AWS Cloud Practitioner Practice Test (CLF-C02)
Use the form below to configure your AWS Cloud Practitioner Practice Test (CLF-C02). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

AWS Cloud Practitioner CLF-C02 Information
The AWS Certified Cloud Practitioner (CLF-C02) is an entry-level certification for individuals looking to understand the fundamentals of Amazon Web Services (AWS). This exam is designed for both technical and non-technical professionals who need a general understanding of cloud computing and AWS services. It does not require prior cloud experience, making it an ideal starting point for those new to the field.
Exam Overview
The CLF-C02 exam consists of multiple-choice and multiple-response questions. It is a 90-minute test that costs $100 USD. AWS does not publicly disclose the passing score, but candidates should aim for at least 70% to pass. The exam is available in multiple languages, including English, Japanese, Korean, and Simplified Chinese.
Exam Objectives
This exam covers four key areas: cloud concepts, security and compliance, technology, and billing and pricing. Cloud concepts include the benefits of cloud computing, the AWS global infrastructure, and the shared responsibility model. Security and compliance focus on AWS Identity and Access Management (IAM), compliance programs, and best security practices. The technology section tests knowledge of AWS compute, storage, networking, and databases, as well as the AWS Well-Architected Framework and serverless computing. Finally, billing and pricing cover AWS pricing models, total cost of ownership, and AWS support plans.
Who Should Take This Exam?
The AWS Certified Cloud Practitioner certification is suitable for individuals who want to learn about cloud computing and its business applications. It is beneficial for professionals in sales, finance, project management, and other roles that interact with cloud technology. It is also useful for those planning to pursue advanced AWS certifications.
How to Prepare
To prepare for the CLF-C02 exam, candidates should review the AWS Certified Cloud Practitioner Exam Guide and take advantage of AWS’s Free Tier for hands-on experience. AWS also offers training through its Skill Builder platform, which includes practice questions and study materials. Additionally, taking practice exams can help candidates identify areas where they need improvement.
Summary
The AWS Certified Cloud Practitioner (CLF-C02) is a foundational certification that validates a broad understanding of AWS services and cloud concepts. It is an excellent starting point for professionals who want to build cloud expertise or advance in cloud-related careers.
Free AWS Cloud Practitioner CLF-C02 Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 20
- Time: Unlimited
- Included Topics:Cloud ConceptsSecurity and ComplianceCloud Technology and ServicesBilling, Pricing, and Support
A media company is storing original, high-resolution images that are accessed frequently for the first month after upload but will likely be accessed infrequently afterward. The company wants to minimize storage costs without sacrificing immediate access to the images. Which storage class should they use?
Amazon S3 Standard
Amazon S3 Intelligent-Tiering
Amazon S3 One Zone-Infrequent Access
Amazon S3 Glacier
Answer Description
The media company should use Amazon S3 Intelligent-Tiering, as this storage class is designed for data with unknown or changing access patterns. It automatically moves data to the most cost-effective access tier without performance impact or operational overhead. This will help them save on storage costs after the first month when the images are less likely to be accessed, while still providing immediate access when needed. The other options are not as cost-effective for this use case. Amazon S3 Standard is better for data that is frequently accessed throughout its lifetime. Amazon S3 One Zone-Infrequent Access offers lower storage costs but should be used for data that does not require multiple Availability Zone resilience. Amazon S3 Glacier is used for archival purposes and would not provide the immediate access required by the company during the first month.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Amazon S3 Intelligent-Tiering optimize costs compared to other storage classes?
What are the use cases for Amazon S3 One Zone-Infrequent Access?
Why is Amazon S3 Glacier not suitable for this use case?
Which of the following services offloads the responsibility of installing and managing the database software from the customer to the provider?
AWS Lambda
Amazon RDS
Amazon EC2
Amazon S3
Answer Description
With Amazon RDS, the cloud service provider is responsible for the installation, patching, and management of the database software. Managed services like RDS reduce the operational load on the customer by handling routine database maintenance tasks. However, with instances like EC2, the customer is tasked with the complete setup and maintenance of the software stack on the server. Similarly, AWS Lambda abstracts the servers, but the customer is in charge of managing the function's code. Amazon S3 is used for storage and does not involve software management responsibilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon RDS primarily used for?
How does Amazon RDS differ from Amazon EC2 in managing databases?
What databases are supported by Amazon RDS?
Your company is deploying an application on AWS using Amazon EC2 instances. As part of the security compliance requirements, it's critical to ensure that operating system (OS) patches are regularly applied and that the server is protected against unauthorized access. Which of the following responsibilities fall under your company's purview according to the AWS shared responsibility model?
Applying operating system patches to your instances
Virtualization infrastructure maintenance
Environmental risk management for the hardware supporting your instances
Physical security of data center facilities where your instances are hosted
Answer Description
In the AWS shared responsibility model, AWS is responsible for the security of the cloud, including the infrastructure that runs all the services offered in the AWS Cloud. The customer is responsible for security in the cloud, which includes managing the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS provided firewall (security groups) on each instance. Therefore, applying OS patches and securing the server against unauthorized access are responsibilities of the customer.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the AWS shared responsibility model entail?
Why are OS patches the customer's responsibility in the shared responsibility model?
What tools does AWS provide to help customers manage security 'in' the cloud?
Which AWS service is a fully managed relational database service that automates time-consuming administration tasks such as hardware provisioning, database setup, patching, and backups?
Amazon Aurora
Amazon DocumentDB
Amazon Redshift
Amazon Relational Database Service (Amazon RDS)
Amazon EC2
Amazon DynamoDB
Answer Description
Amazon Relational Database Service (Amazon RDS) is the correct answer as it provides a managed service that allows users to operate and scale a relational database in the cloud with ease. It handles routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair. Amazon Aurora, while also a managed relational database, is a specific type of RDS with a focus on performance and compatibility with MySQL and PostgreSQL. Amazon Redshift is a data warehousing service, Amazon DocumentDB is a document database service that supports MongoDB workloads, and Amazon DynamoDB is a NoSQL database service. Amazon EC2 does not automate database management tasks as it is a service for providing resizable compute capacity in the cloud.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What databases can Amazon RDS support?
How is Amazon Aurora different from Amazon RDS?
What is the purpose of backups in Amazon RDS?
A company is planning to deploy a new web application that will have consistent compute usage around the clock for the foreseeable future. The workload is essential for daily operations, and the company wants to ensure capacity while minimizing costs. Which purchasing option should the company choose to balance cost with the requirement for reserved capacity?
Spot Instances
Savings Plans
On-Demand Instances
Reserved Instances
Answer Description
Reserved Instances provide a significant discount compared to On-Demand pricing in exchange for committing to a specific usage (1-year or 3-year term), making them ideal for workloads with predictable usage and the need for reserved capacity. Savings Plans also offer discounts but with more flexibility in usage. Spot Instances are unsuitable for essential, steady workloads due to the possibility of being outbid and terminated. On-Demand Instances are the most flexible but also the most expensive option for long-term, consistent workloads.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Reserved Instances in AWS?
How do Spot Instances differ from Reserved Instances?
What is the difference between Reserved Instances and Savings Plans?
A developer needs to rename the primary key value of an existing item in an Amazon DynamoDB table because the business identifier has changed. Which approach will accomplish this requirement while following DynamoDB best practices?
Run an ALTER TABLE command in the AWS Management Console to rename the key.
Use UpdateItem with an UpdateExpression to set the new value for the key attribute.
Create a global secondary index and update the key through the index, which automatically propagates the change to the base table.
Delete the existing item and recreate it with a PutItem request that includes the new primary key value.
Answer Description
DynamoDB does not permit changes to an item's primary key with UpdateItem or any other in-place operation. The correct way to 'rename' a key is to delete the original item (DeleteItem) and then recreate it (PutItem or BatchWriteItem) with the new key value. Primary key immutability applies regardless of whether the table uses a simple partition key or a composite partition-and-sort key. Local and global secondary indexes also cannot be used to alter the underlying key of an item; they merely provide additional query paths. SQL-style ALTER TABLE statements are not supported in DynamoDB.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why can't the primary key of an item in DynamoDB be updated directly?
What is the difference between a Partition Key and a Sort Key in DynamoDB?
What are global and local secondary indexes in DynamoDB, and how are they different?
A multinational corporation intends to shift its data center operations to the cloud to leverage the scalability benefits and reduce the maintenance overhead associated with their physical data centers. They have to transfer several petabytes of data securely and quickly. Which service should they use to physically transport this large volume of data in a situation where network-based data transfer would be inefficient?
Database Migration Service
Snowball
DataSync
Direct Connect
Answer Description
The correct service for physically transporting large amounts of data is Snowball, which is designed to move data into and out of the cloud using secure appliances, speeding up the migration process for large data sets and circumventing high network costs. DataSync would be less viable for the initial bulk transfer due to networking constraints, Database Migration Service is a continuous replication tool for database workloads, and Direct Connect establishes a dedicated network connection but does not provide a physical data transfer solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Snowball, and how does it work?
How does AWS Snowball ensure secure data transfer during the process?
What are the key differences between AWS Snowball, DataSync, and Direct Connect?
Which design principle of the Reliability pillar in the AWS Well-Architected Framework helps a workload achieve high availability by detecting problems and returning to a healthy state without human intervention?
Manage change through automation
Stop guessing capacity
Automatically recover from failure
Enable traceability
Answer Description
Automatically recovering from failure means a workload continuously monitors key performance indicators and initiates self-healing actions-such as restarting instances or shifting traffic-whenever thresholds are breached. This minimizes downtime and maintains availability. The other choices are also Well-Architected principles, but they address capacity planning, change management, or security rather than automatic fault recovery.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to 'automatically recover from failure' in the AWS Well-Architected Framework?
How does AWS monitoring help achieve automatic recovery?
What is the difference between automatic recovery and manual intervention in reliability?
You are an operations manager for a growing tech company that is migrating its in-house databases to Amazon RDS. Which of the following tasks is AWS responsible for in this managed database service?
Applying security patches to the underlying database software.
Managing the application's schema and configuration.
Creating and maintaining user permissions and access controls.
Monitoring and managing the network traffic to and from the databases.
Answer Description
With a managed service like Amazon RDS, AWS is responsible for the 'security of the cloud'. This includes managing the underlying hardware, the host operating system, and applying patches to the database software. The customer is responsible for 'security in the cloud', which includes tasks like configuring network access controls (such as security groups), managing database user permissions, and defining the data schema. In this scenario, applying security patches to the database software is a key responsibility that AWS manages for the customer, relieving them of operational burden.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'security of the cloud' mean in the context of Amazon RDS?
What tasks fall under 'security in the cloud' for customers using Amazon RDS?
What other management tasks does AWS handle for Amazon RDS besides applying security patches?
A company is deploying its web applications on the cloud and wants to secure them against DDoS attacks. Which service is specifically designed to provide protection against such threats?
Security Hub
Shield
Inspector
GuardDuty
Answer Description
AWS Shield is specifically designed to protect against DDoS attacks. It offers two tiers: AWS Shield Standard, which provides automatic protections, and AWS Shield Advanced, which includes additional features for mitigating larger and more sophisticated attacks. Other services like Amazon Inspector and AWS Security Hub are focused on finding vulnerabilities and aggregating security alerts, respectively, but do not provide direct protection against DDoS attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a DDoS attack?
What is the difference between AWS Shield Standard and AWS Shield Advanced?
How does AWS Shield work to mitigate DDoS attacks?
Which service should a company select to deploy containerized applications with a fully managed orchestration service that integrates with the open-source system used for automating deployment, scaling, and management of containerized applications?
Amazon ECS
AWS Lambda
Amazon EKS
EC2 Instances
Answer Description
The correct service is Amazon EKS (Elastic Kubernetes Service), as it allows for the deployment, management, and scaling of containerized applications using Kubernetes on AWS without the need for the user to manage the Kubernetes control plane themselves. Amazon ECS (Elastic Container Service) also provides a managed container service but is not specifically tailored for Kubernetes, which is hinted at by the mention of open-source orchestration in the question. AWS Lambda is designed for serverless workloads, not for managing containerized applications with Kubernetes, and launching EC2 instances would require manual setup and management of Kubernetes, contrary to the 'fully managed' aspect mentioned in the question.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Kubernetes, and why is it important for containerized applications?
What is the difference between Amazon EKS and Amazon ECS?
What are the benefits of a fully managed orchestration service like Amazon EKS?
Which AWS purchasing option is MOST suitable for a workload that has variable start times, can be interrupted, and aims to minimize costs in a non-production environment?
Convertible Reserved Instances
On-Demand Instances with Scheduled Scaling
Spot Instances
Scheduled Reserved Instances
Answer Description
Spot Instances are the most suitable option for a workload with variable start times that can be interrupted and seeks to minimize costs, especially in a non-production environment. Spot Instances allow customers to take advantage of unused EC2 capacity at a reduced cost, up to 90% off the On-Demand price, with the caveat that the instances can be reclaimed by AWS with little notice if the capacity is needed elsewhere. This makes them ideal for flexible, interruptible workloads like development and testing. On-Demand Instances are better for workloads requiring immediate and uninterrupted capacity. Reserved Instances and Savings Plans provide cost savings for predictable, steady-state usage, but they come with a commitment, and they aren't typically the best fit for unpredictable, sporadic workloads that can tolerate interruptions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Spot Instances in AWS?
When does AWS reclaim Spot Instances, and how can users handle interruptions?
How do Spot Instances compare to On-Demand Instances in AWS?
An online news portal is preparing for an event that will cause unpredictable increases in viewer traffic. Which service should be utilized to ensure that compute capacity can scale without manual intervention to meet the fluctuating demand?
Allocating fixed clusters of compute instances in anticipation of highest expected load
Managing scalability manually through container orchestration with fluctuating load adjustments
Using a serverless compute platform that automatically scales and manages the compute fleet
Running containerized applications on a serverless engine with manual scaling policies
Answer Description
The best choice for unpredictable and variable traffic with spikes is a compute service that scales automatically without requiring manual intervention for provisioning or managing servers. This is where serverless computing shines, as it abstracts the servers away and automatically adjusts to the traffic. Lambda fits the bill as it automatically manages the underlying compute resources. While EC2 instances can scale, this process is not as immediate or seamless as with Lambda. Fargate provides a serverless container experience, but it still requires some configuration for scaling and does not scale as responsively as Lambda for sudden spikes. ECS on EC2 instances also provides scalability but requires more hands-on management compared to the automatic scaling provided by Lambda.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is serverless computing?
How does AWS Lambda handle scaling for variable traffic?
What is the difference between AWS Lambda and AWS Fargate in scaling?
If a company requires a solution to manage their cloud resources that can be version-controlled and reused across different environments, which method should they employ?
Command-Line Interface (CLI) scripts
Infrastructure as code (IaC)
Application Programming Interfaces (APIs) directly
AWS Management Console
Software Development Kits (SDKs)
Answer Description
Infrastructure as code (IaC) is the correct option because it allows for the automated provisioning and management of cloud resources through code, which can be version-controlled and reused. This is beneficial for maintaining consistency across multiple environments. Using the AWS Management Console is not ideal for tasks that need to be replicated or version-controlled, as it is a graphical interface designed for manual operations. Although programmatic access via APIs, SDKs, or CLI can also be automated, they do not inherently provide the same benefits of version control and reusability that are core to IaC.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Infrastructure as Code (IaC)?
What is the advantage of version control in IaC?
How does IaC differ from using the AWS Management Console?
Which AWS service is designed to provide scalable object storage for data backup, archiving, and analytics?
Amazon S3
Amazon FSx for Windows File Server
Amazon EFS
Amazon RDS
Answer Description
Amazon S3 (Simple Storage Service) is designed to provide scalable object storage for various purposes including data backup, archiving, and analytics. It offers different storage classes for cost and performance optimization. Amazon EFS (Elastic File System) is suitable for file storage, Amazon FSx for Windows File Server is optimized for Windows-based workloads, and Amazon RDS (Relational Database Service) is not a storage service but rather a managed database solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the different storage classes in Amazon S3?
How does Amazon S3 achieve scalability and durability?
What types of analytics can Amazon S3 support?
Your company has deployed a web application on Amazon EC2 instances. As part of your security compliance checks, you want to ensure that the operating system patches are up to date. Whose responsibility is it to maintain the operating system in this scenario?
The responsibility varies and must be specified in a service level agreement (SLA).
Both AWS and the customer are responsible for maintaining the operating system.
It is AWS's responsibility to maintain the operating system.
It is the customer's responsibility to maintain the operating system.
Answer Description
When using Amazon EC2, AWS is responsible for the infrastructure that runs all of the services offered in the AWS Cloud. This includes the hardware, the software that runs the virtualization environment, and the physical security of the data centers. However, the customer is responsible for the security in the cloud, which includes the operating system, applications, and data on the EC2 instances. Therefore, it falls to the customer to ensure that the operating system patches are kept up to date.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the shared responsibility model in AWS?
How can customers efficiently manage operating system patches on Amazon EC2?
What happens if a customer doesn't update their operating system on EC2?
A company seeks to improve customer experience by integrating a digital assistant into their website which can comprehend and respond to user inquiries naturally through text and voice. Which service should they employ to create this intelligent conversational agent capable of understanding context and engaging with users accordingly?
Kendra
SageMaker
Lex
DeepLens
Answer Description
The service designed for building conversational agents capable of voice and text interactions is Lex. It uses advanced deep learning to offer automatic speech recognition (ASR) and natural language understanding (NLU), allowing the creation of applications with highly interactive user experiences. SageMaker is more suited to general machine learning model development and training; Kendra provides enterprise search powered by machine learning, and DeepLens is a deep learning-enabled video camera for developing and deploying machine learning models.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are ASR and NLU in the context of Amazon Lex?
How is Amazon Lex different from Amazon SageMaker?
When should you use Amazon Kendra instead of Amazon Lex?
A company is required to adhere to strict financial service industry regulations and must provide documentation of their cloud infrastructure's compliance to auditors. Which service should be utilized to acquire the necessary compliance reports provided by the cloud service provider?
Configure the dedicated security service to generate compliance data.
Follow guidance available from the educational resources and certifications webpage.
Request documentation via the account management service.
Navigate through the central management dashboard for resource monitoring.
Check for relevant details on the cloud provider's compliance-focused informational webpage.
Download reports from the service offering on-demand access to compliance documents.
Answer Description
The correct service to use is AWS Artifact because it grants on-demand access to the necessary compliance documentation, such as reports for various certifications and third-party attestations that auditors frequently request. This dedicated portal is specifically designed for obtaining AWS-related compliance information. The other options are related to different aspects of cloud services, such as managing accounts or security, but they do not serve as repositories for compliance reports and certifications. While the AWS Compliance Solutions webpage might have relevant information, AWS Artifact is the go-to service for accessing and downloading the actual reports and agreements required for demonstrating compliance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Artifact?
How does AWS Artifact differ from other AWS compliance tools?
Can AWS Artifact be used to monitor ongoing compliance of my cloud infrastructure?
Which service is used to manage domain name system (DNS) traffic in the cloud?
Amazon Route 53
Amazon CloudFront
AWS Direct Connect
Amazon VPC
Answer Description
Amazon Route 53 is the service used to manage domain name system (DNS) traffic in the cloud. It translates domain names into IP addresses, directing user requests to the appropriate resources. CloudFront is a content delivery network (CDN) service, VPC (Virtual Private Cloud) is used for network isolation, and Direct Connect is used for establishing dedicated network connections between the cloud and on-premises environments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNS and why is it important?
How does Amazon Route 53 manage DNS traffic?
How is Route 53 different from CloudFront?
Your company plans to launch a new web application on AWS, which, once deployed, should independently adjust its resources to match actual traffic patterns, maintaining consistent performance. Which pillar of the AWS Well-Architected Framework best addresses this specific requirement?
Security
Performance Efficiency
Reliability
Operational Excellence
Answer Description
The Performance Efficiency pillar of the AWS Well-Architected Framework is the most relevant to this requirement. This pillar focuses on the efficient use of computing resources to meet system requirements and the ability to maintain that efficiency as demand changes and technologies evolve. Performance efficiency involves selecting appropriate resource types and using features such as auto scaling to adjust capacity up or down in response to load, ensuring the application maintains consistent performance. While the Reliability pillar includes best practices for scaling to prevent availability issues, its primary concern is resiliency. Operational Excellence and Security address different aspects such as operational insights and protecting workloads, respectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the AWS Performance Efficiency pillar?
How does Auto Scaling contribute to Performance Efficiency?
How does the Performance Efficiency pillar differ from the Reliability pillar?
Wow!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.