internal and external stakeholders
One of the key components of a DRP is the recovery sequence, which is the optimal, sequential order
in which cloud resources should be recovered in the event of a major failure. The recovery sequence
is based on the priority and dependency of the resources, as well as the recovery time objective
(RTO) and recovery point objective (RPO) of the business. The recovery sequence helps to minimize
the downtime and data loss, and ensure the continuity of the business operations.
A recovery point objective (RPO) is the maximum acceptable amount of data loss measured in time.
It indicates how often the data should be backed up and how much data can be restored after a
disaster. A recovery time objective (RTO) is the maximum acceptable amount of time that a system
or application can be offline after a disaster. It indicates how quickly the system or application should
be restored and how much downtime can be tolerated by the business.
An incident response plan (IRP) is a document that defines the procedures and actions to be taken in
response to a security breach or cyberattack. An IRP typically includes the following elements:
The scope and objectives of the plan
The roles and responsibilities of the incident response team
The incident identification and classification criteria
The incident containment, eradication, and recovery steps
The incident analysis and reporting methods
The incident prevention and improvement measures
A network topology diagram is a visual representation of the physical and logical layout of a network.
It shows the devices, connections, and configurations of the network. A network topology diagram
can help to identify the potential points of failure, the impact of a failure, and the recovery options
for a network. However, it does not define the optimal, sequential order in which cloud resources
should be recovered in the event of a major failure.
Reference: The following sources were used to create this answer:
Disaster recovery planning guide | Cloud Architecture Center - Google Cloud
What is Disaster Recovery and Why Is It Important? - Google Cloud
Key considerations when building a disaster recovery plan for private cloud - Continuity Central
12 Essential Points Of the Disaster Recovery Plan Checklist - NAKIVO
Building a Cloud Disaster Recovery Plan: Tips and Approaches - MSP360
Which of the following technologies allows a social media application to authenticate access to
resources that are available in the cloud?
C
Explanation:
Federation is a technology that allows a social media application to authenticate access to resources
that are available in the cloud. Federation enables users to sign in to a cloud service using their
existing credentials from another identity provider, such as Facebook, Google, or Microsoft. This way,
users do not need to create a separate account or password for the cloud service, and the cloud
service does not need to store or manage user identities. Federation also simplifies access
management, as the identity provider can control which users and groups are allowed to access the
cloud service. Federation is based on standards such as OAuth, OpenID Connect, and SAML, which
define how identity providers and cloud services can exchange authentication and authorization
information. Reference: CompTIA Cloud Essentials+ CLO-002 Study Guide, Chapter 3: Cloud Service
Operations, Section 3.4: Identity and Access Management, Page 113.
A startup company wants to develop a new voice assistant that leverages technology that can
improve its product based on end user input. Which of the following would MOST likely accomplish
this goal?
D
Explanation:
Machine learning is a technology that enables a voice assistant to improve its product based on end
user input. Machine learning is a branch of artificial intelligence that allows systems to learn from
data and experience, without being explicitly programmed. Machine learning can help a voice
assistant to understand natural language, recognize speech, generate responses, and adapt to user
feedback. Machine learning can also help a voice assistant to personalize its service, by learning the
preferences, habits, and needs of each user. Machine learning can make a voice assistant more
intelligent, accurate, and user-friendly over time. Reference: CompTIA Cloud Essentials+ CLO-002
Study Guide, Chapter 2: Cloud Concepts, Section 2.2: Cloud Technologies, Page 55.
Which of the following concepts will help lower the attack surface after unauthorized user-level
access?
A
Explanation:
Hardening is the concept that will help lower the attack surface after unauthorized user-level access.
Hardening is the process of securing a system by reducing its vulnerability to attacks. Hardening
involves applying patches, updates, and configuration changes to eliminate or mitigate known
weaknesses. Hardening also involves disabling or removing unnecessary services, features, and
accounts that could be exploited by attackers. Hardening can help lower the attack surface by
reducing the amount of code running, the number of entry points available, and the potential
damage that can be caused by unauthorized access. Reference: CompTIA Cloud Essentials+ CLO-002
Study Guide, Chapter 4: Cloud Security, Section 4.2: Cloud Security Concepts, Page 153.