The AWS Certified Cloud Practitioner (CLF-C02) is the entry-level certification in the AWS certification path. It validates foundational knowledge of AWS Cloud concepts, core services, security, and pricing models. While it is labeled "entry level," passing it requires more than surface familiarity — the exam expects you to distinguish between services, understand shared responsibility, and reason through cost and architecture trade-offs.
This guide covers all four exam domains, key services, common question patterns, and a realistic study timeline.
Exam Overview
The CLF-C02 exam contains 65 questions (50 scored, 15 unscored), with a 90-minute time limit. The passing score is 700 out of 1000. Questions are multiple choice or multiple response. The exam is available in testing centers and via online proctoring.
Domain Weights
| Domain | Weight |
|---|---|
| Domain 1: Cloud Concepts | 24% |
| Domain 2: Security and Compliance | 30% |
| Domain 3: Cloud Technology and Services | 34% |
| Domain 4: Billing, Pricing, and Support | 12% |
Domain 3 carries the most weight, but Domain 2 (Security and Compliance) is where many candidates lose points. Security concepts permeate every other domain as well.
Domain 1: Cloud Concepts (24%)
This domain tests whether you understand why cloud computing exists and what distinguishes it from traditional on-premises IT.
Core Cloud Concepts
The six advantages of cloud computing defined by AWS are foundational:
- Trade fixed expense for variable expense
- Benefit from massive economies of scale
- Stop guessing capacity
- Increase speed and agility
- Stop spending money running and maintaining data centers
- Go global in minutes
You should be able to match each advantage to a real scenario. For example, a question describing a startup that pays only for what it uses maps to "trade fixed expense for variable expense."
Cloud Deployment Models
Three models appear frequently in questions:
- Public cloud: Resources are owned and operated by AWS, delivered over the internet
- Private cloud: Resources used exclusively by one organization, operated on-premises or by a third party
- Hybrid cloud: Combination of public cloud and on-premises infrastructure connected via networking
Well-Architected Framework
The six pillars — Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability — each have specific design principles. Questions often present a scenario and ask which pillar is being addressed. Reliability questions commonly involve multi-AZ deployments. Cost Optimization questions involve right-sizing or Reserved Instances.
Domain 2: Security and Compliance (30%)
This is the highest-value domain after Technology and Services, and it is also the one where exam language is most precise. A missed word in a question about the Shared Responsibility Model can send you to the wrong answer.
Shared Responsibility Model
AWS is responsible for security of the cloud. Customers are responsible for security in the cloud.
| AWS Responsibility | Customer Responsibility |
|---|---|
| Physical security of data centers | IAM configuration |
| Hypervisor and host OS | Encryption of customer data |
| Hardware, networking, and facilities | Operating system patching (EC2) |
| Managed service security (RDS OS patching) | Application-level security |
The distinction between managed services matters here. With Amazon RDS, AWS patches the database engine. With EC2, the customer patches the OS. With Lambda, AWS manages the execution environment entirely.
IAM Core Concepts
- Users: Individual identities with long-term credentials
- Groups: Collections of users sharing the same permissions
- Roles: Identities assumed by services or federated users, no long-term credentials
- Policies: JSON documents defining allowed or denied actions
Least privilege is a recurring exam theme. The exam expects you to know that the root account should not be used for everyday tasks and that MFA should be enabled on the root account.
AWS Compliance Programs
AWS maintains compliance certifications including SOC 1/2/3, PCI DSS, HIPAA eligibility, ISO 27001, and FedRAMP. AWS Artifact is the service where customers download compliance reports and agreements.
Key Security Services
- AWS Shield: DDoS protection. Standard is free; Advanced adds response team access and financial protection
- AWS WAF: Web application firewall for HTTP/HTTPS traffic filtering
- Amazon Inspector: Automated vulnerability scanning for EC2 and container images
- Amazon GuardDuty: Threat detection using machine learning, analyzing CloudTrail, VPC Flow Logs, and DNS logs
- AWS CloudTrail: API activity logging across the account
- AWS Config: Tracks configuration changes over time
Domain 3: Cloud Technology and Services (34%)
This domain requires the broadest knowledge. You need to know what each major service does, when to use it, and what category it belongs to.
Compute Services
| Service | Use Case |
|---|---|
| Amazon EC2 | Virtual machines, full OS control |
| AWS Lambda | Serverless, event-driven, short-duration functions |
| Amazon ECS | Container orchestration with EC2 or Fargate |
| Amazon EKS | Kubernetes on AWS |
| AWS Fargate | Serverless container execution |
| AWS Elastic Beanstalk | PaaS, deploys and manages application infrastructure |
A frequent question type: "A developer wants to run code without managing servers" — the answer is Lambda or Fargate depending on context.
Storage Services
- Amazon S3: Object storage, eleven 9s of durability, global namespace
- Amazon EBS: Block storage attached to EC2 instances
- Amazon EFS: Managed network file system for Linux workloads
- Amazon S3 Glacier: Archival storage, retrieval times from minutes to hours
- AWS Storage Gateway: Hybrid storage connecting on-premises to AWS
Database Services
- Amazon RDS: Managed relational databases (MySQL, PostgreSQL, Oracle, SQL Server, MariaDB)
- Amazon Aurora: AWS-built relational database, MySQL and PostgreSQL compatible, higher performance
- Amazon DynamoDB: Managed NoSQL, key-value and document
- Amazon ElastiCache: In-memory caching (Redis or Memcached)
- Amazon Redshift: Data warehouse for analytics
Networking Services
- Amazon VPC: Isolated virtual network within AWS
- Amazon Route 53: DNS service, also handles health checks and routing policies
- Amazon CloudFront: CDN for caching content closer to users
- AWS Direct Connect: Dedicated private network connection from on-premises to AWS
- Elastic Load Balancing: Distributes traffic across multiple targets
Management and Monitoring
- Amazon CloudWatch: Metrics, logs, alarms, and dashboards
- AWS CloudFormation: Infrastructure as code, template-driven provisioning
- AWS Systems Manager: Operational management, patch management, run command
- AWS Trusted Advisor: Recommends improvements across cost, security, performance, and fault tolerance
Domain 4: Billing, Pricing, and Support (12%)
Although this domain carries the smallest weight, questions here tend to be straightforward once you learn the pricing models and tools.
AWS Pricing Models
- On-Demand: Pay per hour or second, no commitment, highest per-unit cost
- Reserved Instances: 1- or 3-year commitment, up to 72% discount
- Spot Instances: Bid on unused capacity, up to 90% discount, can be interrupted
- Savings Plans: Flexible discount model based on compute usage commitment
- Dedicated Hosts: Physical server dedicated to your use, often for licensing compliance
Cost Management Tools
- AWS Cost Explorer: Visualize historical spend and forecast future costs
- AWS Budgets: Set alerts when costs or usage exceed thresholds
- AWS Pricing Calculator: Estimate monthly costs before deploying
- AWS Cost and Usage Report: Detailed line-item billing data
Support Plans
| Plan | Price | Notable Features |
|---|---|---|
| Basic | Free | Documentation, forums, Trusted Advisor (7 checks) |
| Developer | ~$29/month | Business hours email support |
| Business | ~$100/month | 24/7 phone, chat, email; full Trusted Advisor |
| Enterprise On-Ramp | ~$5,500/month | Pool of Technical Account Managers |
| Enterprise | ~$15,000/month | Dedicated TAM, concierge support |
The Business plan is the minimum tier to get access to the full set of Trusted Advisor checks and the AWS Health API.
What to Skip
The CLF-C02 does not test deep implementation knowledge. You do not need to know:
- How to configure an EC2 security group rule by CIDR block
- Specific API calls or SDK methods
- DynamoDB partition key design patterns
- Lambda cold start optimization
Focus on service recognition and use-case matching, not deep configuration details.
Common Question Patterns
Pattern 1: "Which service should you use?" — These map to service categories. Know compute, storage, database, networking, and security services cold.
Pattern 2: "Who is responsible for X?" — Always runs through the Shared Responsibility Model.
Pattern 3: "How can you reduce costs?" — Matches to Reserved Instances, Spot Instances, Savings Plans, or right-sizing.
Pattern 4: "A company needs compliance reports" — AWS Artifact.
Pattern 5: "A company wants to stop guessing capacity" — Auto Scaling, Elastic Load Balancing, or cloud elasticity as a concept.
"The Cloud Practitioner exam rewards candidates who understand AWS conceptually — why services exist, not just what they're named. Candidates who treat it as a memorization exercise consistently underperform on scenario questions." — Jon Bonso, Tutorials Dojo founder and author of the most-used CLF-C02 practice exams
Study Timeline
Recommended: 3-4 weeks for someone with no cloud background; 1-2 weeks for IT professionals.
| Week | Focus |
|---|---|
| Week 1 | Cloud concepts, Shared Responsibility Model, IAM |
| Week 2 | Core services: compute, storage, databases, networking |
| Week 3 | Security services, billing, pricing, support plans |
| Week 4 | Practice exams, review weak areas, re-read exam guide |
Take at least two full-length practice exams before sitting the real exam. Review every wrong answer by reading the official documentation for that service. Do not simply memorize correct answers — understand the reasoning.
See also: AWS Solutions Architect Associate (SAA-C03) Study Guide: Domains, Services, and Scenarios
References
- AWS. "AWS Certified Cloud Practitioner Exam Guide (CLF-C02)." Amazon Web Services. https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf
- AWS. "AWS Well-Architected Framework." AWS Whitepapers. https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html
- AWS. "Overview of Amazon Web Services." AWS Whitepaper. https://docs.aws.amazon.com/whitepapers/latest/aws-overview/introduction.html
- AWS. "AWS Shared Responsibility Model." AWS Documentation. https://aws.amazon.com/compliance/shared-responsibility-model/
- Piper, Ben and Clinton, David. "AWS Certified Cloud Practitioner Study Guide: CLF-C02 Exam." Sybex, 2023.
- AWS. "AWS Pricing Models." AWS Documentation. https://aws.amazon.com/pricing/
- AWS. "AWS Support Plans." https://aws.amazon.com/premiumsupport/plans/
- Faye Ellis. "Ultimate AWS Certified Cloud Practitioner CLF-C02." Udemy, 2023.
Frequently Asked Questions
How many domains does the AWS Cloud Practitioner CLF-C02 exam have?
The CLF-C02 exam has four domains: Cloud Concepts (24%), Security and Compliance (30%), Cloud Technology and Services (34%), and Billing, Pricing, and Support (12%).
What is the passing score for the AWS Cloud Practitioner exam?
The passing score for the CLF-C02 exam is 700 out of 1000. The exam contains 65 questions with 90 minutes allotted.
What does the AWS Shared Responsibility Model mean?
AWS is responsible for security of the cloud (physical infrastructure, hardware, hypervisor), while customers are responsible for security in the cloud (IAM configuration, data encryption, OS patching on EC2).
How long should I study for the AWS Cloud Practitioner exam?
IT professionals typically need 1-2 weeks of focused study. Those with no cloud background should plan for 3-4 weeks, covering concepts, services, security, and billing before taking practice exams.
Which AWS support plan includes 24/7 phone and chat support?
The Business support plan (starting around $100/month) is the minimum tier that includes 24/7 phone, chat, and email support along with the full set of AWS Trusted Advisor checks.