CV0-004 Exam Overview
Prepare for the Comptia CV0-004 certification exam
with our comprehensive study guide. This study material contains 123 practice questions
sourced from real exams and expert-verified for accuracy. Each question includes the correct answer
and a detailed explanation to help you understand the material thoroughly.
The CV0-004 exam — Cloud+ — is offered by Comptia.
Passing this exam earns you the CompTIA Cloud+ credential,
an industry-recognized certification that validates your expertise.
Our study materials were last updated on 2026-02-19 to reflect the
most recent exam objectives and content.
About the CompTIA Cloud+
The CompTIA Cloud+ is awarded by Comptia
to professionals who demonstrate competence in the skills measured by the CV0-004 exam.
According to the
official Comptia certification page,
this certification validates your ability to work with the technologies covered in the exam objectives.
According to the
Global Knowledge IT Skills and Salary Report,
certified IT professionals earn 15-25% more than their non-certified peers.
Certifications from Comptia are among the most recognized credentials in the IT industry,
with strong demand across enterprise organizations worldwide.
Free Sample — 15 Practice Questions
Preview 15 of 123 questions from the CV0-004 exam.
Try before you buy — purchase the full study guide for all 123 questions with answers and explanations.
Question 104
A cloud engineer needs to integrate a new payment processor with an existing e-commerce website. Which of the following technologies is the best fit for this integration?
A. RPC over SSL
B. Transactional SQL
C. REST API over HTTPS
D. Secure web socket
Show Answer
Correct Answer: C
Explanation:
Integrating a third‑party payment processor with an e‑commerce website typically requires a standardized, secure, and interoperable way to exchange requests and responses over the internet. REST APIs over HTTPS are the industry standard for such integrations because they are platform‑agnostic, widely supported, stateless, and secured via TLS encryption. The other options are either outdated, not designed for web-based service integration, or unsuitable for transactional payment workflows.
Question 25
Which of the following is the correct order of the steps to take when a system is suspected of being vulnerable?
A. Scanning scope, identification, assessment, and remediation
B. Assessment, identification, scanning scope, and remediation
C. Identification, scanning scope, assessment, and remediation
D. Assessment, scanning scope, identification, and remediation
Show Answer
Correct Answer: A
Explanation:
The correct sequence follows standard vulnerability management practice. First, the scanning scope must be defined to establish clear boundaries (systems, networks, environments) and avoid unauthorized or incomplete scanning. Next comes identification, where assets and potential vulnerabilities are discovered within that scope. Then assessment evaluates the severity and risk of the identified vulnerabilities. Finally, remediation addresses and fixes the validated issues. This aligns with disciplined security workflows and avoids scanning or assessing without a defined scope.
Question 91
Which of the following describes the main difference between public and private container repositories?
A. Private container repository access requires authorization, while public repository access does not require authorization.
B. Private container repositories are hidden by default and containers must be directly referenced, while public container repositories allow browsing of container images.
C. Private container repositories must use proprietary licenses, while public container repositories must have open-source licenses.
D. Private container repositories are used to obfuscate the content of the Dockerfile, while public container repositories allow for Dockerfile inspection.
Show Answer
Correct Answer: A
Explanation:
The primary distinction is access control. Public container repositories allow anyone to pull images without authentication, while private repositories restrict access and require authorization to protect proprietary or sensitive images. The other options describe characteristics that are not defining or universally true.
Question 39
Which of the following container commands implements network port mapping?
A. $docker run –it myimage –e /bin/port 8080
B. $docker run myimage:port
C. $docker run –it –p 1-65535 myimage –e netstat 8080
D. $docker run –it –p 80:8080 myimage
Show Answer
Correct Answer: D
Explanation:
Docker implements network port mapping using the `-p` (or `--publish`) flag, which maps a host port to a container port in the form `host_port:container_port`. Option D correctly uses `-p 80:8080` to expose container port 8080 on host port 80. The other options misuse flags or contain invalid Docker syntax and do not perform port mapping.
Question 45
A cloud administrator recently created three servers in the cloud. The goal was to create ACLs so the servers could not communicate with each other. The servers were configured with the following IP addresses:
After implementing the ACLs, the administrator confirmed that some servers are still able to reach the other servers. Which of the following should the administrator change to prevent the servers from being on the same network?
A. The IP address of Server 1 to 172.16.12.36
B. The IP address of Server 1 to 172.16.12.2
C. The IP address of Server 2 to 172.16.12.18
D. The IP address of Server 2 to 172.16.14.14
Show Answer
Correct Answer: C
Explanation:
With a /28 subnet (255.255.255.240), each subnet spans 16 addresses. The issue is that two servers still fall within the same /28 network. Changing Server 2 to 172.16.12.18 moves it into a different /28 subnet than the others, preventing them from being on the same network. The other options either keep the server in the same subnet or would require additional changes such as modifying the default gateway.
Question 75
A cloud consultant needs to modernize a legacy application that can no longer address user demand and is expensive to maintain. Which of the following is the best migration strategy?
A. Retain
B. Rehost
C. Refactor
D. Replatform
Show Answer
Correct Answer: C
Explanation:
The application cannot meet current demand and is costly to maintain, indicating architectural and scalability limitations. Refactoring redesigns the application to use cloud-native services, improving scalability, performance, and cost efficiency. Retain does nothing, rehost mainly lifts-and-shifts existing problems, and replatform offers only limited optimizations without fully addressing fundamental issues.
Question 12
For compliance purposes, a cloud developer at an insurance company needs to save all customer policies for more than ten years. Which of the following options is the most cost-efficient tier to save the data in the cloud?
A. Archive
B. Hot
C. Cold
D. Warm
Show Answer
Correct Answer: A
Explanation:
For long-term compliance retention (10+ years) where data is rarely accessed, the Archive storage tier is the most cost-efficient option. Archive tiers are designed for infrequent access with the lowest storage costs, which suits regulatory retention of insurance policies. Hot, Warm, and Cold tiers have higher storage costs and are intended for more frequent access patterns.
Question 121
Which of the following vulnerability management concepts is best defined as the process of discovering vulnerabilities?
A. Scanning
B. Assessment
C. Remediation
D. Identification
Show Answer
Correct Answer: A
Explanation:
In vulnerability management, scanning is the activity specifically focused on discovering vulnerabilities, typically through automated tools that inspect systems, networks, and applications. Assessment evaluates risk and impact after discovery, remediation fixes issues, and identification is often a validation or classification step following scanning.
Question 110
A company needs to deploy its own code directly in the cloud without provisioning additional infrastructure. Which of the following is the best cloud service model for the company to use?
A. PaaS
B. SaaS
C. IaaS
D. XaaS
Show Answer
Correct Answer: A
Explanation:
Platform as a Service (PaaS) allows a company to deploy and run its own application code directly in the cloud while the provider manages the underlying infrastructure (servers, OS, networking). This matches the requirement of deploying code without provisioning additional infrastructure. SaaS does not allow custom code deployment, IaaS requires managing infrastructure, and XaaS is too broad to be a specific model.
Question 93
Which of the following is the most cost-effective and efficient strategy when migrating containers to the cloud?
A. Retire
B. Replatform
C. Retain
D. Refactor
Show Answer
Correct Answer: B
Explanation:
Replatforming moves existing containerized applications to the cloud with minimal code changes while leveraging managed cloud container services. This balances speed, cost, and efficiency better than refactoring (costly), retaining (limited cloud benefits), or retiring (not a migration strategy).
Question 13
A cloud engineer is implementing a deployment strategy with the following requirements:
• At least two environments for production and development must be supported.
• Changes in one environment must not impact the other environment.
• The highest possible availability must be achieved.
Which of the following deployment strategies should the engineer implement?
A. Rolling
B. Blue-green
C. In-place
D. Canary
Show Answer
Correct Answer: B
Explanation:
Blue-green deployments use two isolated, parallel environments (e.g., blue and green), allowing production and development separation with no cross-impact. Traffic can be switched instantly between environments, enabling zero-downtime releases, fast rollback, and the highest availability compared to rolling, in-place, or canary strategies.
Question 116
Which of the following is a field of computer science that enables computers to identify and understand objects and people in images and videos?
A. Image reconstruction
B. Facial recognition
C. Natural language processing
D. Computer vision
Show Answer
Correct Answer: D
Explanation:
The field that enables computers to identify and understand objects and people in images and videos is computer vision. It focuses on interpreting visual data, including tasks like object detection, image classification, and facial recognition. The other options are either narrower applications (facial recognition), unrelated domains (natural language processing), or focus on image restoration rather than understanding (image reconstruction).
Question 35
A company experienced a data leak through its website. A security engineer, who is investigating the issue, runs a vulnerability scan against the website and receives the following output:
Which of the following is the most likely cause of this leak?
A. RTMP port open
B. SQL injection
C. Privilege escalation
D. Insecure protocol
Show Answer
Correct Answer: D
Explanation:
The most likely cause is use of an insecure protocol (e.g., FTP). FTP transmits credentials and data in cleartext, which can be captured by an attacker via network sniffing or MITM, leading directly to a data leak from the website. The other options do not inherently explain passive leakage of data without additional exploitation details.
Question 98
A video surveillance system records road incidents and stores the videos locally before uploading them to the cloud and deleting them from local storage. Which of the following best describes the nature of the local storage?
A. Persistent
B. Ephemeral
C. Differential
D. Incremental
Show Answer
Correct Answer: B
Explanation:
The local storage is used only temporarily: videos are recorded, held briefly, uploaded to the cloud, and then deleted. This matches the definition of ephemeral storage, which is short-lived and not intended for long-term retention. Persistent storage is designed for long-term retention, while differential and incremental describe backup strategies, not storage nature.
Question 36
Which of the following models will best reduce the cost of running short-term, non-critical workloads?
A. Reserved
B. Spot instance
C. Pay-as-you-go
D. Dedicated host
Show Answer
Correct Answer: B
Explanation:
Spot instances use spare cloud capacity and are offered at steep discounts, making them the most cost-effective option for short-term, non-critical, and fault-tolerant workloads. The trade-off is possible interruption, which is acceptable for these use cases.