This chapter covers cloud computing concepts essential for the CompTIA A+ 220-1101 exam, specifically under Objective 4.2. Cloud computing represents a fundamental shift in IT delivery, and the exam tests your understanding of cloud service models, deployment models, and shared responsibility. Expect 5-10% of exam questions to touch on cloud topics, primarily as part of the Virtualization and Cloud Computing domain. Mastering these concepts will help you distinguish between IaaS, PaaS, and SaaS, understand public, private, and hybrid clouds, and know the responsibilities of the provider versus the customer.
Jump to a section
Imagine a city that used to generate its own electricity with diesel generators in every building. Each building had to buy, maintain, and fuel its own generator. If a building needed more power, it had to buy a bigger generator. If the generator broke, the building had no power. This is on-premises computing. Now, the city builds a central power plant that generates electricity at massive scale. Buildings simply plug into the grid and pay for what they use. If a building needs more power, it draws more from the grid. If the plant has extra capacity, it can serve many buildings. The power company handles maintenance, upgrades, and redundancy. Cloud computing works the same way: instead of owning servers and storage, you rent compute resources from a cloud provider (the power plant). You provision virtual machines, storage, and databases on demand, paying only for what you consume. The provider handles hardware maintenance, scaling, and fault tolerance. Just as the power grid offers reliability and elasticity, the cloud offers on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service—the five essential characteristics defined by NIST.
What is Cloud Computing?
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This definition comes from the National Institute of Standards and Technology (NIST) Special Publication 800-145. The cloud model is composed of five essential characteristics, three service models, and four deployment models.
Five Essential Characteristics
On-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
Broad network access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
Resource pooling: The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.
Rapid elasticity: Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
Measured service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
Service Models
Infrastructure as a Service (IaaS): The provider offers virtualized computing resources over the internet. The consumer can provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). Example: Amazon EC2, Microsoft Azure Virtual Machines, Google Compute Engine.
Platform as a Service (PaaS): The consumer deploys applications onto the cloud infrastructure using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage the underlying cloud infrastructure (network, servers, operating systems, or storage) but has control over the deployed applications and possibly configuration settings for the application-hosting environment. Example: Google App Engine, AWS Elastic Beanstalk, Microsoft Azure App Services.
Software as a Service (SaaS): The consumer uses the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage the underlying cloud infrastructure except for limited user-specific application configuration settings. Example: Google Workspace (Gmail, Docs), Microsoft 365, Salesforce.
Deployment Models
Public cloud: The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. Example: AWS, Azure, Google Cloud.
Private cloud: The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Example: VMware vSphere on-premises, OpenStack.
Hybrid cloud: The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). Example: Using AWS for burst capacity while maintaining a private cloud for sensitive data.
Community cloud: The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. Example: Government community cloud, healthcare cloud.
Shared Responsibility Model
In cloud computing, security and management responsibilities are shared between the provider and the consumer. The distribution depends on the service model. - IaaS: The provider is responsible for the physical infrastructure, network, hypervisor, and physical security. The consumer is responsible for the OS, applications, data, network configurations, and identity management. - PaaS: The provider is responsible for the runtime environment, middleware, OS, and infrastructure. The consumer is responsible for the application code, data, and identity management. - SaaS: The provider is responsible for everything except user data and identity. The consumer only manages user access and data.
Cloud Characteristics and Terms
Elasticity: The ability to scale resources up or down automatically in response to demand. For example, a web server fleet can add instances during peak traffic and remove them when traffic subsides.
Scalability: The ability to handle growing amounts of work by adding resources. This can be vertical (adding more power to an existing instance) or horizontal (adding more instances).
Metering: Usage is measured and billed based on consumption (e.g., per hour, per GB of storage, per IOPS).
Multitenancy: A single instance of software serves multiple customers (tenants), with each tenant's data isolated from others.
Virtual Desktop Infrastructure (VDI): A desktop operating system runs within a virtual machine hosted on a server. Users connect remotely via a client. This is often delivered as a cloud service (Desktop as a Service, DaaS).
Cloud Computing vs. Virtualization
Virtualization is a technology that abstracts physical hardware to create virtual resources. Cloud computing uses virtualization as a foundation but adds orchestration, self-service, metering, and elasticity. Virtualization can exist without cloud (e.g., a single hypervisor running VMs), but cloud computing relies on virtualization to pool and allocate resources.
Cloud Billing and Cost Models
Pay-as-you-go: Pay for resources consumed, often per hour or per GB. No upfront cost.
Reserved instances: Commit to a 1- or 3-year term for a lower hourly rate.
Spot instances: Bid on unused capacity for even lower rates, but instances can be terminated by the provider at any time.
Exam-Relevant Details
The exam expects you to know the NIST definition and the five characteristics.
Know which service model provides what level of control.
Understand that in IaaS, the consumer manages the OS; in PaaS, the provider manages the OS.
Hybrid cloud combines public and private; community cloud is for a specific group with shared concerns.
VDI is often confused with cloud—VDI can be on-premises or cloud-based.
Configuration and Verification (General)
Cloud resources are typically managed via web consoles, CLI tools (e.g., AWS CLI, Azure CLI), or APIs. For example, to launch an EC2 instance:
aws ec2 run-instances --image-id ami-0abcdef1234567890 --instance-type t2.micro --key-name MyKeyPair --security-group-ids sg-12345678 --subnet-id subnet-12345678To list instances:
aws ec2 describe-instancesThese commands are not directly tested on A+ but illustrate the on-demand nature.
User requests a resource
A user logs into the cloud provider's management console or uses an API to request a virtual machine, storage bucket, or database. The request includes specifications such as instance type, operating system, storage size, and network settings. This step triggers the cloud orchestration layer, which authenticates the user (using IAM roles or similar) and validates the request against quotas and permissions. The user does not interact with any human administrator—this is on-demand self-service.
Orchestrator allocates physical resources
The cloud provider's orchestration system (e.g., AWS EC2 placement engine, Azure Fabric Controller) selects a physical host server with sufficient capacity. It considers factors like resource availability, load balancing, and customer isolation requirements. The hypervisor on the chosen host is instructed to create a new virtual machine with the specified resources (vCPUs, memory, storage). The orchestrator updates the inventory database to mark those resources as allocated.
Hypervisor provisions the VM
The hypervisor (e.g., Xen, KVM, Hyper-V) creates a new VM with the requested specifications. It allocates virtual CPUs (vCPUs) from physical cores, memory from RAM, and attaches virtual disks from the storage area network (SAN) or local storage. The VM is booted from a pre-configured image or template. The hypervisor assigns a virtual network interface and connects it to the appropriate virtual network (VLAN or overlay network). This entire process typically takes minutes.
Network configuration and access
The cloud provider's networking layer assigns an IP address (public and/or private) to the VM. Security groups or network ACLs are applied based on the user's configuration. The VM is now reachable over the internet or internal network. The user can connect via SSH (Linux) or RDP (Windows) using the provided credentials. The provider's DNS may automatically create a record for the VM's public IP.
Metering and billing start
As soon as the VM enters a running state, the provider's metering system begins tracking usage. Metrics include: running time (per second or per hour), storage consumed, data transfer out, and any additional services (e.g., load balancers, IP addresses). These metrics are logged and later aggregated for billing. The user can view real-time usage in the billing console. The VM continues running until the user terminates it or an event (e.g., spot instance interruption) stops it.
Scenario 1: Startup Scaling with AWS
A mobile app startup expects rapid growth. They deploy their backend on AWS using EC2 instances for compute, RDS for database, and S3 for file storage. They use Auto Scaling groups to automatically add EC2 instances when CPU utilization exceeds 70% and remove them when it drops below 30%. This elasticity ensures they only pay for what they use. Initially, they use a public cloud because they have no capital for hardware. As they grow, they add reserved instances for baseline load to save costs. They also use CloudFront CDN to reduce latency. The challenge: they must ensure proper IAM policies to avoid accidental exposure of S3 buckets. A common misconfiguration is leaving an S3 bucket public, leading to data breaches. They use AWS Config rules to audit bucket policies.
Scenario 2: Hybrid Cloud for Finance
A financial institution must keep customer data on-premises due to regulatory compliance but wants to leverage cloud for analytics. They deploy a private cloud using VMware vSphere on-premises and connect it to a public cloud (e.g., AWS Outposts or Azure Stack) via a dedicated VPN or AWS Direct Connect. Sensitive data stays on-premises, while compute-intensive analytics jobs burst to the public cloud. This is a hybrid cloud deployment. They use identity federation so employees can use their on-premises Active Directory credentials to access cloud resources. The main challenge is network latency and bandwidth between the two environments. They implement caching and batch data transfers during off-peak hours. The shared responsibility model is critical: they must secure the on-premises infrastructure and manage OS patching on VMs, while the cloud provider secures the physical data center.
Scenario 3: SaaS for Enterprise Email
A large enterprise migrates from on-premises Exchange to Microsoft 365 (SaaS). The provider handles server maintenance, security patches, and uptime. The enterprise only manages user accounts and data retention policies. They use Azure AD for single sign-on. The benefit: no hardware to maintain, predictable per-user pricing, and built-in disaster recovery. The risk: if the provider has an outage, the enterprise has no control. They implement a backup strategy using third-party tools to archive emails to another cloud. A common misconfiguration is not enabling multi-factor authentication (MFA), leading to account compromise. The exam may ask: 'Which service model is Microsoft 365?' Answer: SaaS.
What 220-1101 Tests on Cloud Computing (Objective 4.2)
The exam focuses on identifying and differentiating cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, community). You must also understand the shared responsibility model and the five essential characteristics. Questions often present a scenario and ask which model or characteristic applies.
Common Wrong Answers and Why Candidates Choose Them
Confusing IaaS and PaaS: Candidates often think PaaS provides virtual machines (like IaaS). Wrong: PaaS provides a platform to run applications without managing the OS. The trick: if you manage the OS, it's IaaS; if you don't, it's PaaS.
Mistaking public cloud for private: Some think 'public' means free or open to anyone. Reality: public cloud is owned by a provider and available to the general public for a fee. Private cloud is for a single organization.
Thinking hybrid cloud requires a VPN: While VPN is common, hybrid cloud can also use direct connections like AWS Direct Connect. The key is that it combines two or more distinct cloud infrastructures.
Assuming VDI is always cloud: VDI can be on-premises. The exam may ask: 'Which cloud service model provides virtual desktops?' The answer is IaaS (if you manage the desktop OS) or DaaS (a variant of SaaS).
Specific Numbers and Terms to Memorize
Five characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity, measured service.
Three service models: IaaS, PaaS, SaaS.
Four deployment models: public, private, hybrid, community.
Shared responsibility: provider manages 'security of the cloud,' customer manages 'security in the cloud.'
Edge Cases and Exceptions
Community cloud: often confused with hybrid. Community is for a specific group (e.g., government agencies).
Resource pooling: does not mean the customer shares resources with others in a visible way; it's transparent.
Measured service: often called 'pay-as-you-go,' but the exam uses 'measured service.'
How to Eliminate Wrong Answers
If the question mentions managing the OS, it's IaaS (unless it's SaaS where you manage nothing).
If it mentions deploying custom software without managing servers, it's PaaS.
If it's a ready-to-use application like email, it's SaaS.
Look for keywords: 'renting hardware' = IaaS, 'develop and deploy' = PaaS, 'use application' = SaaS.
'Combination of on-premises and cloud' = hybrid.
The five essential characteristics of cloud computing are on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service.
IaaS provides virtualized hardware; PaaS provides a development platform; SaaS provides ready-to-use applications.
Public cloud is owned by a provider and available to the public; private cloud is for a single organization; hybrid cloud combines public and private; community cloud is for a specific group.
In the shared responsibility model, the provider is responsible for 'security of the cloud' and the customer for 'security in the cloud.'
Cloud computing uses virtualization but adds orchestration, self-service, metering, and elasticity.
VDI (Virtual Desktop Infrastructure) can be on-premises or cloud-based; it is not inherently a cloud service.
Measured service means usage is metered and billed; often called pay-as-you-go.
Resource pooling enables multitenancy, where physical resources are shared among multiple customers.
These come up on the exam all the time. Here's how to tell them apart.
IaaS (Infrastructure as a Service)
Provides virtual machines, storage, and networking.
Customer manages OS, middleware, and applications.
Example: AWS EC2, Azure VMs.
More control but more management overhead.
Pay for compute, storage, and network resources.
PaaS (Platform as a Service)
Provides a platform to develop and deploy applications.
Provider manages OS, runtime, and infrastructure.
Example: Google App Engine, AWS Elastic Beanstalk.
Less control but less management overhead.
Pay for application hosting and resource consumption.
Mistake
Cloud computing is the same as virtualization.
Correct
Virtualization is a technology that abstracts physical hardware; cloud computing uses virtualization but adds orchestration, self-service, metering, and elasticity. You can have virtualization without cloud (e.g., a single hypervisor), but cloud requires virtualization to pool resources.
Mistake
Public cloud is always less secure than private cloud.
Correct
Security depends on configuration. Public cloud providers invest heavily in security (physical, network, encryption). A misconfigured public cloud can be insecure, but a well-configured one can be more secure than a poorly managed private cloud. The shared responsibility model means the customer must secure their part.
Mistake
Hybrid cloud always means using a VPN between public and private clouds.
Correct
While VPN is common, hybrid cloud can also use dedicated connections like AWS Direct Connect or Azure ExpressRoute. The defining characteristic is that the clouds are bound together by technology enabling data and application portability, not necessarily a VPN.
Mistake
SaaS gives you full control over the operating system.
Correct
In SaaS, the provider manages everything including the OS, middleware, and application. The customer only controls user-specific settings and data. If you have OS control, it's IaaS or PaaS (depending on whether you manage the platform).
Mistake
Community cloud is the same as hybrid cloud.
Correct
Community cloud is for a specific community with shared concerns (e.g., government, healthcare). Hybrid cloud combines two or more distinct cloud infrastructures (public, private, community). They are separate deployment models.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
IaaS provides virtualized computing resources (VMs, storage) that you manage. PaaS provides a platform to run applications without managing the underlying infrastructure. SaaS provides ready-to-use applications. For the exam: if you manage the OS, it's IaaS; if you just deploy code, it's PaaS; if you just use an app, it's SaaS.
On-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. These are defined by NIST SP 800-145. The exam expects you to identify them in scenario questions.
It defines which security and management tasks are handled by the cloud provider and which by the customer. In IaaS, the provider handles physical security and the hypervisor; the customer handles the OS and apps. In PaaS, the provider handles the runtime and OS; the customer handles code. In SaaS, the provider handles almost everything except user data and access.
VDI can be deployed on-premises (virtualization) or as a cloud service (Desktop as a Service, DaaS). The exam may ask: 'Which cloud service model provides virtual desktops?' The answer is often IaaS if you manage the desktop images, or SaaS if it's a fully managed service like Windows 365.
A hybrid cloud combines two or more distinct cloud infrastructures (public, private, community) that remain unique but are connected by technology enabling data and application portability. Example: using a private cloud for sensitive data and public cloud for burst compute.
Scalability is the ability to handle increased load by adding resources (manually or planned). Elasticity is the ability to automatically scale resources up and down in response to real-time demand. Cloud computing provides both, but elasticity is a key characteristic.
Cloud computing uses a pay-as-you-go model where you pay for what you consume (e.g., per hour of VM, per GB of storage, per GB of data transfer). Reserved instances offer discounts for long-term commitments. Spot instances provide lower prices for interruptible workloads.
You've just covered Cloud Computing for A+ — now see how well it sticks with free 220-1101 practice questions. Full explanations included, no account needed.
Done with this chapter?