AWS Cloud Practitioner CLF-C02: 20 Free Practice Questions with Answers (2026)

How to Use These Practice Questions

Each question includes a domain label matching the four CLF-C02 exam domains. Read the question, choose your answer, then check the explanation. The questions below reflect the real exam weighting: Cloud Technology and Services and Cloud Concepts are the heaviest domains at roughly 30% each.

These 20 questions represent less than 4% of the full ReadRoost CLF-C02 question bank. The complete pack includes over 500 questions and 250 flashcards covering every CLF-C02 objective, with spaced repetition that focuses your review time on weak areas. Start your free preview at readroo.st/marketplace/clf-c02-cloud-practitioner.

Questions 1-5: Cloud Concepts

Domain: Cloud Concepts | Difficulty: Foundation 1. Which design principle of the Reliability pillar involves automatically recovering from failure? A) Stop guessing capacity B) Automatically recover from failure C) Test recovery procedures D) Scale horizontally

Correct Answer: B Automatically recovering from failure is a design principle of the Reliability pillar. It involves monitoring workloads and automatically triggering recovery when thresholds are breached.

Domain: Cloud Concepts | Difficulty: Foundation 2. Which of the following is an example of AWS's responsibility in the Shared Responsibility Model? A) Encrypting customer data at rest B) Configuring security groups in customer VPCs C) Maintaining physical security of data centers D) Managing customer IAM policies

Correct Answer: C AWS is responsible for the security OF the cloud, which includes physical security of data centers, hardware, software (host OS, hypervisor), and networking infrastructure. Data encryption (A), security groups (B), and IAM policies (D) are customer responsibilities.

Domain: Cloud Concepts | Difficulty: Moderate 3. An AWS customer benefits from lower per-unit costs compared to running the same infrastructure on-premises, even though the customer has not grown significantly. What AWS cloud advantage explains this? A) High availability B) Economies of scale C) Agility D) Elasticity

Correct Answer: B AWS aggregates the usage of hundreds of thousands of customers, which allows it to achieve higher economies of scale and pass lower variable costs on to customers. Because AWS purchases compute, storage, and networking at massive scale, individual customers benefit from lower prices than they could achieve independently. This is one of the fundamental economic advantages of public cloud computing.

Domain: Cloud Concepts | Difficulty: Moderate 4. A startup wants to ensure they can scale their application to handle unpredictable traffic without over-provisioning. Which cloud computing advantage applies here? A) Trade capital expense for variable expense B) Stop guessing about capacity C) Increase speed and agility D) Stop spending money on data centers

Correct Answer: B Stop guessing about capacity means you no longer need to predict infrastructure needs months in advance. AWS enables you to access as much or as little capacity as you need and scale up or down automatically with services like Auto Scaling. For a startup with unpredictable traffic, this eliminates the risk of either over-provisioning (wasting money) or under-provisioning (losing customers during traffic spikes).

Domain: Cloud Concepts | Difficulty: Foundation 5. A company wants to reduce upfront hardware costs and pay only for the computing resources they actually use. Which cloud computing advantage addresses this? A) Trade capital expense for variable expense B) Increase speed and agility C) Go global in minutes D) Stop guessing about capacity

Correct Answer: A Trading capital expense for variable expense means instead of investing heavily in data centers and servers before you know how you'll use them, you pay only for the compute resources you consume.

Questions 6-10: Cloud Concepts and Security

Domain: Cloud Concepts | Difficulty: Moderate 6. What does the Sustainability pillar of the Well-Architected Framework focus on? A) Reducing operational costs B) Minimizing the environmental impacts of running cloud workloads C) Ensuring high availability of applications D) Improving application performance

Correct Answer: B The Sustainability pillar focuses on minimizing the environmental impacts of running cloud workloads. Key areas include region selection, user behavior patterns, software patterns, data patterns, and hardware patterns.

Domain: Security and Compliance | Difficulty: Foundation 7. Which IAM security best practice involves giving users only the permissions they need to perform their job and nothing more? A) Separation of duties B) Principle of least privilege C) Multi-factor authentication D) Regular credential rotation

Correct Answer: B The principle of least privilege means giving a user only those privileges essential to perform their intended function. This reduces the attack surface and limits potential damage from compromised credentials.

Domain: Security and Compliance | Difficulty: Foundation 8. What is the primary purpose of AWS Identity and Access Management (IAM)? A) To monitor application performance B) To securely control access to AWS resources C) To encrypt data at rest D) To deploy applications automatically

Correct Answer: B AWS IAM is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

Domain: Security and Compliance | Difficulty: Challenging 9. What is the key difference between a Security Group and a Network ACL? A) Security Groups are stateful; Network ACLs are stateless B) Security Groups are free; Network ACLs have a cost C) Security Groups work at the subnet level; Network ACLs work at the instance level D) Security Groups only allow traffic; Network ACLs only deny traffic

Correct Answer: A Security Groups are stateful (return traffic is automatically allowed) and operate at the instance level. Network ACLs are stateless (must explicitly allow return traffic) and operate at the subnet level. Security Groups only allow rules; NACLs support both allow and deny rules.

Domain: Security and Compliance | Difficulty: Challenging 10. What are Service Control Policies (SCPs) in AWS Organizations? A) Policies that grant permissions to IAM users B) Organization policies that specify the maximum permissions for member accounts C) Security policies for VPC network traffic D) Encryption policies for S3 buckets

Correct Answer: B SCPs are organization policies that you can use to manage permissions in your organization. They specify the maximum permissions for an affected AWS account, acting as guardrails that limit what the account's administrator can do.

Questions 11-15: Security and Cloud Technology

Domain: Security and Compliance | Difficulty: Moderate 11. What is IAM Access Analyzer? A) A tool that analyzes IAM policy syntax B) A service that identifies resources shared with external entities C) A service that monitors EC2 CPU usage D) A tool that generates IAM passwords

Correct Answer: B IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity, helping identify unintended access.

Domain: Cloud Technology and Services | Difficulty: Foundation 12. What is Amazon DynamoDB? A) A relational database service B) A fully managed NoSQL database service C) A data warehouse service D) A graph database service

Correct Answer: B Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. It supports key-value and document data structures.

Domain: Cloud Technology and Services | Difficulty: Challenging 13. A company has data with unknown access patterns. They want to automatically optimize costs without manually moving data between storage classes. Which S3 feature should they use? A) S3 Lifecycle policies B) S3 Intelligent-Tiering C) S3 Cross-Region Replication D) S3 Versioning

Correct Answer: B S3 Intelligent-Tiering automatically moves data between access tiers based on changing access patterns, optimizing costs without performance impact or operational overhead. It automatically moves objects between Frequent Access and Infrequent Access tiers.

Domain: Cloud Technology and Services | Difficulty: Foundation 14. What is Amazon S3? A) A block storage service for EC2 B) An object storage service with high scalability and durability C) A managed database service D) A content delivery network

Correct Answer: B Amazon S3 (Simple Storage Service) is an object storage service offering industry-leading scalability, data availability, security, and performance. It stores data as objects within buckets.

Domain: Cloud Technology and Services | Difficulty: Moderate 15. An e-commerce site experiences traffic spikes during holiday sales. They need their infrastructure to automatically scale up during peak times and scale down during off-peak times to save costs. Which service combination should they use? A) EC2 with Lambda B) EC2 with Auto Scaling and Elastic Load Balancing C) S3 with CloudFront D) RDS with DynamoDB

Correct Answer: B EC2 Auto Scaling automatically adjusts the number of EC2 instances based on demand. Elastic Load Balancing distributes traffic across the instances. Together they provide automatic scaling and high availability.

Questions 16-20: Cloud Technology and Billing

Domain: Cloud Technology and Services | Difficulty: Foundation 16. What is Amazon Rekognition? A) A speech-to-text service B) An image and video analysis service using deep learning C) A text-to-speech service D) A language translation service

Correct Answer: B Amazon Rekognition makes it easy to add image and video analysis to your applications using proven, highly scalable, deep learning technology that requires no machine learning expertise to use.

Domain: Cloud Technology and Services | Difficulty: Moderate 17. A website serves video content to users worldwide. Users in Asia are experiencing slow load times. Which service can help improve their experience? A) AWS Lambda B) Amazon CloudFront C) Amazon S3 D) AWS Direct Connect

Correct Answer: B Amazon CloudFront is a CDN that caches content at edge locations close to users. By distributing content through edge locations in Asia, users will experience lower latency and faster load times.

Domain: Billing, Pricing, and Support | Difficulty: Moderate 18. A company has multiple AWS accounts for different departments. They want to combine billing and share volume pricing discounts across all accounts. Which feature should they use? A) AWS Cost Explorer B) AWS Organizations with consolidated billing C) AWS Budgets D) AWS Trusted Advisor

Correct Answer: B AWS Organizations with consolidated billing allows you to combine usage from all accounts into one bill and share volume pricing discounts, Reserved Instance discounts, and Savings Plans across all accounts in the organization.

Domain: Billing, Pricing, and Support | Difficulty: Foundation 19. What is AWS Marketplace? A) A physical store for AWS merchandise B) A digital catalog with thousands of software listings from independent software vendors C) A service for selling your AWS account D) A tool for comparing AWS prices with competitors

Correct Answer: B AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS.

Domain: Billing, Pricing, and Support | Difficulty: Moderate 20. What is a Technical Account Manager (TAM)? A) A service for managing EC2 instances B) A designated AWS expert who provides proactive guidance and support C) A tool for tracking technical documentation D) A service for managing API keys

Correct Answer: B A Technical Account Manager (TAM) is included with Enterprise Support. The TAM is your designated AWS expert who provides proactive guidance, best practices, and coordinates access to AWS programs and expertise.

How Did You Score?

Most candidates who score 16/20 or higher on sample questions like these pass the real CLF-C02 on their first attempt. How did you do? Share your score with your study group. 16-20 correct: You are exam-ready. Schedule your CLF-C02 at pearsonvue.com and aim for the next available slot while the material is fresh. Consider taking the exam within two weeks. 11-15 correct: Solid foundation, but review the domains where you dropped questions. Cloud Technology and Services (34%) and Security and Compliance (30%) carry the most exam weight, so prioritize those. Drill weak areas daily for one to two weeks before booking. Under 11 correct: Start with the free AWS Cloud Practitioner Essentials course on AWS Skill Builder to rebuild your fundamentals. Then work through practice questions daily until you consistently score above 80% before booking your exam.

These 20 questions are a sample from the ReadRoost CLF-C02 pack. The full pack includes 500+ exam-style questions and 250 flashcards with spaced repetition that adapts to your weak areas. Get the full CLF-C02 pack at readroo.st/marketplace/clf-c02-cloud-practitioner.

Ready to level up after Cloud Practitioner? The AWS Solutions Architect Associate (SAA-C03) is the natural next step. Get the ReadRoost SAA-C03 pack at readroo.st/marketplace/aws-saa-c03-solutions-architect-associate. Browse all AWS certifications at readroo.st/marketplace.