AWS CLF-C02 Practice Test: Cloud Practitioner

CLF-C02 is AWS’s foundational cloud certification for candidates who need strong AWS basics across cloud concepts, security, core services, billing, and support. If you are searching for CLF-C02 sample questions, CLF-C02 practice exam questions, a Cloud Practitioner practice test, mock exam, or exam simulator, this is the main IT Mastery page to start on web and continue on iOS or Android with the same IT Mastery account.

Free diagnostic: Try the 65-question AWS CLF-C02 full-length practice exam before subscribing. Use it as one baseline run, then return to IT Mastery for timed mocks, topic drills, explanations, and the full Cloud Practitioner question bank.

What this CLF-C02 practice page gives you

• a direct route into IT Mastery practice for CLF-C02
• topic drills and mixed sets across cloud concepts, security, services, and billing
• detailed explanations that show why the best foundational AWS answer is correct
• a clear free-preview path before you subscribe
• the same IT Mastery account across web and mobile

CLF-C02 exam snapshot

• Vendor: AWS
• Official exam name: AWS Certified Cloud Practitioner (CLF-C02)
• Exam code: CLF-C02
• Items: 65 total
• Exam time: 90 minutes
• Question types: multiple-choice and multiple-response
• Passing score: 700 scaled

CLF-C02 questions usually reward the option that chooses the correct high-level AWS service or pricing/support model without adding unnecessary architectural detail.

Topic coverage for CLF-C02 practice

CLF-C02 decision filters

Use these filters when an answer choice looks plausible but too broad:

• Service purpose: identify whether the scenario is asking for compute, storage, database, networking, monitoring, migration, AI, or developer tooling.
• Shared responsibility: separate what AWS secures from what the customer must configure, patch, monitor, encrypt, or govern.
• Managed service fit: prefer the service that removes undifferentiated operational work when the question asks for simplicity or reduced administration.
• Billing signal: look for Reserved Instances, Savings Plans, free-tier limits, storage classes, support plans, cost allocation tags, or AWS Budgets when the stem is cost-driven.
• Global vs Regional scope: distinguish IAM, Route 53, CloudFront, and Organizations from Regional compute, storage, and database resources.

CLF-C02 readiness map

How to use the CLF-C02 simulator efficiently

1. Start with domain drills so you can lock down core service recognition and shared-responsibility basics.
2. Review every miss until you can explain the service purpose, security principle, or billing concept behind the best answer.
3. Move into mixed sets once you can shift between compute, storage, networking, databases, and support-plan scenarios quickly.
4. Finish with timed runs so the 90-minute pace feels comfortable before the real exam.

Final 7-day CLF-C02 practice sequence

When CLF-C02 practice is enough

If you can complete several unseen mixed attempts above roughly 75%, explain why each missed answer was tempting, and map most stems to the correct AWS service or responsibility boundary, you are probably ready to schedule the exam instead of overtraining. Additional practice should improve reasoning, not turn the bank into memorized answer recognition.

Focused sample questions

Use these child pages when you want focused IT Mastery practice before returning to mixed sets and timed mocks.

• Free AWS CLF-C02 Full-Length Practice Exam
• Cloud Concepts
• Security and Compliance
• Cloud Technology and Services
• Billing, Pricing, and Support

Free study resources

Need concept review first? Read the AWS CLF-C02 Cheat Sheet on Tech Exam Lexicon, then return here for timed mocks, topic drills, and full IT Mastery practice.

Free preview vs premium

• Free preview: a smaller web set so you can validate the question style and explanation depth.
• Premium: the full CLF-C02 practice bank, focused drills, mixed sets, timed mock exams, detailed explanations, and progress tracking across web and mobile.

Next AWS routes after CLF-C02

• Stay foundational but broaden service coverage: AIF-C01 if you want an AWS AI-first route.
• Move into role-based architecture: SAA-C03 when Cloud Practitioner service recognition feels stable.
• Browse the full AWS family: AWS exam pages

24 CLF-C02 sample questions with detailed explanations

These are original IT Mastery practice questions aligned to CLF-C02 cloud concepts, AWS core services, security and compliance, pricing, billing, support, and workload-fit decisions. They are not AWS exam questions and are not copied from any exam sponsor. Use them to check readiness here, then continue in IT Mastery with mixed sets, topic drills, and timed mocks.

Question 1

Topic: Domain 2: Security and Compliance

Which statement best describes how compliance requirements are handled when using AWS Cloud services?

Options:

• A. AWS is fully responsible for all compliance requirements for any workload hosted in AWS Regions worldwide.
• B. Compliance requirements are the same in every country, so workloads do not need to be designed differently for each Region.
• C. Once a workload is migrated to AWS, compliance is no longer required because AWS services replace regulatory controls.
• D. Customers must identify and meet their own compliance obligations, which can differ by country and industry, while AWS manages the compliance of the cloud infrastructure.

Best answer: D

Explanation: The choice stating that customers must identify and meet their own compliance obligations, which can differ by country and industry, while AWS manages the compliance of the cloud infrastructure best matches the shared responsibility model. It correctly highlights that compliance requirements vary by geography and industry, and that AWS and the customer each have distinct roles in meeting those obligations.

Question 2

Topic: Domain 4: Billing, Pricing, and Support

A company wants to implement internal chargeback so each department pays for the AWS resources it uses. The finance team plans to use AWS billing reports for this purpose. Which of the following approaches to tagging and tracking costs should the team AVOID? (Select TWO.)

Options:

• A. Define a standard set of cost allocation tags such as Project, Department, and Environment that all teams must apply to new resources.
• B. Activate the relevant cost allocation tags in the Billing and Cost Management console so they appear in Cost Explorer and cost and usage reports.
• C. Use untagged shared infrastructure resources and manually estimate their monthly costs for each department in a spreadsheet.
• D. Allow each team to create its own tag keys and meanings, even if they reuse the same key names differently across accounts.
• E. Use AWS Cost Explorer and AWS Budgets filtered by cost allocation tags to monitor spending by project or department.

Correct answers: C and D

Explanation: The approach that lets each team invent its own tag keys and meanings, even reusing the same key name differently, should be avoided because it prevents consistent grouping of costs across accounts or departments. The approach that uses untagged shared infrastructure with manual spreadsheet estimates should also be avoided, because it bypasses cost allocation tags entirely and results in error-prone, manual chargeback instead of leveraging AWS’s built-in cost reporting.

Question 3

Topic: Domain 3: Cloud Technology and Services

A company is designing a messaging layer using Amazon SNS and Amazon SQS for its new application. The architects want to follow the intended messaging patterns for each service. Which TWO of the following approaches represent an inappropriate use of these services and should be avoided? (Select TWO.)

Options:

• A. Use a single Amazon SQS queue consumed by multiple independent reporting services when every service must receive and process every message.
• B. Use an Amazon SNS topic that fans out messages to multiple Amazon SQS queues so that different backend applications can process the same published event in different ways.
• C. Use Amazon SNS to broadcast a price change event to multiple subscriber systems such as a mobile app, billing system, and analytics pipeline.
• D. Use an Amazon SNS topic to distribute background image-processing jobs so that only one EC2 instance picks up and runs each job.
• E. Use Amazon SQS to decouple a web application that submits orders from a fleet of worker instances that process the orders asynchronously.

Correct answers: A and D

Explanation: The option that uses an Amazon SNS topic to distribute background image-processing jobs expecting only one EC2 instance to pick up each job is an anti-pattern because SNS delivers messages to all subscribers and does not enforce single-consumer processing. The option that uses a single Amazon SQS queue for multiple independent reporting services when every service must receive every message is also an anti-pattern, because SQS shares messages among consumers instead of broadcasting copies to each; separate queues or SNS with fanout would be more appropriate.

Question 4

Topic: Domain 3: Cloud Technology and Services

An organization configures an Elastic Load Balancer to distribute incoming web traffic across multiple Amazon EC2 instances in different Availability Zones so that the application remains available if one instance becomes unhealthy. Which AWS Well-Architected pillar does this practice primarily support?

Options:

• A. Reliability
• B. Security
• C. Sustainability
• D. Cost Optimization

Best answer: A

Explanation: The choice that names Reliability is correct because the described practice directly improves system availability and fault tolerance. By distributing requests across multiple instances and Availability Zones, the application can withstand individual instance failures and continue operating, which is exactly what the Reliability pillar addresses.

Question 5

Topic: Domain 1: Cloud Concepts

Which of the following statements about using AWS Database Migration Service (AWS DMS) and native database replication for database migrations is NOT correct?

Options:

• A. For migrations that must have minimal downtime, AWS DMS can keep the target database nearly in sync by continuously replicating changes while the source stays online.
• B. Using native database replication is typically appropriate when the source and target databases use the same engine and similar versions.
• C. AWS DMS is often used when migrating between different database engines, such as moving from an on-premises Oracle database to Amazon Aurora.
• D. AWS DMS can be used only for one-time bulk migrations and does not support ongoing replication to keep the source and target databases synchronized.

Best answer: D

Explanation: The statement saying that AWS DMS can be used only for one-time bulk migrations and does not support ongoing replication is incorrect because AWS DMS explicitly supports ongoing replication (change data capture). With AWS DMS, you can load existing data and then continuously replicate changes from the source to the target, reducing downtime when you switch applications to the new database. This capability is a key benefit of using AWS DMS for minimal-downtime migrations.

Question 6

Topic: Domain 3: Cloud Technology and Services

A company runs its public website on a single Amazon EC2 instance. During busy periods, the instance is overloaded, and if it fails, the website becomes unavailable. The company wants to improve availability and automatically spread user traffic across multiple EC2 instances in different Availability Zones. Which of the following actions/solutions will meet these requirements? (Select TWO.)

Options:

• A. Configure Amazon Route 53 with a single A record pointing to the existing EC2 instance.
• B. Store the website content in an Amazon S3 bucket but continue directing all dynamic traffic to the same EC2 instance.
• C. Replace the existing instance with a larger EC2 instance type to handle more users on a single server.
• D. Place an Application Load Balancer in front of multiple EC2 instances running the website in different Availability Zones.
• E. Use Amazon EC2 Auto Scaling with an Elastic Load Balancer to distribute incoming traffic across instances in multiple Availability Zones.

Correct answers: D and E

Explanation: Both using an Application Load Balancer in front of multiple EC2 instances and combining an Elastic Load Balancer with EC2 Auto Scaling rely on managed load balancing to spread traffic across several instances in different Availability Zones. These approaches eliminate the single point of failure and allow the website to handle more users by distributing incoming requests across multiple healthy targets.

Question 7

Topic: Domain 3: Cloud Technology and Services

A startup is building a new web application on AWS. They want a fully managed service that will automatically compile their source code, run unit tests on every code commit, and produce build artifacts without managing any build servers. Which AWS service best meets this requirement?

Options:

• A. AWS CodeBuild
• B. AWS X-Ray
• C. AWS CodePipeline
• D. AWS Command Line Interface (AWS CLI)

Best answer: A

Explanation: AWS CodeBuild directly addresses all requirements by providing a fully managed build environment that compiles code, runs unit tests on each change (when integrated with a source trigger), and outputs build artifacts without any need to provision or manage build servers.

Question 8

Topic: Domain 3: Cloud Technology and Services

A company is expanding an internal web application from one AWS Region to two Regions to improve latency and availability. The company wants to manage administrators’ AWS access in a single place so their permissions apply in both Regions, while keeping the application’s compute resources separate in each Region. Which approach BEST uses AWS global and Regional services to meet these needs?

Options:

• A. Use a single AWS account with AWS Identity and Access Management (IAM) users and roles for administrator access, and create separate Amazon EC2 instances in each Region for the application.
• B. Create separate IAM users in each Region and run a single shared Amazon EC2 fleet that spans multiple Regions for the application.
• C. Create a separate AWS account for each Region and use AWS Organizations to link them, managing administrators separately in each account.
• D. Use Amazon EC2 as a global compute service for all Regions and configure IAM roles separately in each Region for administrator access.

Best answer: A

Explanation: The option that uses a single AWS account with IAM users and roles for administrators and separate EC2 instances in each Region correctly treats IAM as a global service and EC2 as a Regional service, while also meeting the requirements for centralized access control and Region-separated compute resources.

Question 9

Topic: Domain 3: Cloud Technology and Services

Which TWO of the following statements about AWS developer tools and their purposes are INCORRECT? (Select TWO.)

Options:

• A. AWS CodeBuild compiles source code, runs tests, and produces software packages as part of a continuous integration workflow.
• B. AWS CodeBuild is a full CI/CD service that provisions pipelines, manages all release stages, and directly deploys applications to production environments.
• C. The AWS Command Line Interface (AWS CLI) enables users to interact with AWS services from a terminal or scripts using commands instead of the AWS Management Console.
• D. AWS CodePipeline orchestrates stages such as source, build, and deploy to automate the software release process for continuous delivery.
• E. AWS X-Ray is a service that stores and archives application and system logs for long-term compliance and auditing.

Correct answers: B and E

Explanation: The statement claiming that AWS X-Ray is a service for storing and archiving application and system logs for long-term compliance is incorrect because X-Ray focuses on distributed tracing and visualizing request paths, not on log retention. The statement describing AWS CodeBuild as a full CI/CD service that provisions pipelines, manages all release stages, and directly deploys to production is also incorrect, because CodeBuild handles only the build and test steps, while other services such as AWS CodePipeline and deployment tools manage the broader CI/CD workflow.

Question 10

Topic: Domain 2: Security and Compliance

A company hosts a public web application on AWS and wants protection from large-scale Distributed Denial of Service (DDoS) attacks with minimal operational effort. Which of the following is NOT an appropriate way to address this requirement?

Options:

• A. Enable and rely on AWS Shield Standard, which provides automatic DDoS protection for supported services such as Amazon CloudFront and Elastic Load Balancing.
• B. Rely only on security groups and network ACLs to stop DDoS attacks, without using any AWS managed DDoS protection services.
• C. Purchase AWS Shield Advanced for critical resources to get enhanced DDoS protections, visibility, and access to the AWS DDoS Response Team (DRT).
• D. Deploy AWS WAF with Amazon CloudFront to filter malicious HTTP(S) requests before they reach the application origin.

Best answer: B

Explanation: The choice to rely only on security groups and network ACLs for DDoS protection is incorrect because these tools are meant for allowing or blocking traffic based on rules, not for detecting and absorbing large, distributed attack volumes. This approach ignores AWS’s managed DDoS services such as AWS Shield, which are purpose-built for this type of threat. At a Cloud Practitioner level, treating basic network filters as a full DDoS solution is a clear violation of best practice.

Question 11

Topic: Domain 1: Cloud Concepts

A company is planning to migrate several on-premises applications to AWS. Leadership has heard about performing a migration readiness assessment and wants to understand its main benefit. Which statement best describes how a migration readiness assessment helps the company plan its cloud adoption?

Options:

• A. It selects specific EC2 instance types and storage configurations for each server to be migrated.
• B. It identifies gaps in skills, processes, and governance and produces a prioritized plan to address them before large-scale migration.
• C. It calculates the exact monthly AWS bill for all applications after they are migrated, including all discounts.
• D. It automatically moves applications from on premises to AWS with minimal human involvement.

Best answer: B

Explanation: The option that describes identifying gaps in skills, processes, and governance and producing a prioritized plan matches the purpose of a migration readiness assessment. The assessment is about organizational readiness and planning, not doing the migration itself or final technical sizing. Creating a roadmap to close those gaps is exactly how it helps plan cloud adoption.

Question 12

Topic: Domain 3: Cloud Technology and Services

Which of the following statements about using the AWS Management Console are NOT correct? (Select TWO.)

Options:

• A. It is well suited for one-time or infrequent configuration changes to a small number of resources.
• B. It can be used from a web browser without installing additional software.
• C. It provides a visual interface that is helpful when learning AWS services and exploring features.
• D. It is required for all security-sensitive operations because programmatic access using the AWS CLI or SDKs is not considered secure.
• E. It is the preferred tool for large-scale, repeatable automation across hundreds of accounts and Regions.

Correct answers: D and E

Explanation: The statement that the console is the preferred tool for large-scale, repeatable automation is incorrect because such automation is better achieved with tools like AWS CloudFormation, the AWS CLI, or SDKs, which can be scripted and integrated into pipelines. The statement that the console is required for all security-sensitive operations is also incorrect, because secure access can be provided programmatically using IAM roles, least-privilege policies, and proper credential management without relying solely on the console.

Question 13

Topic: Domain 3: Cloud Technology and Services

A company is modernizing a legacy application into containers on AWS. The team wants to follow AWS best practices for deploying and managing containers at scale. Which of the following approaches is NOT recommended for running containerized workloads on AWS?

Options:

• A. Use Amazon Elastic Kubernetes Service (Amazon EKS) to run Kubernetes-based container workloads.
• B. Use AWS Fargate with Amazon ECS or Amazon EKS to run containers without managing servers.
• C. Use Amazon Elastic Container Service (Amazon ECS) to schedule and run containers across a cluster of Amazon EC2 instances.
• D. Manually launch individual Amazon EC2 instances and start containers on each by logging in over SSH, without using any container orchestration service.

Best answer: D

Explanation: The approach that manually launches EC2 instances and starts containers over SSH without using any orchestration service is not recommended. It ignores managed container orchestration solutions like Amazon ECS and Amazon EKS, leading to poor scalability, higher operational burden, and increased risk of configuration drift. This violates the best practice of using managed services to simplify container management on AWS.

Question 14

Topic: Domain 3: Cloud Technology and Services

A large company is migrating its mission‑critical workloads to AWS. Leaders want a designated AWS expert to provide proactive guidance, best practices reviews, and act as a primary point of contact for complex issues. Which AWS Support plan best meets this requirement?

Options:

• A. Business Support
• B. Enterprise Support
• C. Developer Support
• D. Basic Support

Best answer: B

Explanation: Enterprise Support is correct because it is specifically designed for large or business‑critical environments that need proactive, strategic engagement with AWS. It includes a designated Technical Account Manager (TAM) who provides ongoing best practices guidance, architectural reviews, and acts as a primary point of contact, which matches the company’s requirement in the scenario.

Question 15

Topic: Domain 2: Security and Compliance

A company runs a public website using an Application Load Balancer (ALB) in a VPC. Users recently reported that the site was slow and sometimes unavailable during a large traffic spike that the security team suspects was a DDoS attack.

The team reviews the current protections for the application:

Based on the information in the table, which action is the most appropriate NEXT STEP to add managed DDoS protection for this internet-facing application?

Options:

• A. Enable AWS Shield Advanced for the CloudFront distribution (and associated resources).
• B. Add additional inbound rules to the ALB security group to handle more traffic.
• C. Rely on AWS WAF rules on CloudFront as the only DDoS protection mechanism.
• D. Tighten the network ACLs on the public subnets to deny more source IP ranges.

Best answer: A

Explanation: Enabling AWS Shield Advanced directly addresses the gap shown in the exhibit, where the “DDoS protection (Shield)” status is “Not enabled.” Shield Advanced is specifically designed as a managed service to protect against DDoS attacks on internet-facing endpoints such as CloudFront distributions and Application Load Balancers, making it the best next step for managed DDoS protection in this scenario.

Question 16

Topic: Domain 2: Security and Compliance

A healthcare startup in Country A runs its patient records application entirely in an AWS Region located on another continent. During a compliance review, regulators state that all patient data for Country A must be stored and processed within Country A’s borders. What should the company do to address this issue while continuing to use AWS?

Options:

• A. Use AWS Artifact to download AWS compliance reports showing that AWS meets common healthcare standards and share them with the regulators.
• B. Migrate the patient records workload to an AWS Region that meets the regulators’ in-country data residency requirements and keep all primary data and backups in that Region.
• C. Enable AWS Shield Advanced on the application’s load balancer to protect the application from distributed denial-of-service (DDoS) attacks.
• D. Create IAM policies that deny access to patient data from IP addresses outside Country A so only local users can access the application.

Best answer: B

Explanation: Migrating the patient records workload to an AWS Region that meets the in-country data residency requirements aligns directly with the regulator’s concern that data must stay within Country A’s borders. AWS allows customers to choose Regions based on geographic and regulatory needs, so placing both primary data and backups in a compliant Region is the correct way to meet this geographic compliance requirement.

Question 17

Topic: Domain 4: Billing, Pricing, and Support

A company is planning to reduce its Amazon EC2 compute costs and is comparing Savings Plans with Reserved Instances. Which of the following statements about these pricing options is INCORRECT?

Options:

• A. Savings Plans are based on committing to a consistent amount of compute usage over a 1- or 3-year term and can apply across different EC2 instance families, depending on the plan type.
• B. Compute Savings Plans can reduce costs for usage on Amazon EC2, AWS Fargate, and AWS Lambda, while EC2 Reserved Instances only discount Amazon EC2 usage.
• C. Savings Plans require committing to a specific instance type, Region, and operating system, while Reserved Instances can automatically apply across different instance families and compute services like AWS Fargate and AWS Lambda.
• D. Both Savings Plans and Reserved Instances offer lower prices than On-Demand rates in exchange for a usage commitment over a 1- or 3-year term.

Best answer: C

Explanation: The statement that says Savings Plans require committing to a specific instance type, Region, and operating system and that Reserved Instances automatically apply across different instance families and compute services is incorrect. In reality, Savings Plans are the more flexible mechanism, especially Compute Savings Plans, which can apply across multiple services and instance families. Reserved Instances are typically tied more narrowly to specific EC2 instance attributes in a given Region. Recognizing this inversion is key to understanding why that statement is wrong.

Question 18

Topic: Domain 3: Cloud Technology and Services

Which statement best describes how using multiple Availability Zones (AZs) within an AWS Region improves application availability and fault tolerance?

Options:

• A. It runs application resources in separate data centers so the application can continue operating if one AZ becomes unavailable.
• B. It removes the need for data backups because all data in an AZ is automatically stored in another AZ.
• C. It automatically deploys the application to multiple AWS Regions so it can survive a complete Regional outage.
• D. It guarantees zero downtime during software updates by automatically delaying all changes until off-peak hours.

Best answer: A

Explanation: The option stating that application resources run in separate data centers so the application can continue operating if one AZ becomes unavailable is correct because it captures the core idea of eliminating a single data center as a failure point. Spreading workloads across multiple AZs allows the application to remain online even during an AZ-level disruption, which is exactly how AZs are designed to improve resilience.

Question 19

Topic: Domain 2: Security and Compliance

Which of the following statements about compliance in the AWS Cloud are NOT accurate? (Select TWO.)

Options:

• A. If an AWS Region has at least one service certified for a specific compliance program, all services in that Region automatically share that certification.
• B. Different countries and industries can have different rules about where data may be stored and who can access it.
• C. A company’s internal security and compliance policies may need to be updated when migrating to AWS to reflect how responsibilities are shared with AWS.
• D. Customers can choose specific AWS Regions to help meet data residency requirements for their applications and data.
• E. AWS is responsible for ensuring that all customer workloads in every Region automatically comply with all global laws and regulations, so customers do not need their own compliance programs.

Correct answers: A and E

Explanation: The statement that AWS ensures all workloads in every Region automatically comply with all global laws and regulations is incorrect because AWS only manages compliance of the underlying cloud infrastructure, not how each customer uses it. Customers must still assess legal requirements, configure services appropriately, and maintain their own compliance programs.

The statement that one certified service in a Region makes all services in that Region automatically certified is also incorrect. Compliance attestations are typically scoped to specific services and sometimes Regions; customers must confirm that each service they plan to use is covered for the relevant compliance program.

Question 20

Topic: Domain 3: Cloud Technology and Services

A company is planning where to host its customer database in AWS. The team compared several options and estimated the ongoing operations work and ability to scale.

Use the following table to choose the MOST appropriate option for a company that wants to minimize database administration effort and easily support rapid growth.

Options:

• A. Keep current on-premises database
• B. Use Amazon RDS
• C. Run database on Amazon EC2
• D. Use Amazon DynamoDB

Best answer: D

Explanation: The choice to use Amazon DynamoDB is best because its row in the table lists the lowest admin effort (2 hours per month) and “Excellent, automatic capacity adjustment” for scaling. This directly satisfies the need to reduce operational work while handling rapid growth without manual capacity changes.

Question 21

Topic: Domain 2: Security and Compliance

A security engineer is planning basic security controls for a new AWS account. The exhibit shows three planned controls.

Based on the exhibit, which AWS service should the engineer enable to satisfy Control 1?

Exhibit:

Options:

• A. AWS Config
• B. AWS Identity and Access Management (IAM)
• C. Amazon GuardDuty
• D. AWS CloudTrail

Best answer: D

Explanation: AWS CloudTrail is correct because it is the AWS service designed to log console sign-ins and API calls. In the exhibit, Control 1 specifically needs an audit trail to answer questions like “Who changed this security group yesterday?” CloudTrail records those management events with timestamps, identity information, and details of the action, enabling exactly that type of audit and compliance review.

Question 22

Topic: Domain 3: Cloud Technology and Services

Which statement correctly describes the relationship among AWS Regions, Availability Zones, and edge locations?

Options:

• A. Edge locations are the same as Availability Zones, and each Region has exactly one of them for local content delivery.
• B. An Availability Zone is a global resource that contains multiple Regions, and edge locations are used mainly for EC2 backups.
• C. An AWS Region is a separate geographic area that contains multiple isolated Availability Zones, and edge locations are separate sites used to deliver content closer to users.
• D. An AWS Region is a single data center, and Availability Zones and edge locations are only logical groupings for management purposes.

Best answer: C

Explanation: The correct choice states that an AWS Region is a geographic area composed of multiple isolated Availability Zones and that edge locations are separate sites used to deliver content closer to users. This matches AWS’s published definition of Regions, Availability Zones, and edge locations and captures both the high-availability design (multiple AZs per Region) and the content delivery role of edge locations.

Question 23

Topic: Domain 3: Cloud Technology and Services

A startup is choosing how to run a new backend service on AWS. The following table summarizes their requirements.

Based only on this information, which AWS compute option is the most appropriate?

Options:

• A. Run the application on Amazon EC2 instances in an Auto Scaling group.
• B. Deploy the application using AWS Elastic Beanstalk on Amazon EC2 instances.
• C. Package the application into containers and run it on Amazon ECS using AWS Fargate.
• D. Implement the API as functions on AWS Lambda invoked through Amazon API Gateway.

Best answer: D

Explanation: Implementing the API as functions on AWS Lambda invoked through Amazon API Gateway aligns with every row in the exhibit. Lambda is ideal for short-lived, stateless requests, scales automatically for sudden spikes, and has billing based on actual code execution time and number of requests, which matches the “pay only when code is running” requirement. It is also fully managed from a server perspective, so the team does not need to manage servers or containers, satisfying the management preference in the table.

Question 24

Topic: Domain 3: Cloud Technology and Services

A company must store financial records for 10 years to meet regulatory requirements. The records are rarely accessed, and when they are needed, the company can wait several days for retrieval. The main goal is to minimize ongoing storage cost.

Based on the following information, which storage class is the most appropriate choice?

Options:

• A. S3 Glacier Flexible Retrieval
• B. S3 Glacier Deep Archive
• C. S3 Standard
• D. S3 Glacier Instant Retrieval

Best answer: B

Explanation: S3 Glacier Deep Archive is described in the exhibit as having the slowest retrieval, the lowest storage cost, and an intended use of “long-term archives rarely accessed.” This aligns perfectly with the company’s situation: 10-year retention, very rare access, and willingness to wait several days, all while prioritizing minimum storage cost.

CLF-C02 cloud practitioner map

Use this map after the sample questions to connect individual items to the AWS Cloud Practitioner service, billing, security, and architecture decisions these practice samples test.

    flowchart LR
	  S1["Business cloud need"] --> S2
	  S2["Identify AWS service category"] --> S3
	  S3["Apply shared responsibility and security basics"] --> S4
	  S4["Choose pricing and support concept"] --> S5
	  S5["Review reliability and operations"] --> S6
	  S6["Pick next AWS role route"]

Quick Cheat Sheet

Mini Glossary

• Availability Zone: Isolated datacenter group inside an AWS Region.
• IAM: AWS Identity and Access Management service for users, roles, and permissions.
• Region: Geographic AWS area containing multiple Availability Zones.
• Shared responsibility model: Division of cloud security and operations duties between AWS and customer.
• VPC: Virtual private cloud used to isolate and route AWS network resources.

In this section

• AWS CLF-C02: Cloud Concepts
  Try 10 focused AWS CLF-C02 questions on Cloud Concepts, with explanations, then continue with IT Mastery.
• AWS CLF-C02: Security and Compliance
  Try 10 focused AWS CLF-C02 questions on Security and Compliance, with explanations, then continue with IT Mastery.
• AWS CLF-C02: Cloud Technology and Services
  Try 10 focused AWS CLF-C02 questions on Cloud Technology and Services, with explanations, then continue with IT Mastery.
• AWS CLF-C02: Billing, Pricing, and Support
  Try 10 focused AWS CLF-C02 questions on Billing, Pricing, and Support, with explanations, then continue with IT Mastery.
• Free AWS CLF-C02 Full-Length Practice Exam: 65 Questions
  Try 65 free AWS CLF-C02 questions across the exam domains, with explanations, then continue with full IT Mastery practice.