Cloud computing is explicitly tested on CompTIA Network+ N10-009 as part of Networking Concepts (Domain 1). You must understand the three service models (IaaS, PaaS, SaaS), deployment models (public, private, hybrid, community), and cloud-specific networking concepts like virtual networks, cloud gateways, and the shared responsibility model. Expect 4–6 questions covering cloud terminology, deployment decisions, and networking in cloud environments.
Practice this topic
IaaS (Infrastructure as a Service) provides virtualized compute, storage, and networking resources. The customer manages the OS, applications, and data. Examples: AWS EC2, Azure VMs, Google Compute Engine. The provider manages physical hardware, hypervisors, and basic networking. Use IaaS when you need full OS control but don't want physical hardware.
PaaS (Platform as a Service) provides a managed platform for deploying applications. The provider manages the OS and runtime environment; the customer manages applications and data. Examples: AWS Elastic Beanstalk, Azure App Service, Google App Engine, Heroku. Use PaaS when you want to deploy code without managing servers.
SaaS (Software as a Service) provides fully managed applications delivered over the internet. The customer only manages their data and user settings. Examples: Microsoft 365, Google Workspace, Salesforce, Dropbox. The provider manages everything else. Use SaaS when you need ready-to-use applications without any infrastructure management.
Public cloud resources are owned and operated by a third-party provider, shared among multiple customers (multi-tenant), and accessed via the internet. Lower cost, high scalability, no capital expenditure. Examples: AWS, Azure, Google Cloud.
Private cloud is dedicated infrastructure operated for a single organization — either on-premises or hosted. More control, better security compliance, higher cost. Used by regulated industries (healthcare, finance) needing data sovereignty.
Hybrid cloud combines public and private cloud, connected by secure links (VPN or dedicated circuits like AWS Direct Connect or Azure ExpressRoute). Enables 'cloud bursting' — using public cloud for overflow capacity while keeping sensitive data on-premises.
Community cloud is shared infrastructure for a specific community with common requirements (e.g., government agencies, healthcare organizations). Less common but explicitly listed in Network+ exam objectives.
Virtual Private Cloud (VPC) / Virtual Network (VNet): a logically isolated network within the public cloud where you control IP address ranges, subnets, routing, and security groups. Cloud gateways provide connectivity between on-premises networks and cloud VPCs — internet gateways for public access, VPN gateways for encrypted tunnels, and dedicated circuit options for private connectivity.
Elastic/scalable networking: cloud resources scale automatically based on demand. Load balancers distribute traffic across cloud instances. Content Delivery Networks (CDNs) cache content geographically close to users to reduce latency. SD-WAN (Software-Defined WAN) is increasingly used to optimize connectivity between branches and cloud resources.
The Shared Responsibility Model defines security obligations: the cloud provider is always responsible for physical infrastructure; the customer is always responsible for data and access management. The boundary for OS and application responsibility shifts depending on the service model (IaaS: customer owns OS; PaaS: provider owns OS; SaaS: provider owns everything above infrastructure).
| Responsibility | IaaS | PaaS | SaaS |
|---|---|---|---|
| Physical hardware | Provider | Provider | Provider |
| Hypervisor/network | Provider | Provider | Provider |
| Operating system | Customer | Provider | Provider |
| Runtime/middleware | Customer | Provider | Provider |
| Application | Customer | Customer | Provider |
| Data | Customer | Customer | Customer |
| Access control | Customer | Customer | Customer |
SaaS gives customers full control of the application
SaaS customers control only their data and user-level settings — the provider controls the application, runtime, OS, and hardware
Private cloud means on-premises
Private cloud can be hosted by a third-party provider but is dedicated exclusively to one organization — 'private' refers to single-tenancy, not physical location
Cloud networks are automatically secure
Cloud providers secure the physical infrastructure, but customers must configure security groups, network ACLs, encryption, and access controls — security is a shared responsibility
These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.
A company wants to use a cloud service where they deploy their own code but do not manage the operating system or server infrastructure. Which cloud model best fits this requirement?
Explanation: PaaS (Platform as a Service) provides a managed environment where customers deploy their applications without managing the OS or underlying infrastructure. The provider manages the runtime, OS, and hardware. IaaS requires managing the OS; SaaS provides ready-made applications with no deployment needed.
Which cloud deployment model provides resources shared between multiple organizations that have common requirements, such as government agencies?
Explanation: A community cloud is shared infrastructure provisioned for exclusive use by a specific community of organizations with shared concerns (e.g., compliance requirements, mission, or security policy). Government agencies sharing a cloud deployment is the classic example. Public cloud is open to all; private is for one organization; hybrid combines private and public.
Virtualization is the technology that creates virtual versions of compute, storage, or network resources on physical hardware. Cloud is a delivery model for consuming those virtualized resources — typically self-service, on-demand, scalable, and metered. You can have virtualization without cloud (a VMware lab), but cloud relies on virtualization underneath.
Network+ tests: service models (IaaS/PaaS/SaaS), deployment models (public/private/hybrid/community), cloud networking concepts (VPC, cloud gateways, VPN connectivity), shared responsibility model, and cloud-specific devices (virtual firewalls, software-defined networking, cloud load balancers). Not tested: deep AWS/Azure/GCP configuration — that is Cloud+ territory.
Try free Cloud Concepts practice questions with explanations, topic links and progress tracking.