Cloud Plus Exam Prep Free practice test →

Free Cloud Plus Practice Questions

10 free, exam-style Cloud Plus (Cloud Plus) practice questions with answers and explanations. No signup required. Work through them below, then take the full free Cloud Plus practice test to study every exam domain.

These 10 free Cloud Plus questions are organized by exam domain, so you can see how each part of the Cloud Plus blueprint is tested. Reveal the answer and explanation under each question.

Domain 1: Cloud Architecture 23% of exam

Question 1

A company hosts a web application using IaaS virtual machines in a public cloud. After a security breach, the investigation reveals that the operating system had not been patched in six months. Under the shared responsibility model, who is accountable for this failure?

  1. The cloud provider, because they manage the underlying infrastructure and should push OS patches automatically
  2. Both parties equally, because the shared responsibility model splits OS management between provider and customer
  3. The customer, because OS patching is the customer's responsibility in an IaaS model
  4. The cloud provider, because all security obligations transfer to the provider once workloads are deployed in their environment
Show answer & explanation

Correct answer: C - The customer, because OS patching is the customer's responsibility in an IaaS model

Question 2

A financial services company requires that no more than 15 minutes of transaction data can be lost in the event of a disaster. Which metric defines this requirement?

  1. Recovery Time Objective (RTO)
  2. Recovery Point Objective (RPO)
  3. Mean Time to Repair (MTTR)
  4. Service Level Objective (SLO)
Show answer & explanation

Correct answer: B - Recovery Point Objective (RPO)

Question 3

A media company needs to store 200 TB of video archives that will be accessed approximately once per year for regulatory audits. Retrieval can take up to 12 hours. Which storage solution is MOST cost-effective?

  1. Block storage with provisioned IOPS on SSD volumes
  2. File storage on a network-attached file system with daily snapshots
  3. Object storage in a hot tier with cross-region replication enabled
  4. Object storage in an archive tier with lifecycle policies
Show answer & explanation

Correct answer: D - Object storage in an archive tier with lifecycle policies

Domain 2: Deployment 19% of exam

Question 4

A development team deploys a new application version by directing 5% of production traffic to the updated instances while 95% of traffic continues to the existing version. After monitoring error rates and latency for 30 minutes, they gradually increase traffic to the new version. Which deployment strategy is being used?

  1. Blue-green deployment
  2. Rolling deployment
  3. In-place deployment
  4. Canary deployment
Show answer & explanation

Correct answer: D - Canary deployment

Question 5

A cloud administrator runs a Terraform plan and discovers that the live environment contains three additional security groups that are not defined in any Terraform configuration file. Which IaC concept does this scenario describe?

  1. Configuration drift
  2. State file corruption
  3. Template deprecation
  4. Idempotency failure
Show answer & explanation

Correct answer: A - Configuration drift

Domain 3: Operations 17% of exam

Question 6

An organization performs a full backup every Sunday night. Incremental backups run Monday through Saturday. A server failure occurs on Thursday morning. Which backups are required to perform a complete restore?

  1. Sunday's full backup and Wednesday's incremental backup only, since the latest incremental captures everything since Sunday
  2. Sunday's full backup and the incremental backups from Monday, Tuesday, and Wednesday
  3. Sunday's full backup only, since it contains all data up to the point of failure
  4. The most recent incremental backup from Wednesday only
Show answer & explanation

Correct answer: B - Sunday's full backup and the incremental backups from Monday, Tuesday, and Wednesday

Domain 4: Security 19% of exam

Question 7

A company wants to allow a third-party analytics application to read data from its cloud storage on behalf of users, without requiring users to share their passwords with the third party. Which protocol is designed specifically for this use case?

  1. OAuth 2.0, because it grants delegated authorization via access tokens
  2. SAML 2.0, because it provides federated authentication across domains
  3. LDAP, because it stores and retrieves user credentials from a central directory
  4. OpenID Connect, because it verifies user identity through ID tokens
Show answer & explanation

Correct answer: A - OAuth 2.0, because it grants delegated authorization via access tokens

Question 8

A security team deploys a network device that inspects traffic in real time and automatically drops packets matching known attack signatures. Which security control is this?

  1. Intrusion Detection System (IDS)
  2. Security Information and Event Management (SIEM)
  3. Data Loss Prevention (DLP)
  4. Intrusion Prevention System (IPS)
Show answer & explanation

Correct answer: D - Intrusion Prevention System (IPS)

Domain 5: DevOps Fundamentals 10% of exam

Question 9

A DevOps engineer needs to automate server configuration across 200 Linux instances without installing any agent software on the target machines. The tool must use SSH and YAML-based playbooks. Which tool meets these requirements?

  1. Terraform
  2. Jenkins
  3. Ansible
  4. Kubernetes
Show answer & explanation

Correct answer: C - Ansible

Domain 6: Troubleshooting 12% of exam

Question 10

Users report that they can log in to a cloud-hosted application successfully but receive an error when attempting to access the admin dashboard. The application returns HTTP status code 403. What is the MOST likely cause?

  1. The users' authentication credentials have expired and the identity provider is rejecting their session tokens
  2. The application server is overloaded and temporarily unavailable
  3. The users are authenticated but lack authorization for the admin resource
  4. The DNS records for the admin dashboard are misconfigured
Show answer & explanation

Correct answer: C - The users are authenticated but lack authorization for the admin resource

Ready for the real thing?

Practice hundreds more Cloud Plus questions with instant scoring, weak-area drills, and full exam simulations.

Start the free practice test See pricing