How to pass AWS Certified Cloud Practitioner (CLF-C02)
21 min read4 domains coveredFree practice, no sign-up
The AWS Certified Cloud Practitioner (CLF-C02) is the entry point to the AWS certification ladder. It tests whether you can talk about the AWS Cloud with confidence: why a business moves to it, who is responsible for what, which service answers a stated need, and how AWS bills for and supports the things you run. It is deliberately broad and shallow. You are asked to recognise the right idea across hundreds of services and concepts, not to design, configure, or operate any of them in depth.
It suits people who are new to AWS and people whose roles sit alongside the technical work rather than inside it: sales, finance, project management, procurement, marketing, and anyone in a business that has decided to use AWS and wants a shared vocabulary. There is no coding, no architecture, and no enforced prerequisite. The four domains are weighted unevenly, with Cloud Technology and Services carrying the most marks, then Security and Compliance, then Cloud Concepts, and Billing, Pricing and Support the smallest. Knowing that split tells you where the questions actually come from.
What makes it pass-or-fail is breadth of clean recognition under a little pressure. Most questions are one or two sentences describing a need, and the right answer is the AWS service, pricing model, support plan, or responsibility that matches it. Two or three options are usually real AWS things that simply do not fit the stated need. You pass by recognising the fit quickly across the whole surface area, not by going deep on any one corner of it.
CLF-C02 is a recognition exam: nearly every question states a business need and the right answer is the AWS service, pricing model, support plan, or shared-responsibility boundary that matches it, so broad clean recognition beats deep knowledge of any one service.
Difficulty
Foundational
Best for
People new to AWS and those in business-facing roles around it: sales, finance, procurement, project management, marketing, and junior technical staff who need a shared AWS vocabulary and a credential proving they understand cloud value, security basics, the core service catalogue, and how AWS bills and supports its customers.
Prerequisites
None. AWS recommends up to six months of broad exposure to the AWS Cloud, but no hands-on experience, coding, or prior certification is required. Curiosity and a willingness to learn the service catalogue by recognition is what carries you through.
65
Questions
90 min
Time allowed
700 / 1000
Pass mark
$100
Exam cost (USD)
254
Practice questions
How this exam thinks
One habit decides this exam: read the short scenario for the need it states, then pick the AWS service or concept built for that need. Almost every question names a single requirement, recognise the right service for a stated need, know who is responsible under the shared responsibility model, or match the pricing model, support plan, or billing tool to the requirement, and the answer is whichever option fits it. The other options are usually genuine AWS things that simply answer a different need, so the test is recognition, not elimination by knowledge you lack.
It rewards breadth over depth. You are not asked how a service works inside, only what it is for and when to reach for it. When two options both sound plausible, the discriminating detail is in the scenario: a stated geography points to compliance and Artifact, a stated steady multi-year workload points to Reserved Instances, a stated need for a second sign-in factor points to multi-factor authentication, a stated wish to run containers with no servers points to Fargate. Find the one word or phrase that names the need, and the correct option is the service whose single job is that need.
What each domain tests and how to study it
The CLF-C02 blueprint is split across 4 domains. Weights are the official share of the exam; see the official exam guide for the authoritative breakdown.
What you must be able to do. Given a business situation, name the AWS Cloud benefit, Well-Architected pillar, migration tool, or cloud-economics idea that the situation calls for, and recognise the managed services and automation that deliver those benefits.
In one sentenceThe why-cloud domain: recognising the business benefits of AWS, the six Well-Architected pillars, the migration and adoption frameworks, and the cost ideas that make the move pay off.
Recall check: answer these from memory first
Name the six pillars of the AWS Well-Architected Framework, and give one benefit that sounds like a pillar but is not one.
A startup is unsure of demand and does not want to buy servers before launch. Which AWS Cloud benefit answers this, and how is it worded?
A company already owns database licences and wants to keep using them on AWS. Which cost strategy is this, and how does it differ from rightsizing?
What it tests. Why a business chooses the AWS Cloud and the language used to justify it. Defining benefits such as trading capital expense for variable expense, economies of scale, and the agility of on-demand provisioning; explaining global-infrastructure benefits such as speed of deployment, global reach, high availability, and elasticity; naming the six pillars of the AWS Well-Architected Framework and the design principles each promotes; understanding migration strategies including database replication and the AWS Snow Family for bulk data transfer; recognising how the AWS Cloud Adoption Framework reduces business risk and improves operational and ESG outcomes; grasping cloud economics including fixed versus variable cost, rightsizing, total cost of ownership, and Bring Your Own License; and identifying automation with AWS CloudFormation and managed services such as Amazon RDS, Amazon ECS, Amazon EKS, and Amazon DynamoDB.
How to study it. Treat each benefit as a phrase the exam puts in your mouth. Learn the exact wording, trading capital expense for variable expense, economies of scale, speed of deployment, elasticity, high availability, so you recognise it when a scenario describes an uncertain startup or a two-week deadline. Memorise the six Well-Architected pillars as a closed list, operational excellence, security, reliability, performance efficiency, cost optimisation, and sustainability, then practise spotting the impostor, because a common trap offers a real cloud benefit like elastic scalability that is not one of the pillars. Separate the cost ideas: rightsizing matches instance size to load, Bring Your Own License reuses licences you already own, total cost of ownership compares on-premises against cloud. For migration, link the Snow Family to bulk offline transfer and database replication to keeping data in sync during a move.
Easy to confuse
Trading capital expense for variable expense versus a single fixed monthly price. Trading capital expense for variable expense means you stop buying hardware upfront and instead pay only for what you use, so the bill rises and falls with demand. A fixed monthly price that never changes is the opposite of the cloud benefit and is always the distractor.
A Well-Architected pillar versus a general cloud benefit. The six pillars are a fixed list: operational excellence, security, reliability, performance efficiency, cost optimisation, and sustainability. Elastic scalability, agility, and global reach are genuine cloud benefits but are not pillars, which is the trap the exam plants.
Rightsizing versus Bring Your Own License. Rightsizing lowers cost by matching the compute size to the actual workload so you stop paying for idle capacity. Bring Your Own License lowers cost by applying software licences you already own instead of renting new ones bundled into the service.
Worked example from the CLF-C02 bank
lock_openFree sampleCloud Conceptsmedium
A candidate studying the AWS Well-Architected Framework lists what they believe are its pillars but includes one entry that is NOT actually a pillar of the framework. Which option is the entry that does not name a real pillar?
AElastic scalability, which guides automatic adjustment of capacity as the load changescheck_circle Correct
BReliability, which guides workloads to recover from failure and meet changing demand
CPerformance efficiency, which guides the effective use of computing resources over time
DOperational excellence, which guides running and continually improving daily operations
The six Well-Architected pillars do not include elastic scalability, which is a general cloud benefit rather than a pillar. The framework has six pillars: operational excellence, security, reliability, performance efficiency, cost optimisation and sustainability, so elastic scalability is not among them even though elasticity is a cloud advantage.
Why A is correct: Elastic scalability is not one of the six pillars; elasticity is a cloud benefit, so this entry is the one that fails to name a real pillar.
Why B is wrong: Reliability is a genuine pillar of the framework, so listing it is correct and it cannot be the entry that fails to name a real pillar.
Why C is wrong: Performance efficiency is one of the six recognised pillars, so it belongs on the list and is not the invented entry being sought.
Why D is wrong: Operational excellence is a real pillar of the framework, so it is correctly placed and is not the entry that lacks a true pillar.
What you must be able to do. Given a security or compliance need, decide whether the customer or AWS owns the task under the shared responsibility model, and name the AWS identity, encryption, governance, network, or compliance service that meets the need.
In one sentenceThe security domain and the biggest of the four after services: knowing who is responsible for what, and matching the right AWS identity, encryption, monitoring, and compliance service to a stated need.
Recall check: answer these from memory first
On an Amazon EC2 instance, which security tasks belong to the customer and which to AWS, and where exactly does the line sit?
Give the one-line job of each: AWS CloudTrail, Amazon CloudWatch, AWS Config, AWS Artifact.
A legal team needs to self-download a SOC 2 report and accept a data processing agreement without contacting AWS. Which service is built for this?
What it tests. Security as a shared duty and the AWS services that support it. Understanding the shared responsibility model and how the boundary shifts by service, from the guest operating system on Amazon EC2 to the more managed Amazon RDS and AWS Lambda; finding compliance reports through AWS Artifact and recognising that compliance needs vary by geography and industry; distinguishing encryption in transit from encryption at rest and the role of AWS Key Management Service; recognising governance and threat-detection services including Amazon CloudWatch, AWS CloudTrail, AWS Config, Amazon GuardDuty, Amazon Inspector, and AWS Security Hub; identifying IAM users, groups, roles, and managed and custom policies in line with least privilege; protecting the root user with multi-factor authentication, AWS IAM Identity Center, and federation; describing network controls such as security groups, network ACLs, AWS WAF, and AWS Shield; and finding security help through AWS Trusted Advisor, AWS Marketplace, and AWS documentation.
How to study it. Anchor on the shared responsibility line first, because it underlies many questions: AWS secures the cloud (hardware, facilities, the hypervisor) and the customer secures what they put in the cloud (their data, their access controls, and on EC2 the guest operating system and its patches). Practise sliding that line by service, EC2 leaves the most to the customer, RDS and Lambda leave less. Separate encryption in transit (TLS protecting data moving over the network) from encryption at rest (scrambling stored data with KMS). Build a one-line job for each governance service: CloudTrail records who did what API call, CloudWatch monitors metrics and alarms, Config tracks resource configuration over time, GuardDuty detects threats, Inspector scans for vulnerabilities, Artifact hands you compliance reports. For identity, know that MFA adds a second sign-in factor and that the root user should be locked down and rarely used.
Easy to confuse
AWS CloudTrail versus Amazon CloudWatch. CloudTrail records the API calls made in an account, so it answers who did what and when for auditing. CloudWatch collects metrics, logs, and alarms about how resources are performing, so it answers whether something is healthy or breaching a threshold.
Encryption in transit versus encryption at rest. Encryption in transit protects data while it moves across the network, typically with TLS, so it cannot be read if intercepted on the wire. Encryption at rest scrambles data while it sits stored on disk or in a volume, usually with AWS KMS, so direct disk access yields only ciphertext.
Security group versus network ACL. A security group is a stateful firewall attached to an instance, where allowed return traffic is permitted automatically and it holds allow rules only. A network ACL is a stateless filter on a whole subnet that evaluates inbound and outbound separately and can hold explicit deny rules.
AWS Artifact versus AWS Trusted Advisor. AWS Artifact is the self-service portal for downloading AWS compliance reports and accepting legal agreements. Trusted Advisor inspects your own account and recommends improvements across cost, security, fault tolerance, and service limits, so one supplies AWS audit evidence and the other audits your account.
Worked example from the CLF-C02 bank
lock_openFree sampleSecurity and Compliancemedium
A legal team needs to download AWS audit artefacts such as the latest SOC 2 report and review and accept the AWS GDPR Data Processing Addendum, all on a self-service basis without contacting AWS sales. Which AWS service is designed to provide these compliance documents and agreements on demand?
AAWS Config, which records the configuration of account resources and reports whether each one complies with the rules the team has defined for governance
BAWS Trusted Advisor, which inspects the account and recommends improvements across cost, security, fault tolerance and service limits for the customer
CAWS CloudTrail, which records the API calls made in the account so the team can audit who performed each action and exactly when it happened
DAWS Artifact, the central portal where customers can review, download and accept AWS security and compliance reports and online agreements on demandcheck_circle Correct
AWS Artifact is the self-service portal for downloading AWS compliance reports and reviewing and accepting AWS legal agreements. AWS Artifact gives customers no-cost, on-demand access to AWS security and compliance documentation, including audit reports like SOC 2 and online agreements such as the GDPR Data Processing Addendum, so teams can satisfy auditors and accept terms without contacting AWS directly.
Why A is wrong: AWS Config governs internal resource configuration and compliance rules, but it does not host AWS audit reports or legal agreements such as the GDPR addendum for download.
Why B is wrong: Trusted Advisor produces best-practice recommendations about the customer's own account, not AWS third-party audit reports or signed compliance agreements.
Why C is wrong: CloudTrail logs account API activity for auditing actions, but it does not supply AWS compliance reports or legal agreements such as a data processing addendum.
Why D is correct: AWS Artifact is the self-service portal that gives customers on-demand access to AWS compliance reports such as SOC 2 and to agreements such as the AWS GDPR Data Processing Addendum.
What you must be able to do. Given a technical need, recognise the AWS compute, container, serverless, database, storage, network, or analytics service that fits it, and place it correctly within the global infrastructure of Regions, Availability Zones, and edge locations.
In one sentenceThe largest domain: recognising the core AWS service catalogue, how to access it, and how Regions, Availability Zones, and edge locations fit together to deliver availability and low latency.
Recall check: answer these from memory first
Define Region, Availability Zone, and edge location, and say which one you spread across for high availability and which one caches content near users.
Match each to a one-line job: Amazon EC2, AWS Lambda, AWS Fargate, Amazon S3, Amazon DynamoDB.
A team wants objects to move to a cheaper storage class after 30 days and delete after a year with no manual steps. Which S3 feature does this?
What it tests. Recognising the core AWS services and where they run. Choosing how to interact with AWS between the Management Console, programmatic access such as the AWS CLI, and infrastructure as code; defining the global infrastructure and the relationship between Regions, Availability Zones, and edge locations; achieving high availability across multiple Availability Zones and using edge services such as Amazon CloudFront and AWS Global Accelerator; identifying compute with Amazon EC2 instance types, auto scaling, and load balancers; recognising container and serverless options including Amazon ECS, Amazon EKS, AWS Fargate, and AWS Lambda; distinguishing relational databases such as Amazon RDS and Amazon Aurora from NoSQL Amazon DynamoDB and in-memory databases; identifying the components of a VPC, Amazon Route 53, AWS VPN, and AWS Direct Connect; matching storage services including Amazon S3 storage classes, Amazon EBS, Amazon EFS, Amazon FSx, AWS Storage Gateway, lifecycle policies, and AWS Backup; and recognising AI, machine learning, analytics, and integration services such as Amazon SageMaker, Amazon Athena, Amazon Kinesis, Amazon SNS, and Amazon SQS.
How to study it. This is the broadest domain, so study it as a recognition map: for each service, learn one sentence saying what it is for and the single word in a scenario that points to it. Group by category and drill the splits within each. For compute, separate EC2 (you manage the server) from Lambda (run code with no servers) from Fargate (run containers with no servers). For databases, fix relational (RDS, Aurora) against NoSQL key-value (DynamoDB) against in-memory caching. For storage, match the access pattern: S3 for objects, EBS for a single instance's block storage, EFS for shared file access. Learn the global-infrastructure hierarchy cold, a Region contains multiple Availability Zones and edge locations sit outside both for caching, so you can answer the very common Region-versus-Availability-Zone questions instantly. Pair S3 lifecycle policies with timed transitions and deletions.
Easy to confuse
Region versus Availability Zone versus edge location. A Region is a geographic area containing multiple isolated Availability Zones, and you deploy across several Availability Zones for high availability within a Region. An edge location is a separate caching point near users used by CloudFront to deliver content with low latency, not for running your workloads.
AWS Fargate versus Amazon EC2 for containers. With Amazon EC2 you launch and manage the host servers yourself, including patching and scaling them, before placing containers on them. With AWS Fargate you supply only the containers and AWS runs them serverlessly, so there are no host servers to provision, patch, or scale.
Amazon RDS versus Amazon DynamoDB. Amazon RDS is a managed relational database for structured data queried with SQL across related tables. Amazon DynamoDB is a NoSQL key-value and document database for fast lookups at scale with a non-relational access pattern, so the data model in the scenario decides between them.
Amazon CloudFront versus AWS Global Accelerator. CloudFront caches cacheable content such as images and video at edge locations to speed delivery to viewers. Global Accelerator routes non-cacheable TCP and UDP traffic over the AWS network using static IP addresses for fast regional failover, so cacheable content points to CloudFront and static-IP non-cacheable traffic to Global Accelerator.
Worked example from the CLF-C02 bank
lock_openFree sampleCloud Technology and Servicesmedium
An architect is comparing two AWS edge services for different workloads. One workload serves cacheable images and video to viewers on the public internet, and the other carries non-cacheable TCP traffic that needs fixed static IP addresses and fast regional failover. Which statement correctly distinguishes Amazon CloudFront from AWS Global Accelerator?
ACloudFront provides a dedicated private link from a data centre to AWS, while Global Accelerator caches images at edge locations near each viewer worldwide
BCloudFront balances traffic across instances inside one Region, while Global Accelerator stores objects in a bucket that viewers download over the internet
CCloudFront caches content at edge locations for cacheable delivery, while Global Accelerator routes non-cacheable traffic over the AWS network using static IP addressescheck_circle Correct
DCloudFront resolves domain names to IP addresses for routing, while Global Accelerator encrypts data at rest on the disks holding the cached content
CloudFront is a caching content delivery network, while Global Accelerator routes non-cacheable traffic over the AWS network using static IP addresses. CloudFront caches cacheable content at edge locations to speed delivery to viewers, whereas Global Accelerator improves availability and performance for non-cacheable traffic by routing it over the AWS network through static IP addresses, so the two edge services target different workload types.
Why A is wrong: CloudFront is not a private link service, and caching at edge locations is the CloudFront role, so this statement swaps and misstates both services.
Why B is wrong: In-Region load balancing describes Elastic Load Balancing and object storage describes Amazon S3, so neither half correctly describes the two edge services named.
Why C is correct: CloudFront is a caching content delivery network for cacheable assets, whereas Global Accelerator routes non-cacheable traffic over the AWS network behind static IP addresses.
Why D is wrong: DNS resolution is the Route 53 role and encryption at rest is a storage security control, so neither half describes how CloudFront or Global Accelerator actually works.
What you must be able to do. Given a cost, budgeting, or support need, match the right pricing model, the right billing or cost-management tool, the right AWS Support plan, or the right technical resource to the requirement stated.
In one sentenceThe smallest domain: matching the pricing model, billing and budgeting tool, support plan, or help resource to a stated cost or support requirement.
Recall check: answer these from memory first
Match each pricing model to its best fit: steady three-year workload, short unpredictable workload, interruptible fault-tolerant workload.
Distinguish the AWS Pricing Calculator, AWS Budgets, and AWS Cost Explorer by when in the spend cycle each is used.
An engineer wants to see whether an AWS service event is affecting resources in their own account. Which resource shows this, and how does it differ from Trusted Advisor?
What it tests. How AWS charges, helps you control spend, and supports you. Comparing pricing models including On-Demand, Reserved Instances, Spot Instances, Savings Plans, and Dedicated Hosts, plus data-transfer and storage-tier charges; using billing and cost tools including AWS Budgets, AWS Cost Explorer, the AWS Pricing Calculator, AWS Organizations consolidated billing, and cost allocation tags; identifying the AWS Support plans from Basic and Developer through Business, Enterprise On-Ramp, and Enterprise, and what each adds; and finding technical help through AWS Trusted Advisor, the AWS Health Dashboard, AWS re:Post, AWS whitepapers, and the AWS Partner Network.
How to study it. Drill two splits until each tool answers a clear question. For pricing, fix the model by the workload: On-Demand for short or unpredictable use with no commitment, Reserved Instances or Savings Plans for steady multi-year workloads at the lowest rate, Spot for interruptible fault-tolerant work at the deepest discount, Dedicated Hosts when you need a whole physical server. For tools, separate by tense: the Pricing Calculator estimates before you build, Budgets watches a live account and alerts before you overspend, Cost Explorer reviews historical spend after the bill, and consolidated billing in AWS Organizations rolls many accounts into one invoice with volume pricing. For help, give each resource a job: Trusted Advisor checks your account against best practices, the Health Dashboard shows AWS events affecting your resources, re:Post is community questions, and the Partner Network connects you to partners. Skim the support-plan ladder for what each tier adds.
Easy to confuse
On-Demand versus Reserved Instances versus Spot Instances. On-Demand pays the standard rate with no commitment for short or unpredictable workloads. Reserved Instances commit to a one-year or three-year term for the lowest rate on steady predictable workloads. Spot bids on spare capacity at the deepest discount but can be reclaimed, so it suits interruptible fault-tolerant work only.
AWS Budgets versus AWS Cost Explorer versus AWS Pricing Calculator. AWS Budgets sets a spending limit and alerts you when actual or forecasted spend approaches it, so it acts before the bill. Cost Explorer charts historical spend so you analyse where past money went. The Pricing Calculator estimates a proposed workload before any resources exist.
AWS Trusted Advisor versus the AWS Health Dashboard. Trusted Advisor checks your account against best practices across cost, security, fault tolerance, and service limits, so it audits your configuration. The AWS Health Dashboard shows alerts and guidance about AWS service events affecting your specific account resources, so it reports AWS-side health rather than your setup.
Consolidated billing versus cost allocation tags. Consolidated billing in AWS Organizations combines many member accounts into one invoice and pools usage for volume pricing. Cost allocation tags label resources so spend can be grouped and reported by project or team, so one merges the bill and the other breaks the bill down.
Worked example from the CLF-C02 bank
lock_openFree sampleBilling, Pricing, and Supporteasy
An operations engineer notices errors in one AWS Region and wants a single place to see whether an AWS service event is affecting resources in their own account. Which AWS resource is designed to show this account-specific service health information?
AAWS Trusted Advisor, which checks the account against best practices for cost, security, performance and fault tolerance
BAWS whitepapers, the technical documents that explain AWS architecture patterns, security guidance and design best practices
CAWS Partner Network, the global programme of consulting and technology partners that help customers build on AWS
DAWS Health Dashboard, which presents alerts and guidance about AWS events affecting the resources in your accountcheck_circle Correct
The AWS Health Dashboard gives a personalised view of AWS service events and how they affect resources in your own account. The AWS Health Dashboard surfaces alerts and remediation guidance for AWS service events that touch your specific account resources, so an engineer investigating Region errors can confirm whether an AWS-side event is the cause.
Why A is wrong: Trusted Advisor recommends best-practice improvements over time, but it is not the place to watch a live AWS service event affecting your account.
Why B is wrong: Whitepapers are reference reading on architecture and best practice, so they give background knowledge rather than real-time status of your account resources.
Why C is wrong: The Partner Network connects customers with third-party firms for help, so it has nothing to do with reporting live AWS service health for your account.
Why D is correct: The AWS Health Dashboard shows a personalised view of service events and their effect on your own resources, which is exactly what the engineer needs during an incident.
A study plan that works
Map the blueprint and book a date
Day 1
Read the official AWS exam guide and the four domains with their weights. Book a provisional date now, because a fixed date turns open-ended study into a plan and is the strongest predictor of actually sitting. Note that Cloud Technology and Services is the heaviest domain and Security and Compliance is second, so plan the most time there and treat Billing as the smallest but most learnable block of marks.
Learn the cloud value vocabulary
Week 1
Start with Cloud Concepts because it is the easiest marks and frames the rest. Memorise the benefit phrases the exam reuses, trading capital expense for variable expense, economies of scale, elasticity, speed of deployment, and the six Well-Architected pillars as a closed list. Drill the impostor-pillar trap and separate the cost ideas of rightsizing, Bring Your Own License, and total cost of ownership using the recall prompts here, covering the answer first.
Build the service-recognition map
Weeks 1 to 3
Cloud Technology and Services is the biggest domain, so give it the most drilling. Build a one-line-per-service map grouped by category: compute (EC2, Lambda, Fargate), databases (RDS and Aurora versus DynamoDB), storage (S3, EBS, EFS), networking and edge (VPC, Route 53, CloudFront, Global Accelerator), and the AI and analytics names. Learn the Region, Availability Zone, and edge-location hierarchy cold. For each service, fix the single word in a scenario that points to it.
Lock the shared responsibility model and security services
Weeks 2 to 3
Security and Compliance is the second heaviest domain. Make the shared responsibility line automatic, AWS secures the cloud, the customer secures what they put in it, and the line slides by service. Then drill the security service jobs: CloudTrail versus CloudWatch, Config, GuardDuty, Inspector, Artifact, and the IAM and MFA basics. Separate encryption in transit from at rest, and security groups from network ACLs, until the discriminator alone decides each one.
Cover billing, pricing, and support
Week 4
Billing is the smallest domain and the most dependable marks once you know the splits. Drill the pricing models against the workload (On-Demand, Reserved, Spot, Savings Plans, Dedicated Hosts) and the cost tools by tense (Pricing Calculator before, Budgets during, Cost Explorer after, consolidated billing across accounts). Skim the support-plan ladder for what each tier adds, and give Trusted Advisor, the Health Dashboard, and re:Post each a clear job.
Drill weak domains, then space the review
Week 5
Use your per-domain accuracy on practice questions to attack the domains dragging you down, not to re-read what you already know. Then space it: revisit each domain's recall prompts after a few days and again a week later. Spacing roughly doubles what sticks compared with cramming, and it is the cheapest gain available before the exam.
Sit a timed mock and calibrate
Weeks 5 to 6
Take at least one full timed practice run under exam conditions to rehearse pacing and the flag-and-return habit across the whole question set in the time allowed. Treat the score as a per-domain readiness signal rather than a single number, and review every missed question, naming the need you misread, before you book or sit.
Know when you're ready
Readiness for the AWS Certified Cloud Practitioner is a measured score on practice questions you have not seen before, not a feeling that the services sound familiar. Those are different things, and the gap between them is where people slip. Re-reading service summaries builds fluency, and fluency feels like knowledge, so confidence rises while real recall lags behind. The fix is to test yourself: if you can read a fresh one-sentence scenario, spot the need it names, and pick the matching service while explaining why the other options answer a different need, you know it. If you can only nod along to an explanation, you do not yet.
Because the exam is broad and shallow, readiness means clean recognition across the whole surface area rather than depth anywhere. Watch your weakest domain, usually the large services domain or the shared responsibility model, and lift it rather than polishing what you already pass. Trust your measured per-domain accuracy over your gut, and set the bar at clearing every domain comfortably on unseen questions across more than one session, not scraping a single pass.
Ready to put this into practice?
Free CLF-C02 questions with worked explanations. No sign-up.
Read the scenario for the need it names first. One word or phrase usually states the requirement, a geography, a steady multi-year workload, a need for a second sign-in factor, and that is what picks the answer.
On responsibility questions, draw the line: AWS secures the cloud (hardware, facilities, hypervisor) and the customer secures what they put in it. On EC2 that includes the guest operating system and its patches.
Treat plausible-but-wrong options as the norm. Most distractors are real AWS services that simply answer a different need, so do not pick a familiar name, pick the one whose single job matches the requirement.
Match the pricing model to the workload, not to the discount. Steady multi-year means Reserved Instances or Savings Plans, short and unpredictable means On-Demand, and interruptible fault-tolerant means Spot.
Sort the billing tools by tense. The Pricing Calculator estimates before you build, Budgets alerts while you run, and Cost Explorer reviews after the bill arrives.
Answer every question, because there is no penalty for a wrong guess. Eliminate the options that answer a different need, then commit to the best remaining fit.
Flag and move on. Cover every question once before you spend time on a hard one, so you collect the clear recognition marks first within the time allowed.
Frequently asked questions
Is the AWS Certified Cloud Practitioner hard?
It is a foundational exam and the easiest in the AWS ladder. The difficulty is breadth rather than depth: you must recognise the right service or concept across a wide catalogue, but you are never asked to design or configure anything. Most questions are one or two sentences stating a need, and practice on those scenarios matters more than memorising how each service works inside.
Do I need hands-on AWS experience or coding to pass?
No. There is no enforced prerequisite, no coding, and no architecture. AWS suggests up to six months of broad exposure to the cloud, but the exam is built for business and non-technical roles as well as new technical staff. A clear recognition map of what each service is for is what carries you, not practical experience.
Which domains should I focus on?
Cloud Technology and Services carries the most marks, so the service-recognition map deserves the most drilling. Security and Compliance is second and leans heavily on the shared responsibility model. Cloud Concepts is the easiest marks, and Billing, Pricing and Support is the smallest domain but very learnable once you fix the pricing and tool splits.
How long should I study for the CLF-C02?
Most candidates are ready in four to six weeks of steady study, less if they already work around AWS. Spend the bulk of that time building the service-recognition map and the shared responsibility model, then drill billing and pricing, which are small but dependable marks, and finish with timed practice to calibrate.
What is the shared responsibility model in one line?
AWS is responsible for security of the cloud, the hardware, facilities, and the hypervisor, while the customer is responsible for security in the cloud, their data, their access controls, and on Amazon EC2 the guest operating system and its patches. The line slides by service, leaving more to the customer on EC2 and less on managed services like RDS and Lambda.
What is the difference between AWS Budgets, Cost Explorer, and the Pricing Calculator?
Sort them by when you use them. The Pricing Calculator estimates a workload before any resources exist. AWS Budgets watches a live account and alerts you when actual or forecasted spend approaches a limit you set. Cost Explorer charts historical spend so you can review where past money went after the bill arrives.
How many practice questions should I do before booking?
Enough that every domain clears comfortably on questions you have not seen, and a full timed run feels comfortable on pacing. Quality of review beats raw volume: on every question, read the explanation and name the need that picked the answer, including on the ones you got right, so recognition becomes automatic.
Is the AWS Cloud Practitioner worth it?
It is well suited to business-facing and non-technical staff who need a shared vocabulary and a recognised AWS baseline, and to developers or administrators who want a quick on-ramp before pursuing the role-based associate exams. It is the entry point to the AWS certification ladder, and many organisations use it as a standard baseline for any staff working alongside cloud teams.
Examworthy is not affiliated with or endorsed by Amazon Web Services. This guide is original study material based on the public exam blueprint. We never reproduce live exam items. CLF-C02 and related marks belong to their respective owners.
