CertPrepNowFREE
AWSCLF-C02Updated 2026-05-27

CLF-C02 Study Guide

Everything you need to pass the AWS Certified Cloud Practitioner exam. Structured study plans, key services, common traps, and practice questions.

You Can Pass This Exam For Free

The CLF-C02 exam is passable with free resources alone if you study consistently for 2–4 weeks:

  • AWS official exam guide (free PDF)
  • AWS Cloud Practitioner Essentials course (free, 6 hours)
  • AWS documentation for service details
  • 500+ free practice questions on this site

Paid courses can save time by providing a structured path, but they are not required to pass.

Choose Your Study Path

No prior cloud experience. You'll build foundational knowledge from scratch.

Day 1–3Learn cloud basics: what is cloud computing, IaaS/PaaS/SaaS, shared responsibility model
Day 4–5Core services deep dive: IAM, EC2, S3, VPC, Lambda
Day 6–7Security fundamentals: IAM policies, encryption, compliance, CloudTrail
Day 8–9Billing and pricing: Free Tier, pricing models, Cost Explorer, Budgets
Day 10–11Practice questions by domain, review explanations carefully
Day 12–13Take mock exams, review weak domains
Day 14Final review: focus on common traps and confusing service pairs

Exam Overview

Format

65 questions, 90 minutes. Multiple choice (4 options, 1 correct) and multiple response (5–6 options, 2–3 correct).

Scoring

Scaled score 100–1000. Passing: 700. No penalty for wrong answers — always guess if unsure.

Domains & Weights

  • Cloud Concepts24%
  • Security and Compliance30%
  • Cloud Technology and Services34%
  • Billing and Pricing12%

Registration

$100 USD. Available at Pearson VUE testing centers or online proctored from home.

Topic Priority Table

Not all topics are tested equally. Focus your study time on Tier 1 first, then Tier 2. Tier 3 topics rarely appear — just recognize what they do.

Tier 1: Must KnowYou must understand what these do, when to use them, and their key features.
Tier 2: Should KnowUnderstand what they do and basic use cases. May appear in 2–5 questions.
Tier 3: Recognize OnlyKnow what they do at a high level. Rarely more than 1–2 questions each.
Domain 124% of exam

Cloud Concepts

This domain tests your understanding of fundamental cloud computing concepts, the AWS value proposition, and cloud architecture principles. It's the broadest domain and the best place to start studying.

Key Topics

AWS Well-Architected FrameworkAWS Cloud Adoption FrameworkCloud Value Proposition

Must-Know Concepts

  • Six advantages of cloud computing (trade capital for variable expense, benefit from economies of scale, stop guessing capacity, increase speed and agility, stop spending money running data centers, go global in minutes)
  • Cloud deployment models: public, private, hybrid
  • IaaS vs PaaS vs SaaS — know examples of each
  • AWS Well-Architected Framework six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability
  • Elasticity vs scalability — both vertical and horizontal scaling

Common Exam Traps

The Well-Architected Framework has 6 pillars (not 5) — Sustainability was added in 2021
'Agility' in AWS context means speed to deploy new resources, not Agile methodology
Hybrid cloud means using both on-premises AND cloud — it does NOT mean multi-cloud
Quick Check: Cloud Concepts

Question 1 of 3

A company wants to eliminate upfront hardware costs and only pay for resources as they use them. Which cloud computing advantage does this describe?

Domain 230% of exam

Security and Compliance

The largest domain at 30%. Tests your understanding of the shared responsibility model, IAM, data protection, and AWS compliance programs. Security is fundamental to every AWS service, so expect security concepts to appear in other domains too.

Key Topics

IAMKMSCloudTrailAWS ConfigGuardDutyShieldWAFMacie

Must-Know Concepts

  • Shared Responsibility Model: AWS manages security OF the cloud (hardware, facilities, networking); you manage security IN the cloud (data, access, OS patching, encryption)
  • IAM best practices: use MFA, least privilege, roles over users, avoid root account for daily tasks
  • Encryption at rest (KMS, S3 SSE) vs encryption in transit (TLS/SSL, ACM)
  • AWS compliance programs: SOC, PCI DSS, HIPAA, FedRAMP
  • Security services: GuardDuty (threat detection), Inspector (vulnerability scanning), Macie (data privacy for S3)

Common Exam Traps

The root account should ONLY be used for account setup — never for daily tasks
SCPs in AWS Organizations restrict what member accounts can do but don't grant permissions
Shield Standard is free and automatic; Shield Advanced costs money and adds DDoS response team
Data encryption is the CUSTOMER's responsibility, not AWS's
Quick Check: Security and Compliance

Question 1 of 3

Under the AWS Shared Responsibility Model, which of the following is the customer's responsibility?

Domain 334% of exam

Cloud Technology and Services

The heaviest domain at 34%. Covers AWS compute, storage, networking, database, and other core services. You need to know which service to use for which scenario, not how to configure them in detail.

Key Topics

EC2LambdaS3EBSEFSVPCRDSDynamoDBCloudFrontRoute 53SQSSNS

Must-Know Concepts

  • Compute options: EC2 (VMs), Lambda (serverless), ECS/EKS (containers), Elastic Beanstalk (PaaS)
  • Storage types: S3 (object), EBS (block for EC2), EFS (shared file), and their use cases
  • Database types: RDS (relational), DynamoDB (NoSQL), Redshift (analytics), ElastiCache (caching)
  • Networking: VPC, subnets, internet gateways, NAT gateways, Route 53 for DNS
  • Regions vs Availability Zones vs Edge Locations

Common Exam Traps

EBS volumes are tied to a single AZ — they cannot span AZs
S3 is object storage, NOT block storage — you cannot install an OS on S3
Lambda timeout is 15 minutes max — not suitable for long-running processes
NAT Gateway allows private subnet resources to reach the internet, but internet cannot initiate connections back
Quick Check: Cloud Technology and Services

Question 1 of 3

A company needs to run short-lived data processing jobs that complete within 5 minutes and only occur a few times per day. Which compute option is most cost-effective?

Domain 412% of exam

Billing and Pricing

The smallest domain at 12%, but don't underestimate it — these are free points if you study. Covers AWS pricing models, cost management tools, and support plans. Many people lose easy points here by skipping this domain.

Key Topics

AWS Free TierCost ExplorerBudgetsCost and Usage ReportPricing Calculator

Must-Know Concepts

  • Three pricing fundamentals: pay-as-you-go, save when you reserve, pay less as you use more (volume discounts)
  • EC2 pricing: On-Demand, Reserved (1 or 3 year), Spot (up to 90% off, can be interrupted), Savings Plans
  • Free Tier types: Always free (Lambda 1M requests/month), 12 months free (EC2 750 hours/month of t2.micro or t3.micro depending on region), Trials
  • Support plans: Basic (free), Developer, Business, Enterprise — know what each includes
  • Consolidated billing in AWS Organizations: combined usage for volume discounts

Common Exam Traps

Spot Instances can be terminated by AWS with 2-minute notice — never use for critical workloads
Data transfer INTO AWS is free; data transfer OUT is charged
Basic support includes Trusted Advisor core checks only — full checks need Business or higher
Reserved Instances can be Standard (cheaper, less flexible) or Convertible (pricier, can change instance family)
Quick Check: Billing and Pricing

Question 1 of 3

A company runs batch processing jobs that can tolerate interruptions and wants to minimize compute costs. Which EC2 pricing model should they use?

Confusing AWS Services Compared

These pairs appear on nearly every exam. Learn the difference and you'll avoid the most common traps.

Security Group vs NACL

Use Security Group when…

You want instance-level firewall rules that automatically allow return traffic (stateful). Default: deny all inbound, allow all outbound.

Use NACL when…

You need subnet-level rules with explicit allow/deny and you want to block specific IP addresses. Stateless — you must define both inbound and outbound rules.

Exam trap

Security Groups are stateful (return traffic auto-allowed). NACLs are stateless (you must explicitly allow return traffic). The exam loves testing this distinction.

CloudFront vs Global Accelerator

Use CloudFront when…

You need to cache static content (images, videos, files) at edge locations close to users worldwide.

Use Global Accelerator when…

You need to optimize TCP/UDP traffic for dynamic, non-cacheable applications like gaming or VoIP.

Exam trap

CloudFront caches content; Global Accelerator routes traffic. If the question mentions 'caching' or 'static content,' it's CloudFront.

S3 Standard-IA vs S3 Glacier

Use S3 Standard-IA when…

Data is accessed infrequently but needs millisecond retrieval when requested. Lower storage cost than Standard.

Use S3 Glacier when…

Archive data that's rarely accessed. Three tiers: Glacier Instant Retrieval (milliseconds), Glacier Flexible Retrieval (minutes–hours), Glacier Deep Archive (hours). Lowest storage costs.

Exam trap

There are three Glacier tiers: Instant Retrieval (milliseconds), Flexible Retrieval (minutes–hours), and Deep Archive (hours). When a question says 'Glacier' without a qualifier and asks about slow retrieval, it usually means Flexible Retrieval or Deep Archive. If it says 'millisecond retrieval of rarely accessed data,' consider Glacier Instant Retrieval.

CloudWatch vs CloudTrail

Use CloudWatch when…

You want to monitor resource performance — CPU usage, memory, latency, error rates — and set up alarms.

Use CloudTrail when…

You need to audit who did what — API calls, logins, configuration changes — for security and compliance.

Exam trap

CloudWatch = performance monitoring (HOW). CloudTrail = activity logging (WHO/WHAT). Nearly every exam has a question confusing these two.

Reserved Instances vs Savings Plans

Use Reserved Instances when…

You know the exact instance type, Region, and OS you'll use for 1–3 years. Up to 72% savings.

Use Savings Plans when…

You want flexible savings across instance types, Regions, and compute services (EC2, Fargate, Lambda). Up to 72% savings.

Exam trap

Savings Plans are more flexible than Reserved Instances. If the question says 'flexibility across services,' choose Savings Plans.

IAM User vs IAM Role

Use IAM User when…

A specific person or application needs long-term AWS access with permanent credentials.

Use IAM Role when…

A service, application, or cross-account access needs temporary credentials. No permanent passwords or access keys.

Exam trap

Best practice: use Roles over Users whenever possible. If a question asks for 'least privilege' or 'temporary access,' the answer is likely IAM Role.

AWS Organizations vs IAM Identity Center

Use AWS Organizations when…

You need to manage multiple AWS accounts, apply service control policies (SCPs), and use consolidated billing.

Use IAM Identity Center when…

You need single sign-on (SSO) for users to access multiple AWS accounts and business applications.

Exam trap

Organizations manages accounts and policies. Identity Center (formerly AWS SSO) manages people and login. They work together but serve different purposes. Both names may appear in study materials.

Top Mistakes to Avoid

Confusing CloudWatch (performance monitoring) with CloudTrail (activity logging)
Thinking Security Groups are stateless — they are stateful (return traffic auto-allowed)
Forgetting that IAM is a global service, not Region-specific
Confusing S3 storage classes: Standard-IA needs millisecond access, Glacier does not
Assuming Reserved Instances always save money — you need predictable, steady-state usage
Mixing up horizontal scaling (more instances) with vertical scaling (bigger instance)
Thinking Shared Responsibility means AWS handles everything — customers own their data and access configuration
Not knowing that data transfer IN is free but data transfer OUT is charged

Exam-Ready Checklist

Can explain all 4 exam domains and their relative weights
Know the Shared Responsibility Model cold — who is responsible for what
Can identify the right AWS service for common scenarios (compute, storage, database, networking)
Understand all EC2 pricing models and when to use each
Know the difference between all confusing service pairs listed above
Scored 80%+ on at least two full mock exams
Reviewed all incorrect answers and understand why the right answer is right
Can complete the exam within time: average 1.5 minutes per question

Recommended Resources

Free & Official Resources

AWS CLF-C02 Official Exam Guide

Official exam domains, question types, and sample questions from AWS.

Official

AWS Cloud Practitioner Essentials (Free Course)

Free 6-hour official course covering all exam domains.

Official

AWS Skill Builder Free Tier

Free digital training with 500+ courses including exam prep.

Official

AWS Documentation

Official documentation for every AWS service — your definitive reference.

Official

AWS Free Tier

Hands-on practice with AWS services for free. Nothing beats real experience.

Official

Paid Courses & Practice Exams

These are recommended if you prefer a structured learning path. They can save time but are not required to pass.

Stephane Maarek — AWS Cloud Practitioner (Udemy)

Bestselling course with 30+ hours of content. Great for visual learners.

Paid

A Cloud Guru (Pluralsight) — AWS Cloud Practitioner

Structured learning path with hands-on labs and practice exams.

Paid

Tutorials Dojo — AWS Cloud Practitioner Practice Exams

High-quality practice exams that closely match real exam difficulty.

Paid

Frequently Asked Questions