Quick answer: This post provides 25 AWS Cloud Practitioner (CLF-C02) practice questions covering all four exam domains—IAM, S3, EC2, VPC, pricing, support, and shared responsibility. Each question includes a detailed rationale explaining why each incorrect option is wrong. Use these to identify knowledge gaps and build exam confidence.
Why These AWS Cloud Practitioner Practice Questions Matter for CLF-C02
The AWS Cloud Practitioner exam (CLF-C02) tests your foundational understanding of AWS cloud concepts, services, security, pricing, and support. It’s the entry point for many IT professionals, but it’s not trivial—you need to know how AWS services work together, not just memorize definitions. The exam covers four domains: Cloud Concepts (26%), Security and Compliance (25%), Technology (33%), and Billing and Pricing (16%). These AWS Cloud Practitioner practice questions 2026 CLF-C02 mirror the real exam’s style, including single-answer and multi-select formats.
We’ve designed 25 questions proportionally across domains. Each rationale explains why correct answers are right and—crucially—why each wrong answer is wrong. This isn’t about memorization; it’s about understanding AWS principles like the shared responsibility model, IAM policies, and EC2 pricing. Let’s dive in.
Domain 1: Cloud Concepts (6 Questions)
Question 1
Which of the following is a key benefit of AWS’s pay-as-you-go pricing model?
A. Predictable monthly costs regardless of usage
B. No upfront costs and the ability to scale down when demand decreases
C. Fixed pricing for all services
D. Discounts automatically applied for all reserved instances
Answer: B
Rationale: Pay-as-you-go means you pay only for what you use, with no upfront commitments. Option A is wrong because costs vary with usage. Option C is false—AWS pricing varies by service, region, and usage. Option D is incorrect because reserved instance discounts require an upfront commitment, not automatic application.
Question 2
A startup wants to migrate its on-premises application to AWS to reduce operational overhead. Which cloud concept best describes this benefit?
A. High availability
B. Elasticity
C. Agility
D. Fault tolerance
Answer: C
Rationale: Agility means rapidly provisioning resources without hardware procurement delays, reducing operational overhead. High availability (A) ensures uptime but isn’t the primary migration benefit. Elasticity (B) scales resources up/down but doesn’t directly address overhead. Fault tolerance (D) handles failures but isn’t the main driver for migration.
Question 3
Which AWS Well-Architected Framework pillar focuses on recovering from disruptions and meeting SLAs?
A. Security
B. Reliability
C. Performance Efficiency
D. Cost Optimization
Answer: B
Rationale: Reliability includes recovery from failures and meeting SLAs. Security (A) covers data protection. Performance Efficiency (C) optimizes resource use. Cost Optimization (D) minimizes waste. Reliability directly addresses disruption recovery.
Question 4 (Multi-select)
Which of the following are advantages of cloud computing over on-premises? (Choose two.)
A. Eliminates the need for capacity planning
B. Provides unlimited physical security control
C. Converts capital expenditure (CapEx) to variable expenditure (OpEx)
D. Guarantees zero downtime
Answer: A, C
Rationale: A is correct—cloud elasticity reduces capacity planning guesswork. C is correct—you pay for usage (OpEx) instead of buying hardware (CapEx). B is wrong—AWS manages physical security; you control logical security. D is wrong—no cloud provider guarantees zero downtime; AWS offers SLAs but not 100% uptime.
Question 5
Which design principle is associated with the AWS Well-Architected Framework’s Performance Efficiency pillar?
A. Use serverless architectures
B. Implement least privilege access
C. Automate recovery from failure
D. Use consolidated billing
Answer: A
Rationale: Serverless architectures (e.g., Lambda) improve performance efficiency by scaling automatically. Least privilege (B) is Security. Automate recovery (C) is Reliability. Consolidated billing (D) is Cost Optimization.
Question 6
A company wants to test a new application in multiple AWS regions to reduce latency for global users. Which cloud concept does this demonstrate?
A. Scalability
B. Global reach
C. High availability
D. Elasticity
Answer: B
Rationale: Deploying in multiple regions improves global latency—that’s global reach. Scalability (A) handles load increases, not geography. High availability (C) focuses on uptime within a region. Elasticity (D) is about dynamic resource scaling.
Domain 2: Security and Compliance (6 Questions)
Question 7
Under the AWS shared responsibility model, which of the following is the customer responsible for?
A. Physical security of AWS data centers
B. Patching the hypervisor layer
C. Configuring security groups and IAM policies
D. Replacing failed hardware in AWS facilities
Answer: C
Rationale: Customers configure security groups and IAM policies (security IN the cloud). AWS handles physical security (A), hypervisor patching (B), and hardware replacement (D) (security OF the cloud).
Question 8
Which AWS service provides a centralized way to manage user identities and permissions for AWS resources?
A. AWS Organizations
B. AWS IAM
C. AWS Shield
D. AWS Config
Answer: B
Rationale: IAM manages users, groups, roles, and permissions. AWS Organizations (A) manages multiple accounts. AWS Shield (C) is DDoS protection. AWS Config (D) audits resource configurations.
Question 9 (Multi-select)
Which of the following are valid IAM security best practices? (Choose two.)
A. Use root user for daily administrative tasks
B. Enable multi-factor authentication (MFA) for privileged users
C. Create individual IAM users instead of sharing credentials
D. Store access keys in source code repositories
Answer: B, C
Rationale: MFA (B) adds security. Individual users (C) avoid shared credentials. A is wrong—root user should only be used for account-level tasks. D is wrong—access keys must never be stored in code.
Question 10
Which AWS service helps protect against DDoS attacks?
A. AWS WAF
B. AWS Shield
C. AWS Inspector
D. AWS Trusted Advisor
Answer: B
Rationale: AWS Shield provides DDoS protection (Standard is free; Advanced costs extra). WAF (A) filters web traffic but doesn’t stop DDoS at the network layer. Inspector (C) scans for vulnerabilities. Trusted Advisor (D) gives optimization recommendations.
Question 11
A company needs to encrypt data at rest in Amazon S3. Which feature should they enable?
A. S3 Transfer Acceleration
B. S3 Server-Side Encryption (SSE)
C. S3 Cross-Region Replication
D. S3 Versioning
Answer: B
Rationale: SSE encrypts data at rest in S3. Transfer Acceleration (A) speeds up uploads. Cross-Region Replication (C) copies objects across regions. Versioning (D) protects against accidental deletions.
Question 12
Which AWS compliance framework is specifically designed for healthcare data in the United States?
A. PCI DSS
B. HIPAA
C. SOC 2
D. FedRAMP
Answer: B
Rationale: HIPAA covers healthcare data. PCI DSS (A) is for payment card data. SOC 2 (C) is for service organization controls. FedRAMP (D) is for U.S. government cloud services.
Domain 3: Technology (8 Questions)
Question 13
Which Amazon EC2 instance purchasing option is best for a predictable, steady-state workload that runs 24/7?
A. On-Demand
B. Reserved Instances
C. Spot Instances
D. Dedicated Hosts
Answer: B
Rationale: Reserved Instances offer significant discounts for steady-state workloads. On-Demand (A) is flexible but costs more long-term. Spot Instances (C) can be interrupted—unsuitable for 24/7. Dedicated Hosts (D) are for licensing requirements, not cost optimization.
Question 14
A user needs to store infrequently accessed data that must be retrievable within minutes. Which Amazon S3 storage class is most cost-effective?
A. S3 Standard
B. S3 Intelligent-Tiering
C. S3 Standard-IA
D. S3 Glacier Deep Archive
Answer: C
Rationale: S3 Standard-IA is for infrequent access with millisecond retrieval. S3 Standard (A) is for frequent access. Intelligent-Tiering (B) auto-moves data but costs monitoring fees. Glacier Deep Archive (D) has 12-hour retrieval—too slow.
Question 15
Which AWS service allows you to run code without provisioning or managing servers?
A. Amazon EC2
B. AWS Lambda
C. Amazon ECS
D. AWS Elastic Beanstalk
Answer: B
Rationale: Lambda is serverless—you upload code and it runs. EC2 (A) requires server management. ECS (C) runs containers on EC2. Elastic Beanstalk (D) abstracts infrastructure but still uses EC2.
Question 16 (Multi-select)
Which components are required to create a VPC with public and private subnets? (Choose two.)
A. Internet Gateway
B. NAT Gateway
C. Route tables
D. VPN Connection
Answer: A, C
Rationale: An Internet Gateway (A) enables public subnet internet access. Route tables (C) direct traffic between subnets and gateways. A NAT Gateway (B) is optional—it lets private subnets access the internet. A VPN Connection (D) is for hybrid networks, not required.
Question 17
An application running on EC2 needs to access an S3 bucket. What is the most secure way to grant permissions?
A. Store AWS access keys in the application code
B. Use an IAM role attached to the EC2 instance
C. Create an IAM user and share credentials
D. Use S3 bucket policies only
Answer: B
Rationale: IAM roles are temporary credentials—no keys to manage. Storing keys in code (A) is insecure. Sharing credentials (C) violates best practices. Bucket policies alone (D) don’t grant EC2 access without an IAM principal.
Question 18
Which AWS service provides a global content delivery network (CDN) with low latency?
A. Amazon Route 53
B. Amazon CloudFront
C. AWS Global Accelerator
D. Amazon API Gateway
Answer: B
Rationale: CloudFront is a CDN that caches content at edge locations. Route 53 (A) is DNS. Global Accelerator (C) improves TCP/UDP performance. API Gateway (D) creates APIs.
Question 19
An organization needs to separate costs for development and production environments. Which AWS feature should they use?
A. Tags
B. Budgets
C. Consolidated billing
D. Cost Explorer
Answer: A
Rationale: Tags (e.g., “Environment: dev”) allow cost allocation. Budgets (B) set spending limits. Consolidated billing (C) combines accounts. Cost Explorer (D) visualizes usage.
Question 20
Which AWS service automatically distributes incoming traffic across multiple EC2 instances?
A. Amazon Route 53
B. Elastic Load Balancing (ELB)
C. Amazon CloudFront
D. AWS Auto Scaling
Answer: B
Rationale: ELB distributes traffic across instances. Route 53 (A) is DNS. CloudFront (C) is a CDN. Auto Scaling (D) adjusts instance count but doesn’t distribute traffic.
Domain 4: Billing and Pricing (5 Questions)
Question 21
Which AWS Support plan provides 24/7 access to Cloud Support Engineers via phone and chat?
A. Basic
B. Developer
C. Business
D. Enterprise
Answer: C
Rationale: Business plan includes 24/7 phone/chat. Basic (A) has only documentation. Developer (B) offers business-hours email. Enterprise (D) adds a Technical Account Manager (TAM).
Question 22 (Multi-select)
Which of the following are examples of AWS Free Tier offers? (Choose two.)
A. 750 hours of EC2 t2.micro per month for 12 months
B. 5 GB of Amazon S3 Standard storage for 12 months
C. Unlimited Lambda requests forever
D. 1 TB of Amazon EBS SSD storage per month
Answer: A, B
Rationale: A and B are correct—Free Tier includes 750 EC2 hours and 5 GB S3 storage for 12 months. C is wrong—Lambda has 1 million free requests per month, not unlimited. D is wrong—EBS free tier is 30 GB, not 1 TB.
Question 23
Which AWS tool allows you to visualize and analyze your AWS usage and costs over time?
A. AWS Budgets
B. AWS Cost Explorer
C. AWS Trusted Advisor
D. AWS Pricing Calculator
Answer: B
Rationale: Cost Explorer provides historical graphs and forecasts. Budgets (A) set alerts. Trusted Advisor (C) offers optimization checks. Pricing Calculator (D) estimates future costs.
Question 24
A company wants to reduce costs for a non-critical batch processing workload that can be interrupted. Which EC2 purchasing option is most suitable?
A. On-Demand
B. Reserved Instances
C. Spot Instances
D. Dedicated Instances
Answer: C
Rationale: Spot Instances offer deep discounts but can be reclaimed. On-Demand (A) is flexible but costlier. Reserved Instances (B) require commitment. Dedicated Instances (D) are for isolation, not cost.
Question 25
Which AWS service provides cost optimization recommendations, such as identifying idle resources?
A. AWS Cost Explorer
B. AWS Trusted Advisor
C. AWS Budgets
D. AWS Organizations
Answer: B
Rationale: Trusted Advisor checks for idle resources, underutilized instances, and more. Cost Explorer (A) is for visualization. Budgets (C) set thresholds. Organizations (D) manage accounts.
Final Takeaway and Next Steps
These 25 AWS Cloud Practitioner practice questions 2026 CLF-C02 cover all four domains with realistic difficulty. Review each rationale carefully—understanding why wrong answers are wrong is what separates a pass from a fail. Focus on the shared responsibility model, IAM basics, EC2 pricing, and S3 storage classes. The exam rewards practical knowledge, not trivia.
Ready to test your skills further? Courseiva offers a full bank of AWS Cloud Practitioner practice questions with detailed explanations, timed modes, and progress tracking. Start your free trial today and build exam-day confidence.