AWS Cloud Practitioner Practice Test (CLF-C02)
Use the form below to configure your AWS Cloud Practitioner Practice Test (CLF-C02). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

AWS Cloud Practitioner CLF-C02 Information
The AWS Certified Cloud Practitioner (CLF-C02) is an entry-level certification for individuals looking to understand the fundamentals of Amazon Web Services (AWS). This exam is designed for both technical and non-technical professionals who need a general understanding of cloud computing and AWS services. It does not require prior cloud experience, making it an ideal starting point for those new to the field.
Exam Overview
The CLF-C02 exam consists of multiple-choice and multiple-response questions. It is a 90-minute test that costs $100 USD. AWS does not publicly disclose the passing score, but candidates should aim for at least 70% to pass. The exam is available in multiple languages, including English, Japanese, Korean, and Simplified Chinese.
Exam Objectives
This exam covers four key areas: cloud concepts, security and compliance, technology, and billing and pricing. Cloud concepts include the benefits of cloud computing, the AWS global infrastructure, and the shared responsibility model. Security and compliance focus on AWS Identity and Access Management (IAM), compliance programs, and best security practices. The technology section tests knowledge of AWS compute, storage, networking, and databases, as well as the AWS Well-Architected Framework and serverless computing. Finally, billing and pricing cover AWS pricing models, total cost of ownership, and AWS support plans.
Who Should Take This Exam?
The AWS Certified Cloud Practitioner certification is suitable for individuals who want to learn about cloud computing and its business applications. It is beneficial for professionals in sales, finance, project management, and other roles that interact with cloud technology. It is also useful for those planning to pursue advanced AWS certifications.
How to Prepare
To prepare for the CLF-C02 exam, candidates should review the AWS Certified Cloud Practitioner Exam Guide and take advantage of AWS’s Free Tier for hands-on experience. AWS also offers training through its Skill Builder platform, which includes practice questions and study materials. Additionally, taking practice exams can help candidates identify areas where they need improvement.
Summary
The AWS Certified Cloud Practitioner (CLF-C02) is a foundational certification that validates a broad understanding of AWS services and cloud concepts. It is an excellent starting point for professionals who want to build cloud expertise or advance in cloud-related careers.
Scroll down to see your responses and detailed results
Free AWS Cloud Practitioner CLF-C02 Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 15
- Time: Unlimited
- Included Topics:Cloud ConceptsSecurity and ComplianceCloud Technology and ServicesBilling, Pricing, and Support
When comparing managed database services to compute services where the customer provisions virtual servers, which statement correctly summarizes the shift in operational responsibility?
Customers are responsible for physical hardware maintenance with compute services, whereas AWS assumes this responsibility with its managed database offerings.
AWS’s responsibility is diminished with managed database services, as the customer must oversee patching and upgrades, just as they would with provisioned compute services.
With managed database services, AWS takes on more of the database management tasks typically handled by the customer with compute services where they control virtual servers.
The level of responsibility for the customer and AWS remains constant whether using managed database services or compute services where the customer maintains virtual servers.
Answer Description
Managed database services, like the offering for relational databases, provide a higher level of managed service by AWS, including tasks such as database setup, patching, and backups, thus offloading these responsibilities from the customer. In contrast, compute services where customers launch their own virtual servers demand the customers to manage operating systems, any installed applications, and potential databases on those virtual servers, which means a higher level of responsibility compared to managed database services.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are managed database services in AWS?
What responsibilities does the customer retain when using compute services?
How does AWS assist with database maintenance in managed services?
A retail company wishes to monitor customer transactions as they occur to gain immediate insights and respond to patterns promptly. Which service should they implement to process this high-velocity data and perform analytics in a timely manner?
Amazon QuickSight
Amazon Kinesis
Amazon Athena
AWS Glue
Answer Description
Amazon Kinesis is the appropriate service for dealing with high-velocity data streams, like customer transactions in real-time. It provides the ability to process and analyze data immediately, which is essential for real-time insights and pattern detection. Amazon Athena is used for querying data stored on Amazon S3 with SQL, which is not ideal for real-time analytics. AWS Glue is a fully managed ETL service that prepares and transforms data for analytics but is not designed for real-time processing. Amazon QuickSight focuses on business intelligence and visualization and does not specialize in data ingestion or real-time analysis.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon Kinesis and how does it work?
What are some use cases for Amazon Kinesis?
What is the difference between Amazon Kinesis and AWS Glue?
A business is looking to implement a solution that would allow them to automate the setup of their computing resources for various environments such as development, testing, and production. The solution should support codification of infrastructure to enable consistent deployments. Which service should they use to best meet these requirements?
Infrastructure as Code service
Auto Scaling service
Management Console
Command Line Interface
Answer Description
The best service for meeting the requirements of automated, consistent deployment across multiple environments using codified templates is the Infrastructure as Code service provided by the cloud vendor. This service enables the definition of infrastructure in code format, which can then be used to create and manage cloud resources automatically. It ensures consistency and reduces the chance of human error associated with manual setups. The console, while user-friendly for manual operations, is not designed for automated, templated provisioning. The Command Line Interface facilitates scripting for automation but does not inherently provide templating or state management like the Infrastructure as Code service. Auto Scaling service is primarily used for adjusting resource capacity in response to traffic demands and does not cater to the requirement of environment setup through codification.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Infrastructure as Code (IaC)?
What are some benefits of using IaC?
What tools can be used for implementing Infrastructure as Code?
Which managed AWS service would be the BEST choice for implementing a highly scalable NoSQL database capable of handling millions of read and write requests per second?
Amazon DynamoDB
Amazon EKS
Amazon ECS
Amazon RDS
Answer Description
Amazon DynamoDB is a NoSQL database that is fully managed, scalable, and designed for high availability and reliability. It can handle millions of read and write requests per second, making it ideal for applications with massive data throughput requirements. While Amazon RDS is also a managed database service, it is more suitable for relational databases rather than NoSQL databases. Amazon ECS and Amazon EKS are container services and not primarily database solutions. This makes Amazon DynamoDB the best choice among the options provided.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is NoSQL and how does it differ from SQL databases?
What are the main features of Amazon DynamoDB that support scalability?
When should I consider using Amazon RDS instead of DynamoDB?
Which AWS connectivity option lets you establish an encrypted IPsec tunnel between your on-premises data center and an Amazon VPC by using your existing internet connection-thereby avoiding the need for a dedicated physical line?
AWS Snowmobile
AWS Direct Connect
AWS Site-to-Site VPN
Amazon Kinesis Data Streams
Answer Description
AWS Site-to-Site VPN uses two IPsec tunnels over the public internet to connect your on-premises network to AWS Resources. Because it rides on your current internet circuit, you do not have to provision or lease dedicated network hardware or circuits. AWS Direct Connect, in contrast, requires a dedicated physical link. Amazon Kinesis Data Streams and AWS Snowmobile address data-streaming and bulk-data-transfer use cases and do not provide network connectivity between on-premises sites and VPCs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What types of AWS VPN connections can be established?
How does AWS VPN ensure data security during transmission?
What are the cost benefits of using AWS VPN compared to dedicated physical hardware?
A company is developing a web application that requires fully-managed, event-driven compute capabilities to execute short-duration, stateless functions in response to HTTP requests without managing infrastructure. Which service BEST fits these requirements?
Amazon ECS
AWS Fargate
Amazon EC2
AWS Lambda
Answer Description
AWS Lambda is the best fit for these requirements as it is a fully-managed, event-driven compute service that allows functions to be executed in response to HTTP requests through Amazon API Gateway or other trigger sources. Lambda is designed for short-duration, stateless functions, making it ideal for the scenario described. Other services like AWS Fargate and Amazon ECS also support serverless compute strategies, but they are container management services that are more suited for long-running and potentially stateful applications rather than the event-driven, short-lived functions described in the scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Lambda and how does it work?
What is the difference between AWS Lambda and Amazon EC2?
What are stateless functions and why are they important?
A company needs to run a steady-state workload for a duration of 3 years and is seeking cost savings while maintaining flexibility to change instance families and regions when opportunities arise. Which compute purchasing option should they consider?
On-Demand Instances
Dedicated Hosts
Spot Instances
Savings Plans
Answer Description
AWS Savings Plans offer significant cost savings compared to On-Demand pricing for a commitment of 1 or 3 years, while providing flexibility to switch instance families, sizes, regions, and OS, unlike Reserved Instances which are more restrictive. This makes Savings Plans ideal for long-term steady-state workloads where some level of resource flexibility is needed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are AWS Savings Plans?
How do Savings Plans differ from Reserved Instances?
What are the benefits of using Spot Instances compared to Savings Plans?
Which service is BEST suited for helping a company develop a comprehensive strategy for migrating applications, workloads, and databases to the cloud?
Well-Architected Tool
Managed Services
Migration Hub
Cost Explorer
Answer Description
AWS Migration Hub is the best resource for helping a company develop a comprehensive strategy for migrating applications, workloads, and databases to the cloud because it offers a single location to track the progress of application migrations across multiple AWS and partner solutions. While the Well-Architected Tool, Cost Explorer, and Managed Services offer valuable benefits, they do not focus specifically on migration strategy and progress tracking. The Well-Architected Tool helps evaluate and improve workloads but does not track migration progress. Cost Explorer helps with cost management, and Managed Services can manage AWS infrastructure, but neither is designed to develop migration strategies.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What exactly does AWS Migration Hub do?
What are the Well-Architected Tool and its benefits?
How does AWS Cost Explorer help businesses?
As part of meeting compliance requirements, your client needs to guarantee the protection of their customer information when it is stored in the cloud as well as safeguarding the data during transfer to and from their cloud storage solution. Which approach would best fulfill these requirements?
Enabling encryption for stored data using service-managed keys and requiring encrypted connections for data transfer
Engaging a third-party service for end-to-end data encryption without utilizing built-in cloud service features
Activating a web application firewall for incoming and outgoing data and applying hardware security modules for stored data
Securing data at rest with Identity and Access Management permissions and data in transit with virtual private networks
Answer Description
The best practice for protecting data stored on the cloud is to use server-side encryption, where the storage service itself encrypts the data before it writes it to disk. For securing data during transfer, the standard approach is to enforce the use of Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocols, which is generally achieved by allowing only HTTPS connections to the storage service. This combination will meet the compliance requirements for both data at rest and data in transit encryption.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are service-managed keys and how do they work with encryption?
What is the difference between data at rest and data in transit?
How do SSL and TLS protocols secure data during transfer?
You are running a steady, predictable application workload on AWS that requires consistent performance over the next year. Which compute purchasing option is the MOST cost-effective for your needs?
Spot Instances
Reserved Instances
On-Demand Instances
Dedicated Hosts
Answer Description
Using Reserved Instances (RIs) for a steady, predictable application workload is typically the most cost-effective option because it offers significant discounts compared to On-Demand Instances when you commit to a one or three-year term. On-Demand Instances are better suited for unpredictable workloads, and Spot Instances are ideal for flexible workloads that can handle interruptions. Dedicated Hosts are used when you need physical server isolation, which is not necessary for most steady workloads.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Reserved Instances and how do they work?
What distinguishes On-Demand Instances from Reserved Instances?
What are Spot Instances and when should they be used?
A company has set up a Virtual Private Cloud (VPC) with public and private subnets. The instances in the private subnet must retrieve updates from the internet, but should not be directly accessible from external sources. Which component should the company use to allow these instances to connect to the internet while ensuring they remain private?
NAT Gateway
Peering Connection
Virtual Private Gateway
Internet Gateway
Answer Description
To allow instances in a private subnet to initiate outbound traffic to the internet without allowing inbound traffic from the internet, a NAT gateway or a NAT instance can be used. The NAT gateway is a managed service that provides better availability and bandwidth compared to a NAT instance, which is self-managed and runs on a specific EC2 instance type. Internet Gateways are used to provide a target in route tables to allow instances to connect to the internet, but since they allow bidirectional internet access, using them alone would not meet the requirement of keeping instances private. Similarly, a Virtual Private Gateway is used to connect a VPC to an on-premises network via a VPN connection and doesn't facilitate private instances accessing the internet.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a NAT Gateway and how does it work?
What are the differences between a NAT Gateway and a NAT Instance?
Why can't I use an Internet Gateway for private subnet instances?
In a company's transition to the cloud, which responsibility is the company accountable for when using Amazon EC2?
Ensuring the uptime of hypervisors and physical servers
Configuring security settings for the operating system and applications
Maintaining the physical security of the data centers
Protecting the underlying infrastructure from physical threats
Answer Description
In the AWS shared responsibility model, the customer is responsible for the security 'in' the cloud, which includes aspects such as configuring security settings, managing guest OS, and securing applications.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the AWS shared responsibility model?
What specific security settings should a company configure for Amazon EC2?
Why does a company need to manage the security of the guest operating system on EC2 instances?
Which AWS service provides customers with self-service, on-demand access to AWS compliance reports and allows them to review and accept agreements such as the Business Associate Addendum (BAA)?
AWS Artifact
AWS Config
AWS Trusted Advisor
AWS Security Hub
Answer Description
AWS Artifact is AWS's audit-artifact portal. It lets customers download official compliance reports-such as SOC, ISO, and PCI certifications-and manage certain agreements (for example, HIPAA Business Associate Addendum) for a single account or an entire AWS Organizations structure. AWS Trusted Advisor focuses on cost, performance, and security best-practice checks; AWS Security Hub aggregates security findings; and AWS Config records and evaluates configuration changes, but none of these services provide the compliance documentation and agreement management functions of AWS Artifact.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What types of compliance documentation can I find in AWS Artifact?
How does AWS Artifact help with compliance frameworks?
What are AWS Service Terms and how do they relate to AWS Artifact?
A company needs to store large volumes of transactional data for at least one year, but will only access it frequently during the first 30 days after creation. After that period, the data is rarely accessed. Which storage service and tier should be recommended for the most cost-effective solution?
Amazon S3 Glacier
Amazon S3 Glacier Deep Archive
Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
Amazon S3 Standard
Answer Description
The correct answer is Amazon S3 Standard-Infrequent Access (S3 Standard-IA) because it provides a balance between availability, durability, and cost. It is designed for data that is less frequently accessed but requires rapid access when needed. Since the company frequently accesses the data only within the first 30 days, S3 Standard-IA is cost-effective for long-term storage with infrequent access. Amazon S3 Glacier and Amazon S3 Glacier Deep Archive, while cheaper, are designed for archival purposes and would not provide the rapid access required for the first 30 days. Amazon S3 Standard is designed for frequently accessed data and would be more expensive for the long-term storage where data is rarely accessed after the initial period.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the key benefits of using Amazon S3 Standard-IA?
What are the differences between Amazon S3 Standard-IA and other S3 storage classes?
Can you explain when to use S3 Glacier versus S3 Standard-IA?
A startup is developing a social media application that expects varying levels of traffic throughout the day, with potential viral spikes. The team wants to ensure their application can handle these unpredictable loads without any service interruptions or performance degradation. Which AWS Cloud characteristic should they leverage to fulfill this requirement?
Fixed allocation of compute and storage resources
Increased durability of stored data
High availability and elasticity of cloud resources
Global reach through a single regional deployment
Answer Description
Elasticity is the core characteristic that allows the system to automatically scale resources up to handle viral spikes and scale down to save costs during quiet periods. High availability complements this by ensuring the application is resilient and remains operational even if underlying components fail, thus preventing service interruptions. Together, they provide a robust solution for unpredictable traffic. Durability relates to long-term data protection, not real-time traffic handling. Fixed resource allocation is the opposite of the required flexibility. Global reach addresses user latency through geographic distribution, which is different from handling load variations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does elasticity mean in the context of cloud computing?
What is meant by high availability, and how is it achieved in AWS?
Why is a fixed allocation of compute and storage resources not suitable for fluctuating traffic?
Smashing!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.