Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCLF-C02Exam Questions

Amazon Web Services · Free Practice Questions · Last reviewed May 2026

CLF-C02 Exam Questions and Answers

24real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.

65 exam questions
90 min time limit
Pass: 700/1000 / 1000
4 exam domains
OverviewDomain BlueprintStudy GuideAll QuestionsSample by Domain
1. Cloud Concepts2. Security and Compliance3. Cloud Technology and Services4. Billing, Pricing, and Support
1

Domain 1: Cloud Concepts

All Cloud Concepts questions
Q1
mediumFull explanation →

A company is migrating its on-premises applications to the AWS Cloud. The Chief Security Officer wants to confirm the division of security responsibilities. According to the AWS Shared Responsibility Model, which of the following tasks is the customer's responsibility?

A

Ensuring the physical security of AWS data centers

B

Patching the hypervisor layer that runs Amazon EC2 instances

C

Managing network access control lists (ACLs) for the customer's VPC

Network ACLs are stateless firewall rules that control inbound and outbound traffic at the subnet level within a VPC. Configuring and managing these rules is the customer's responsibility as part of managing security in the cloud.

D

Replacing defective hardware components in the AWS global infrastructure

Why: Option C is correct because managing network access control lists (ACLs) for a customer's VPC is explicitly a customer responsibility under the AWS Shared Responsibility Model. Customers control inbound and outbound traffic at the subnet level by configuring NACLs, which are stateless firewall rules. AWS provides the infrastructure and the VPC service, but the customer must define and manage the ACL rules to enforce network segmentation and security.
Q2
mediumFull explanation →

A retail company runs a legacy application on a single on-premises server. The application experiences unpredictable traffic surges that degrade performance. The company is considering migrating to the AWS Cloud. Which cloud computing characteristic MOST directly addresses the ability to automatically adjust resources to meet changing demand without manual intervention?

A

Elasticity

Correct. Elasticity is the ability to automatically provision and release cloud resources in response to changing demand. This directly addresses the company's need to handle traffic surges without manual intervention.

B

Scalability

C

High availability

D

Durability

Why: Elasticity is the cloud computing characteristic that enables automatic resource provisioning and de-provisioning to match demand in real time, without manual intervention. For the retail company's legacy application with unpredictable traffic surges, elasticity directly addresses the need to dynamically scale resources up during spikes and down during lulls, which is distinct from the planned, manual scaling of scalability.
Q3
mediumFull explanation →

A startup is deploying a web application on Amazon EC2 instances across multiple Availability Zones (AZs). The architecture must ensure that the application remains fully operational and available to users even if one entire AZ fails. Which cloud computing concept does this requirement MOST directly represent?

A

Elasticity

B

Fault tolerance

Correct. Fault tolerance describes a system that continues operating without interruption despite the failure of one or more components. Distributing workloads across multiple Availability Zones is a key method to achieve fault tolerance in AWS.

C

Scalability

D

Resource pooling

Why: Fault tolerance is the correct concept because the requirement specifies that the application must remain fully operational and available even if an entire Availability Zone fails. By deploying EC2 instances across multiple AZs and using an Elastic Load Balancer to distribute traffic, the architecture can withstand the failure of one AZ without any interruption in service, which is the essence of fault tolerance.
Q4
mediumFull explanation →

A mid-size company is planning to migrate its IT infrastructure to the AWS Cloud. The Chief Information Officer (CIO) expresses concern that multiple customers' virtual servers might run on the same physical hardware, potentially increasing the risk of data exposure. Which cloud computing characteristic describes this shared infrastructure model, where computing resources are pooled to serve multiple customers using a multi-tenant model?

A

On-demand self-service

B

Resource pooling

Resource pooling is the cloud characteristic where the provider's computing resources are pooled to serve multiple customers using a multi-tenant model. This directly addresses the CIO's concern about shared physical hardware, and AWS implements strong isolation mechanisms to prevent data exposure.

C

Measured service

D

Broad network access

Why: Resource pooling is the correct answer because it directly describes the multi-tenant model where the provider's computing resources (such as physical servers, storage, and network) are pooled to serve multiple customers. In AWS, this is achieved through hypervisor-level isolation (e.g., Xen or Nitro hypervisors) that allows multiple virtual servers (EC2 instances) to run on the same physical host while maintaining strict memory and I/O separation, preventing data exposure between tenants.
Q5
mediumFull explanation →

A company based in Germany needs to store and process customer data that, by law, must remain within the European Union (EU). The company plans to use AWS services. Which AWS Global Infrastructure element is the MOST important for the company to evaluate when choosing where to deploy its resources?

A

Availability Zones

B

Edge Locations

C

AWS Regions

AWS Regions are distinct geographic areas that are completely isolated from each other. Choosing a Region within the EU (e.g., eu-central-1 in Frankfurt) ensures that the customer's data remains in the EU, satisfying data residency laws. This is the foundational decision before considering other infrastructure components.

D

Local Zones

Why: AWS Regions are geographically isolated areas that contain multiple Availability Zones. Since the company must ensure customer data remains within the EU by law, choosing the correct AWS Region (e.g., eu-central-1 in Frankfurt) is the primary mechanism to guarantee data residency. Only by deploying resources in an EU-based Region can the company meet legal data sovereignty requirements.
Q6
mediumFull explanation →

A company is currently running its IT infrastructure in an on-premises data center. The finance department wants to understand how moving to the AWS Cloud would change the company's cost structure. In particular, they want to avoid large upfront hardware purchases and instead pay only for the resources they consume on a monthly basis. Which key cloud computing concept does this shift represent?

A

Elasticity

B

Economies of scale

C

Pay-as-you-go pricing

Pay-as-you-go is a pricing model where customers pay only for the resources they consume, with no upfront commitments. This directly addresses the finance department's desire to avoid large upfront hardware purchases and shift to a variable monthly expense model.

D

High availability

Why: Option C is correct because pay-as-you-go pricing is the cloud computing model that allows a company to avoid large upfront capital expenditures on hardware and instead pay only for the resources they consume on a monthly basis. This directly aligns with the finance department's goal of shifting from a capital expenditure (CapEx) model to an operational expenditure (OpEx) model, where costs are incurred based on actual usage rather than upfront purchases.

Want more Cloud Concepts practice?

Practice this domain
2

Domain 2: Security and Compliance

All Security and Compliance questions
Q1
mediumFull explanation →

A company is preparing for an annual compliance audit. The auditor requests a copy of the AWS SOC 2 Type II report to review AWS's controls. Which AWS service or tool can the company use to obtain this report?

A

AWS Config

B

AWS Artifact

AWS Artifact is the correct service. It is a self-service portal for on-demand access to AWS compliance reports and agreements. This allows customers to download reports like SOC 2 Type II directly.

C

AWS Trusted Advisor

D

AWS Security Hub

Why: AWS Artifact is the correct service because it provides on-demand access to AWS compliance reports, including SOC reports, PCI reports, and ISO certifications. The company can use AWS Artifact to download the SOC 2 Type II report directly, fulfilling the auditor's request without needing to contact AWS support.
Q2
mediumFull explanation →

A company has deployed multiple EC2 instances with different security groups. The compliance team wants to ensure that no security group allows unrestricted SSH access (0.0.0.0/0) and receive alerts if any such rule is created. Which AWS service can they use to continuously monitor and evaluate the security group configurations against this policy?

A

AWS CloudTrail

B

Amazon GuardDuty

C

AWS Config

AWS Config continuously monitors and records AWS resource configurations and allows you to evaluate them against desired configurations using managed or custom rules. It can detect security groups with unrestricted SSH access and trigger notifications or automatic remediation.

D

AWS Security Hub

Why: AWS Config is the correct service because it provides continuous monitoring and evaluation of AWS resource configurations against desired policies. With a managed rule like `restricted-ssh`, AWS Config can automatically detect security groups that allow unrestricted SSH access (0.0.0.0/0) and trigger alerts or remediation actions. This meets the compliance team's requirement for ongoing, rule-based evaluation of security group configurations.
Q3
mediumFull explanation →

A company uses an IAM role to allow an application running on Amazon EC2 to decrypt data stored in Amazon S3. The security team wants to enforce that the application can only use the decryption permission when the IAM role has a specific tag (e.g., 'Environment=Production'). Which approach should the security team implement to meet this requirement?

A

Add a condition to the KMS key policy that uses the 'kms:RequestTag/ConditionKey' to require the tag on the caller.

B

Add a condition to the IAM role's trust policy that denies the 'kms:Decrypt' action unless the role has the tag.

C

Add a condition to the IAM policy that grants the 'kms:Decrypt' permission with a condition on 'aws:PrincipalTag' to require the tag.

Correct. IAM policies support the 'aws:PrincipalTag' condition key, which checks the tags attached to the IAM principal (user or role) making the request. By adding a condition like 'StringEquals': {'aws:PrincipalTag/Environment': 'Production'} to the IAM policy that grants 'kms:Decrypt', the decryption action is only allowed when the role has the specified tag. This is a form of attribute-based access control (ABAC).

D

Add a condition to the S3 bucket policy that denies all access unless the IAM role has the required tag.

Why: Option C is correct because the condition key 'aws:PrincipalTag' in an IAM policy allows you to control access based on tags attached to the IAM principal (the role). By adding a condition that requires 'aws:PrincipalTag/Environment' to equal 'Production', the 'kms:Decrypt' permission is only effective when the IAM role has that specific tag. This directly enforces the security team's requirement at the IAM policy level, which is the appropriate place to restrict permissions based on principal attributes.
Q4
mediumFull explanation →

A company needs to maintain a secure audit trail of all API calls made against its AWS resources. The audit trail must record the identity of the caller, the time of the call, the source IP address, and the request details. The records must be stored securely with integrity guarantees for a minimum of five years to meet compliance requirements. Which AWS service should the company use to capture and store this information?

A

AWS Config

B

Amazon GuardDuty

C

AWS CloudTrail

AWS CloudTrail is the correct service. It records all API calls made to the AWS environment, including details such as the caller's identity, time of the call, source IP address, and request parameters. The logs can be stored durably in Amazon S3 with integrity validation and can be retained for as long as needed.

D

AWS Trusted Advisor

Why: AWS CloudTrail is the correct service because it records all API calls made to AWS services, capturing the identity of the caller, timestamp, source IP address, and request details. It stores these logs in Amazon S3 with server-side encryption and integrity validation via digest files, and can be configured to retain logs for more than five years using lifecycle policies or by archiving to Amazon S3 Glacier.
Q5
mediumFull explanation →

A financial services company requires all data stored in Amazon S3 to be encrypted at rest. The company has a compliance policy that states encryption keys must be managed entirely by the customer and must never be stored or managed by the cloud provider. Which encryption option should the company use for Amazon S3?

A

Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)

B

Server-Side Encryption with AWS KMS Customer Managed Keys (SSE-KMS)

C

Server-Side Encryption with Customer-Provided Keys (SSE-C)

Correct. SSE-C allows you to provide your own encryption key with each request. AWS uses the key to encrypt/decrypt the data but does not store the key. This meets the compliance requirement that keys are managed entirely by the customer and are never stored by the cloud provider.

D

Client-Side Encryption using an on-premises key management system

Why: SSE-C allows the customer to provide their own encryption keys for server-side encryption of S3 objects. The customer manages the keys entirely, and AWS does not store or manage them, meeting the compliance requirement that encryption keys must never be stored or managed by the cloud provider.
Q6
mediumFull explanation →

A company runs a web application on Amazon EC2 that connects to an Amazon RDS database. The database credentials are currently hardcoded in the application configuration file. The security team requires that the credentials be automatically rotated every 90 days and that the application retrieves them securely from a managed service without storing them in the application code. Which AWS service should the company use to meet these requirements?

A

AWS Key Management Service (AWS KMS)

B

AWS Secrets Manager

AWS Secrets Manager is the correct service because it stores database credentials securely, allows retrieval via API calls, and can automatically rotate credentials for supported services like Amazon RDS on a defined schedule (e.g., every 90 days).

C

AWS Systems Manager Parameter Store

D

AWS Certificate Manager (ACM)

Why: AWS Secrets Manager is the correct choice because it is purpose-built for securely storing, retrieving, and automatically rotating database credentials (including for Amazon RDS) on a schedule. It allows the application to fetch credentials at runtime via API calls, eliminating hardcoded secrets, and supports native rotation every 90 days without custom code.

Want more Security and Compliance practice?

Practice this domain
3

Domain 3: Cloud Technology and Services

All Cloud Technology and Services questions
Q1
mediumFull explanation →

A healthcare company needs to store patient medical records that must be retained for 10 years to comply with regulatory requirements. These records are accessed very rarely, only in the event of an audit or legal request. Which Amazon S3 storage class is the MOST cost-effective choice for this data?

A

S3 Standard

B

S3 Intelligent-Tiering

C

S3 One Zone-IA

D

S3 Glacier Deep Archive

S3 Glacier Deep Archive is the lowest-cost S3 storage class, designed for long-term retention of data that is accessed extremely rarely (e.g., once or twice per year). It provides secure and durable storage with retrieval times of 12-48 hours, making it the most cost-effective choice for regulatory archives with a 10-year retention requirement.

Why: S3 Glacier Deep Archive is the most cost-effective choice because it is designed for long-term retention of rarely accessed data with a retrieval time of 12–48 hours. The 10-year retention requirement and infrequent access pattern (only during audits or legal requests) align perfectly with this storage class, offering the lowest storage cost among S3 classes while still meeting compliance needs.
Q2
mediumFull explanation →

A company hosts a static website on Amazon S3. The website serves product images and documents to customers around the world. Users in distant regions report slow load times. The company wants to reduce latency for all users without changing the existing S3 bucket configuration. Which AWS service should the company use?

A

Amazon CloudFront

Correct. CloudFront is a CDN that caches static content at edge locations, reducing latency for global users.

B

AWS Direct Connect

C

Amazon Route 53

D

AWS Global Accelerator

Why: Amazon CloudFront is a content delivery network (CDN) that caches static content (e.g., images, documents) at edge locations worldwide. By distributing content from the nearest edge location to the user, CloudFront significantly reduces latency without requiring any changes to the existing S3 bucket configuration. The origin remains the S3 bucket, and CloudFront handles the global distribution automatically.
Q3
mediumFull explanation →

A company is developing a microservices application on AWS. The application includes a front-end web tier and a backend order processing service. The front-end sends order requests to the backend, which may take several seconds to process. The company wants to ensure that the front-end does not wait for the backend to complete, and that no orders are lost if the backend service is temporarily unavailable. Which AWS service should the company use to decouple the front-end and backend?

A

Amazon ElastiCache

B

Amazon Simple Queue Service (SQS)

Amazon SQS is a message queuing service that decouples application components. It allows the front-end to send messages to a queue, which are then processed by the backend independently, ensuring no data loss and asynchronous processing.

C

Amazon Route 53

D

Amazon CloudWatch

Why: Amazon Simple Queue Service (SQS) is the correct choice because it provides a fully managed message queue that decouples the front-end and backend services. The front-end can send order requests to an SQS queue and immediately return a response, while the backend processes messages asynchronously. SQS also stores messages durably across multiple Availability Zones, ensuring no orders are lost even if the backend is temporarily unavailable.
Q4
mediumFull explanation →

A development team is building a serverless application that processes image uploads to Amazon S3. The application needs to automatically generate a thumbnail version of each uploaded image and store it in a separate S3 bucket. The team wants to minimize operational overhead and only pay for the compute time used during thumbnail generation. Which AWS service should the team use to execute the thumbnail generation code in response to S3 upload events?

A

Amazon EC2 Auto Scaling group

B

AWS Lambda

AWS Lambda is a serverless compute service that can be triggered directly by S3 events. It runs code only when invoked, scales automatically, and bills only for the compute time used, meeting all the stated requirements.

C

Amazon ECS with Fargate

D

Amazon Elastic Beanstalk

Why: AWS Lambda is the correct choice because it is a serverless compute service that can be triggered directly by S3 events (e.g., s3:ObjectCreated:*). This allows the thumbnail generation code to run automatically in response to each image upload, with no servers to manage and billing based only on the compute time consumed during execution.
Q5
mediumFull explanation →

A company runs a web application on multiple Amazon EC2 instances that are behind an Application Load Balancer. The operations team wants to ensure that if any EC2 instance fails, a new instance is automatically launched to replace it and maintain a minimum number of running instances. Which AWS service should the company use to meet this requirement?

A

AWS Elastic Load Balancing

B

Amazon EC2 Auto Scaling

Amazon EC2 Auto Scaling is the correct service. It automatically adds or removes EC2 instances based on defined policies or to maintain a desired capacity. If an instance fails, Auto Scaling detects the decrease in healthy capacity and launches a new instance to replace it, ensuring the application remains available.

C

AWS Lambda

D

AWS Auto Scaling

Why: Amazon EC2 Auto Scaling is the correct service because it automatically launches new EC2 instances to replace failed ones and maintains a specified minimum number of running instances. It integrates with the Application Load Balancer to register new instances and deregister failed ones, ensuring the web application remains available. This directly meets the requirement for automatic instance replacement and capacity maintenance.
Q6
mediumFull explanation →

A company runs a multiplayer gaming application on Amazon EC2 instances in the us-east-1 Region. The application uses the UDP protocol for real-time communication between players and game servers. Players in Asia and Europe report high latency and packet loss. The company wants to improve performance by directing player traffic from the nearest edge location to the application over the AWS global network, without modifying the application code. Which AWS service should the company use?

A

Amazon CloudFront

B

AWS Global Accelerator

AWS Global Accelerator uses the AWS global network to improve the performance of TCP/UDP applications. It directs user traffic to the nearest edge location and then routes it over the AWS global backbone to the optimal regional endpoint, reducing latency and packet loss. This matches the requirement for UDP-based gaming application without application changes.

C

Amazon Route 53 latency routing

D

AWS Site-to-Site VPN

Why: AWS Global Accelerator uses the AWS global network to route UDP traffic from the nearest edge location to the application, reducing latency and packet loss without requiring code changes. It leverages Anycast IP addresses to direct player traffic to the closest edge location, then transports it over the optimized AWS backbone to the EC2 instances in us-east-1.

Want more Cloud Technology and Services practice?

Practice this domain
4

Domain 4: Billing, Pricing, and Support

All Billing, Pricing, and Support questions
Q1
mediumFull explanation →

A company runs multiple workloads on Amazon EC2 instances. They expect consistent usage for the next three years but want the flexibility to change instance families (for example, from M5 to C5) if performance requirements shift. Which AWS pricing model meets these requirements while providing a significant discount over On-Demand pricing?

A

Reserved Instances (Standard)

B

Compute Savings Plans

Compute Savings Plans apply to any EC2 instance family, any size, in any region, and also cover Fargate and Lambda usage. This gives the company the flexibility to change instance families while still receiving a significant discount over On-Demand rates, making it the correct choice.

C

EC2 Instance Savings Plans

D

Spot Instances

Why: Compute Savings Plans (Option B) offer a significant discount (up to 66%) over On-Demand pricing in exchange for a commitment to a consistent amount of compute usage (measured in $/hour) for a 1- or 3-year term. Unlike Reserved Instances, Savings Plans are flexible across instance families (e.g., M5 to C5), regions, OS, and tenancy, making them ideal for workloads that may need to change instance types over time while still receiving a discounted rate.
Q2
mediumFull explanation →

A company wants to proactively monitor its AWS spending and receive email notifications when actual or forecasted costs exceed a defined threshold. The company has a monthly budget of $10,000 and wants to be alerted when costs reach 80% of the budget. Which AWS service should the company use to meet these requirements?

A

AWS Cost Explorer

B

AWS Budgets

AWS Budgets is the correct service because it enables you to set custom cost and usage budgets and define threshold alerts that trigger email notifications (or actions via Amazon SNS) when actual or forecasted costs exceed specified percentages of the budget. This directly meets the requirement for proactive monitoring and alerts at the 80% threshold.

C

AWS Trusted Advisor

D

AWS Consolidated Billing

Why: AWS Budgets allows you to set custom cost and usage budgets, and configure alerts that trigger when actual or forecasted costs exceed a defined threshold (e.g., 80% of a $10,000 monthly budget). It can send email notifications via Amazon SNS when the threshold is breached, meeting the proactive monitoring requirement.
Q3
mediumFull explanation →

A company operates five separate AWS accounts for different business units. The finance team wants to aggregate the usage across all accounts to benefit from volume pricing discounts and to receive a single monthly bill. The company does not need to centrally manage permissions or apply service control policies at this time. Which AWS feature should the company use to meet these requirements?

A

Consolidated Billing through AWS Organizations

Consolidated Billing aggregates usage across multiple accounts, enabling volume discounts and a single monthly invoice. This is the correct feature for the requirement.

B

AWS Cost Explorer

C

AWS Budgets

D

AWS Trusted Advisor

Why: AWS Organizations provides Consolidated Billing, which allows a company to aggregate usage across multiple AWS accounts into a single monthly bill. This enables the finance team to benefit from volume pricing discounts because AWS combines usage across all accounts, potentially lowering the overall cost tier. The requirement does not include centralized permission management or service control policies, so the basic Consolidated Billing feature of AWS Organizations is sufficient.
Q4
mediumFull explanation →

A company wants to review its AWS spending for the past six months to identify which services and business units are driving costs. The finance team needs to interactively examine cost trends, filter by service and account, and visualize the data without setting up complex reports. Which AWS service or tool should the company use to meet these requirements?

A

AWS Cost Explorer

AWS Cost Explorer offers a ready-to-use graphical interface to explore and analyze your AWS costs and usage over custom time periods, with filters by service, account, region, and tags. It directly meets the need for interactive trend analysis without requiring additional setup.

B

AWS Budgets

C

AWS Trusted Advisor

D

AWS Cost and Usage Reports

Why: AWS Cost Explorer provides a pre-built, interactive dashboard that allows you to visualize and analyze your AWS cost and usage data over the past 12 months. You can filter by service, linked account (business unit), and time range, and drill down into trends without needing to set up complex reports or queries. This directly meets the requirement for interactive examination of cost trends by service and account.
Q5
mediumFull explanation →

A company is launching a critical production application on AWS. The operations team requires technical support with a response time of less than 1 hour for urgent system issues. They also need access to AWS Trusted Advisor best practice checks for cost optimization and security. Which AWS Support plan meets these requirements at the lowest cost?

A

AWS Developer Support

B

AWS Business Support

The Business Support plan offers a 1-hour response for urgent (severity 1) cases and full access to Trusted Advisor best practice checks. This meets the requirements at the lowest cost among plans that satisfy these needs.

C

AWS Enterprise On-Ramp Support

D

AWS Enterprise Support

Why: AWS Business Support provides a response time of less than 1 hour for urgent system issues (production system impaired) and includes full access to AWS Trusted Advisor best practice checks for cost optimization and security. This meets all stated requirements at the lowest cost among the plans that offer these features.
Q6
mediumFull explanation →

A company operates separate AWS accounts for its engineering, marketing, and finance departments. The CFO wants to consolidate billing to receive a single monthly invoice and to benefit from volume pricing discounts. The security team also requires a centralized mechanism to prevent users in any department from launching Amazon EC2 instances outside of the us-east-1 and eu-west-1 Regions to meet data residency compliance. Which AWS service or feature should the company use to meet both requirements?

A

AWS Budgets

B

AWS Organizations with Service Control Policies (SCPs)

AWS Organizations provides consolidated billing for a single invoice and volume discounts, and SCPs allow you to centrally define and enforce permission guardrails (e.g., restricting Regions) across all member accounts. This directly meets both requirements.

C

AWS Identity and Access Management (IAM) cross-account roles

D

AWS Cost and Usage Reports

Why: AWS Organizations allows the company to consolidate multiple AWS accounts under a single management account, enabling consolidated billing for a single monthly invoice and volume pricing discounts. Service Control Policies (SCPs) provide centralized governance by restricting the AWS services and Regions that member accounts can use, such as preventing EC2 instances from being launched outside us-east-1 and eu-west-1. This combination directly addresses both the CFO's billing consolidation needs and the security team's data residency compliance requirements.

Want more Billing, Pricing, and Support practice?

Practice this domain

Frequently asked questions

How many questions are on the CLF-C02 exam?

The CLF-C02 exam has 65 questions and must be completed in 90 minutes. The passing score is 700/1000.

What types of questions appear on the CLF-C02 exam?

Conceptual AWS questions covering cloud concepts, core services, security, compliance, billing, and support plans.

How are CLF-C02 questions organised by domain?

The exam covers 4 domains: Cloud Concepts, Security and Compliance, Cloud Technology and Services, Billing, Pricing, and Support. Questions are weighted by domain — higher-weight domains appear more on your actual exam.

Are these the actual CLF-C02 exam questions?

No. These are original exam-style practice questions written against the official Amazon Web Services CLF-C02 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.

Ready to practice all 65 CLF-C02 questions?

Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.

Browse all CLF-C02 questionsTake a timed practice test