Exam overview
Category Foundational
Exam duration 90 minutes
Exam format 65 questions; either multiple choice or multiple response
Cost 100 USD
Test in-person or online
Languages offered English, Japanese, Korean, Simplified Chinese, Traditional Chinese, Bahasa (Indonesian), Spanish (Spain), Spanish (Latin America), French (France), German, Italian, and Portuguese (Brazil)
The AWS Certified Cloud Practitioner validates foundational, high-level understanding of AWS Cloud, services, and terminology. This is a good starting point on the AWS Certification journey for individuals with no prior IT or cloud experience switching to a cloud career or for line-of-business employees looking for foundational cloud literacy.
Prepare for the exam
Below are recommended steps you can follow to get ready for exam day. Note: AWS does not require you to take any specific AWS training as part of your exam prep.
Examkingdom Amazon AWS CLF-C02 Exam pdf,
Best Amazon AWS CLF-C02 Downloads, Amazon AWS CLF-C02 Dumps at Certkingdom.com
The exam validates a candidate’s ability to complete the following tasks:
* Explain the value of the AWS Cloud.
* Understand and explain the AWS shared responsibility model.
* Understand security best practices.
* Understand AWS Cloud costs, economics, and billing practices.
* Describe and position the core AWS services, including compute, network, database, and storage services.
* Identify AWS services for common use cases.
Recommended AWS knowledge
The target candidate should have AWS knowledge in the following areas:
* AWS Cloud concepts
* Security and compliance in the AWS Cloud
* Core AWS services
* Economics of the AWS Cloud
Content outline
This CLF-C02 exam guide includes weightings, content domains, and task statements for the exam. Refer to Appendix B for a comparison of the previous version (CLF-C01) and current version (CLF-C02) of the exam.
This guide does not provide a comprehensive list of the content on the exam. However, additional context for each task statement is available to help you prepare for the exam.
The exam has the following content domains and weightings:
* Domain 1: Cloud Concepts (24% of scored content)
* Domain 2: Security and Compliance (30% of scored content)
* Domain 3: Cloud Technology and Services (34% of scored content)
* Domain 4: Billing, Pricing, and Support (12% of scored content)
Domain 1: Cloud Concepts
Task Statement 1.1: Define the benefits of the AWS Cloud. Knowledge of:
* Value proposition of the AWS Cloud Skills in:
* Understanding the economies of scale (for example, cost savings)
* Understanding the benefits of global infrastructure (for example, speed of deployment, global reach)
* Understanding the advantages of high availability, elasticity, and agility
Task Statement 1.2: Identify design principles of the AWS Cloud. Knowledge of:
* AWS Well-Architected Framework Skills in:
* Understanding the pillars of the Well-Architected Framework (for example, operational excellence, security, reliability, performance efficiency, cost optimization, sustainability)
* Identifying differences between the pillars of the Well-Architected Framework
Task Statement 1.3: Understand the benefits of and strategies for migration to the AWS Cloud. Knowledge of:
* Cloud adoption strategies
* Resources to support the cloud migration journey
Skills in:
* Understanding the benefits of the AWS Cloud Adoption Framework (AWS CAF) (for example, reduced business risk; improved environmental, social, and governance (ESG) performance; increased revenue; increased operational efficiency)
* Identifying appropriate migration strategies (for example, database replication, use of AWS Snowball)
Task Statement 1.4: Understand concepts of cloud economics. Knowledge of:
* Aspects of cloud economics
* Cost savings of moving to the cloud
Skills in:
* Understanding the role of fixed costs compared with variable costs
* Understanding costs that are associated with on-premises environments
* Understanding the differences between licensing strategies (for example, Bring Your Own License [BYOL] model compared with included licenses)
* Understanding the concept of rightsizing
* Identifying benefits of automation (for example, provisioning and configuration management with AWS CloudFormation)
* Identifying managed AWS services (for example, Amazon RDS, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], Amazon DynamoDB)
Domain 2: Security and Compliance
Task Statement 2.1: Understand the AWS shared responsibility model. Knowledge of:
* AWS shared responsibility model
Skills in:
* Recognizing the components of the AWS shared responsibility model
* Describing the customer’s responsibilities on AWS
* Describing AWS responsibilities
* Describing responsibilities that the customer and AWS share
* Describing how AWS responsibilities and customer responsibilities can shift, depending on the service used (for example, Amazon RDS, AWS Lambda, Amazon EC2)
Task Statement 2.2: Understand AWS Cloud security, governance, and compliance concepts. Knowledge of:
* AWS compliance and governance concepts
* Benefits of cloud security (for example, encryption)
* Where to capture and locate logs that are associated with cloud security
Skills in:
* Identifying where to find AWS compliance information (for example, AWS Artifact)
* Understanding compliance needs among geographic locations or industries (for example, AWS Compliance)
* Describing how customers secure resources on AWS (for example, Amazon Inspector, AWS Security Hub, Amazon GuardDuty, AWS Shield)
* Identifying different encryption options (for example, encryption in transit, encryption at rest)
* Recognizing services that aid in governance and compliance (for example, monitoring with Amazon CloudWatch; auditing with AWS CloudTrail, AWS Audit Manager, and AWS Config; reporting with access reports)
* Recognizing compliance requirements that vary among AWS services
Task Statement 2.3: Identify AWS access management capabilities. Knowledge of:
* Identity and access management (for example, AWS Identity and Access Management [IAM])
* Importance of protecting the AWS root user account
* Principle of least privilege
* AWS IAM Identity Center (AWS Single Sign-On)
Skills in:
* Understanding access keys, password policies, and credential storage (for example, AWS Secrets Manager, AWS Systems Manager)
* Identifying authentication methods in AWS (for example, multi-factor authentication [MFA], IAM Identity Center, cross-account IAM roles)
* Defining groups, users, custom policies, and managed policies in compliance with the principle of least privilege
* Identifying tasks that only the account root user can perform
* Understanding which methods can achieve root user protection
* Understanding the types of identity management (for example, federated)
Task Statement 2.4: Identify components and resources for security. Knowledge of:
* Security capabilities that AWS provides
* Security-related documentation that AWS provides
Skills in:
* Describing AWS security features and services (for example, security groups, network ACLs, AWS WAF)
* Understanding that third-party security products are available from AWS Marketplace
* Identifying where AWS security information is available (for example, AWS Knowledge Center, AWS Security Center, AWS Security Blog)
* Understanding the use of AWS services for identifying security issues (for example, AWS Trusted Advisor)
Domain 3: Cloud Technology and Services
Task Statement 3.1: Define methods of deploying and operating in the AWS Cloud. Knowledge of:
* Different ways of provisioning and operating in the AWS Cloud
* Different ways to access AWS services
* Types of cloud deployment models
* Connectivity options
Skills in:
* Deciding between options such as programmatic access (for example, APIs, SDKs, CLI), the AWS Management Console, and infrastructure as code (IaC)
* Evaluating requirements to determine whether to use one-time operations or repeatable processes
* Identifying different deployment models (for example, cloud, hybrid, on-premises)
* Identifying connectivity options (for example, AWS VPN, AWS Direct Connect, public internet)
Task Statement 3.2: Define the AWS global infrastructure. Knowledge of:
* AWS Regions, Availability Zones, and edge locations
* High availability
* Use of multiple Regions
* Benefits of edge locations
* AWS Wavelength Zones and AWS Local Zones
Skills in:
* Describing relationships among Regions, Availability Zones, and edge locations
* Describing how to achieve high availability by using multiple Availability Zones
* Recognizing that Availability Zones do not share single points of failure
* Describing when to use multiple Regions (for example, disaster recovery, business continuity, low latency for end users, data sovereignty)
* Describing at a high level the benefits of edge locations (for example, Amazon CloudFront, AWS Global Accelerator)
Task Statement 3.3: Identify AWS compute services. Knowledge of:
* AWS compute services
Skills in:
* Recognizing the appropriate use of different EC2 instance types (for example, compute optimized, storage optimized)
* Recognizing the appropriate use of different container options (for example, Amazon ECS, Amazon EKS)
* Recognizing the appropriate use of different serverless compute options (for example, AWS Fargate, Lambda)
* Recognizing that auto scaling provides elasticity
* Identifying the purposes of load balancers
Task Statement 3.4: Identify AWS database services. Knowledge of:
* AWS database services
* Database migration
Skills in:
* Deciding when to use EC2 hosted databases or AWS managed databases
* Identifying relational databases (for example, Amazon RDS, Amazon Aurora)
* Identifying NoSQL databases (for example, DynamoDB)
* Identifying memory-based databases
* Identifying database migration tools (for example AWS Database Migration Service [AWS DMS], AWS Schema Conversion Tool [AWS SCT])
Task Statement 3.5: Identify AWS network services. Knowledge of:
* AWS network services
Skills in:
* Identifying the components of a VPC (for example, subnets, gateways)
* Understanding security in a VPC (for example, network ACLs, security groups)
* Understanding the purpose of Amazon Route 53
* Identifying edge services (for example, CloudFront, Global Accelerator)
* Identifying network connectivity options to AWS (for example AWS VPN, Direct Connect)
Task Statement 3.6: Identify AWS storage services. Knowledge of:
* AWS storage services
Skills in:
* Identifying the uses for object storage
* Recognizing the differences in Amazon S3 storage classes
* Identifying block storage solutions (for example, Amazon Elastic Block Store [Amazon EBS], instance store)
* Identifying file services (for example, Amazon Elastic File System [Amazon EFS], Amazon FSx)
* Identifying cached file systems (for example, AWS Storage Gateway)
* Understanding use cases for lifecycle policies
* Understanding use cases for AWS Backup
Task Statement 3.7: Identify AWS artificial intelligence and machine learning (AI/ML) services and analytics services. Knowledge of:
* AWS AI/ML services
* AWS analytics services
Skills in:
* Understanding the different AI/ML services and the tasks that they accomplish (for example, Amazon SageMaker, Amazon Lex, Amazon Kendra)
* Identifying the services for data analytics (for example, Amazon Athena, Amazon Kinesis, AWS Glue, Amazon QuickSight)
Task Statement 3.8: Identify services from other in-scope AWS service categories. Knowledge of:
* Application integration services of Amazon EventBridge, Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Queue Service (Amazon SQS)
* Business application services of Amazon Connect and Amazon Simple Email Service (Amazon SES)
* Customer engagement services of AWS Activate for Startups, AWS IQ, AWS Managed Services (AMS), and AWS Support
* Developer tool services and capabilities of AWS AppConfig, AWS Cloud9, AWS CloudShell, AWS CodeArtifact, AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, AWS CodePipeline, AWS CodeStar, and AWS X-Ray
* End-user computing services of Amazon AppStream 2.0, Amazon WorkSpaces, and Amazon WorkSpaces Web
* Frontend web and mobile services of AWS Amplify and AWS AppSync
* IoT services of AWS IoT Core and AWS IoT Greengrass
Skills in:
* Choosing the appropriate service to deliver messages and to send alerts and notifications
* Choosing the appropriate service to meet business application needs
* Choosing the appropriate service for AWS customer support
* Choosing the appropriate option for business support assistance
* Identifying the tools to develop, deploy, and troubleshoot applications
* Identifying the services that can present the output of virtual machines (VMs) on end-user machines
* Identifying the services that can create and deploy frontend and mobile services
* Identifying the services that manage IoT devices
Domain 4: Billing, Pricing, and Support
Task Statement 4.1: Compare AWS pricing models. Knowledge of:
* Compute purchasing options (for example, On-Demand Instances, Reserved Instances, Spot Instances, Savings Plans, Dedicated Hosts, Dedicated Instances, Capacity Reservations)
* Data transfer charges
* Storage options and tiers
Skills in:
* Identifying and comparing when to use various compute purchasing options
* Describing Reserved Instance flexibility
* Describing Reserved Instance behavior in AWS Organizations
* Understanding incoming data transfer costs and outgoing data transfer costs (for example, from one Region to another Region, within the same Region)
* Understanding different pricing options for various storage options and tiers
Task Statement 4.2: Understand resources for billing, budget, and cost management. Knowledge of:
* Billing support and information
* Pricing information for AWS services
* AWS Organizations
* AWS cost allocation tags
Skills in:
* Understanding the appropriate uses and capabilities of AWS Budgets, AWS Cost Explorer, and AWS Billing Conductor
* Understanding the appropriate uses and capabilities of AWS Pricing Calculator
* Understanding AWS Organizations consolidated billing and allocation of costs
* Understanding various types of cost allocation tags and their relation to billing reports (for example, AWS Cost and Usage Report)
Task Statement 4.3: Identify AWS technical resources and AWS Support options.Knowledge of:
* Resources and documentation available on official AWS websites
* AWS Support plans
* Role of the AWS Partner Network, including independent software vendors and system integrators
* AWS Support Center
Skills in:
* Locating AWS whitepapers, blogs, and documentation on official AWS websites
* Identifying and locating AWS technical resources (for example AWS Prescriptive Guidance, AWS Knowledge Center, AWS re:Post)
* Identifying AWS Support options for AWS customers (for example, customer service and communities, AWS Developer Support, AWS Business Support, AWS Enterprise On-Ramp Support, AWS Enterprise Support)
* Identifying the role of Trusted Advisor, AWS Health Dashboard, and the AWS Health API to help manage and monitor environments for cost optimization
* Identifying the role of the AWS Trust and Safety team to report abuse of AWS resources
* Understanding the role of AWS Partners (for example AWS Marketplace, independent software vendors, system integrators)
* Identifying the benefits of being an AWS Partner (for example, partner training and certification, partner events, partner volume discounts)
* Identifying the key services that AWS Marketplace offers (for example, cost management, governance and entitlement)
* Identifying technical assistance options available at AWS (for example, AWS Professional Services, AWS Solutions Architects)
Sample Questions
QUESTION 1
Which database engine is compatible with Amazon RDS?
A. Apache Cassandra
B. MongoDB
C. Neo4j
D. PostgreSQL
Answer: D
Explanation:
Amazon RDS supports six database engines: Amazon Aurora, MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server. Apache Cassandra, MongoDB, and Neo4j are not compatible with Amazon RDS. Therefore, the correct answer is D. You can learn more about Amazon RDS and its supported database engines from this page.
QUESTION 2
A company needs to run code in response to an event notification that occurs when objects are uploaded to an Amazon S3 bucket.
Which AWS service will integrate directly with the event notification?
A. AWS Lambda
B. Amazon EC2
C. Amazon Elastic Container Registry (Amazon ECR)
D. AWS Elastic Beanstalk
Answer: A
Explanation:
AWS Lambda is a service that lets you run code without provisioning or managing servers. You can use Lambda to process event notifications from Amazon S3 when objects are uploaded or deleted.
Lambda integrates directly with the event notification and invokes your code automatically. Therefore, the correct answer is A.
QUESTION 3
A company wants to centrally manage security policies and billing services within a multi-account
AWS environment. Which AWS service should the company use to meet these requirements?
A. AWS Identity and Access Management (1AM)
B. AWS Organizations
C. AWS Resource Access Manager (AWS RAM)
D. AWS Config
Answer: B
Explanation:
AWS Organizations is a service that helps you centrally manage and govern your environment as you grow and scale your AWS resources. You can use AWS Organizations to create groups of accounts and
apply policies to them. You can also use AWS Organizations to consolidate billing for multiple accounts. Therefore, the correct answer is B. You can learn more about AWS Organizations and its features from this page.
QUESTION 4
What are the characteristics of Availability Zones? (Select TWO.)
A. All Availability Zones in an AWS Region are interconnected with high-bandwidth, low-latency networking
B. Availability Zones are physically separated by a minimum of distance of 150 km (100 miles).
C. All traffic between Availability Zones is encrypted.
D. Availability Zones within an AWS Region share redundant power, networking, and connectivity.
E. Every Availability Zone contains a single data center.
Answer: A, D
Explanation:
Availability Zones are physically separate locations within an AWS Region that are engineered to be isolated from failures. Each Availability Zone has independent power, cooling, and physical security,
and is connected to other Availability Zones in the same Region by a low-latency network. Therefore, the correct answers are A and D. You can learn more about Availability Zones and their characteristics from this page.
QUESTION 5
Which AWS Well-Architected Framework concept represents a system’s ability to remain functional when the system encounters operational problems?
A. Consistency
B. Elasticity
C. Durability
D. Latency
Answer: B
Explanation:
The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating systems in the cloud. The framework consists of five pillars: operational excellence,
security, reliability, performance efficiency, and cost optimization. The concept of elasticity represents a systems ability to adapt to changes in demand by scaling resources up or down
automatically. Therefore, the correct answer is B. You can learn more about the AWS Well- Architected Framework and its pillars from this page.
QUESTION 6
Which AWS service or tool does AWS Control Tower use to create resources?
A. AWS CloudFormation
B. AWS Trusted Advisor
C. AWS Directory Service
D. AWS Cost Explorer
Answer: A
Explanation:
AWS Control Tower uses AWS CloudFormation to create resources in your landing zone. AWS CloudFormation is a service that helps you model and set up your AWS resources using templates.
AWS Control Tower supports creating AWS::ControlTower::EnabledControl resources in AWS CloudFormation. Therefore, the correct answer is A. You can learn more about AWS Control Tower and AWS CloudFormation from this page.
QUESTION 7
What are some advantages of using Amazon EC2 instances lo host applications in the AWS Cloud instead of on premises? (Select TWO.)
A. EC2 includes operating system patch management
B. EC2 integrates with Amazon VPC. AWS CloudTrail, and AWS Identity and Access Management (1AM)
C. EC2 has a 100% service level agreement (SLA).
D. EC2 has a flexible, pay-as-you-go pricing model.
E. EC2 has automatic storage cost optimization.
Answer: B, D
QUESTION 8
Which option is an advantage of AWS Cloud computing that minimizes variable costs?
A. High availability
B. Economies of scale
C. Global reach
D. Agility
Answer: B
Students Reviews / Discussion
TRIBEDY PIGUSH – Dhaka – Highly Voted 1 week,
Passed with 786. Around 75-80% of questions are from here. but with more questions.
upvoted 19 times
Dimitris Ramos – Greece – 5 Days, Highly Voted
Total how many questioned are asked in the exam?
upvoted 2 times
Qwaku Ofoe – United States- 2 Week
can you tell me which answer is correct? the one that was provided by Certkingdom or the one that was highly voted? what is the voting comment that is highlighted by yellow?
upvoted 1 times
Jose Lindo Meza – Peru- 1 months ago
Hi Certkingdom team, thanks for adding this. Much appreciated.
upvoted 11 times
Chun Ting Chan – Hong Kong – 3 days, 5 hours ago
tnx Certkingdom, passed with 884, my questions were 99% from here.
be sure to read the comments below each question
upvoted 2 times
Steven Strasburg – United States Virginia – 2 weeks, 6 days ago
Passed with 897. My questions were 100% from here. Thanks certkingdom team!
upvoted 4 times
Jonathan Ellery – Netherlands – 1 month, 1 week ago
passed tday…its all good.
upvoted 2 times
Martini Sam – Netherlands -1 months, 1 weeks ago
Passed with 897. My questions were 100% from here. Thanks Certkingdom!
upvoted 4 times
