Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCLF-C02Flashcards
Free — No Signup RequiredAmazon Web Services· Updated 2026

CLF-C02 Flashcards — Free AWS Certified Cloud Practitioner CLF-C02 Study Cards

Reinforce CLF-C02 concepts with active-recall study cards covering all 4 blueprint domains. Each card shows the question on the front and the correct answer with a full explanation on the back.

1024+ study cards4 domains coveredActive recall methodFull explanations included
Start 30-card session50-card shuffle
Exam OverviewPractice TestMock ExamStudy GuideFlashcards

Study Sessions

CLF-C02 Flashcards

Pick a session size:

⚡Quick 10📝20 Cards🎯30 Cards📊50 Cards💪100 Cards
1,024+ cards · All free

Domains

Cloud Concepts
Security and Compliance
Cloud Technology and Services
Billing, Pricing, and Support

How to use CLF-C02 flashcards effectively

Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For CLF-C02 preparation, this means flashcards are one of the highest-return study tools available.

Attempt recall first

Read the CLF-C02 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.

Review wrong cards again

When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.

Study by domain

Group your CLF-C02 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real CLF-C02 exam requires.

Short sessions beat marathon reviews

20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass CLF-C02.

CLF-C02 flashcard preview

Sample cards from the CLF-C02 flashcard bank. Read the question, think of the answer, then read the explanation below.

1

A company is migrating its on-premises applications to the AWS Cloud. The Chief Security Officer wants to confirm the division of security responsibilities. According to the AWS Shared Responsibility Model, which of the following tasks is the customer's responsibility?

Cloud Concepts

Managing network access control lists (ACLs) for the customer's VPC

Option C is correct because managing network access control lists (ACLs) for a customer's VPC is explicitly a customer responsibility under the AWS Shared Responsibility Model. Customers control inbound and outbound traffic at the subnet level by configuring NACLs, which are stateless firewall rules. AWS provides the infrastructure and the VPC service, but the customer must define and manage the ACL rules to enforce network segmentation and security.

2

A company is preparing for an annual compliance audit. The auditor requests a copy of the AWS SOC 2 Type II report to review AWS's controls. Which AWS service or tool can the company use to obtain this report?

Security and Compliance

AWS Artifact

AWS Artifact is the correct service because it provides on-demand access to AWS compliance reports, including SOC reports, PCI reports, and ISO certifications. The company can use AWS Artifact to download the SOC 2 Type II report directly, fulfilling the auditor's request without needing to contact AWS support.

3

A healthcare company needs to store patient medical records that must be retained for 10 years to comply with regulatory requirements. These records are accessed very rarely, only in the event of an audit or legal request. Which Amazon S3 storage class is the MOST cost-effective choice for this data?

Cloud Technology and Services

S3 Glacier Deep Archive

S3 Glacier Deep Archive is the most cost-effective choice because it is designed for long-term retention of rarely accessed data with a retrieval time of 12–48 hours. The 10-year retention requirement and infrequent access pattern (only during audits or legal requests) align perfectly with this storage class, offering the lowest storage cost among S3 classes while still meeting compliance needs.

4

A company runs multiple workloads on Amazon EC2 instances. They expect consistent usage for the next three years but want the flexibility to change instance families (for example, from M5 to C5) if performance requirements shift. Which AWS pricing model meets these requirements while providing a significant discount over On-Demand pricing?

Billing, Pricing, and Support

Compute Savings Plans

Compute Savings Plans (Option B) offer a significant discount (up to 66%) over On-Demand pricing in exchange for a commitment to a consistent amount of compute usage (measured in $/hour) for a 1- or 3-year term. Unlike Reserved Instances, Savings Plans are flexible across instance families (e.g., M5 to C5), regions, OS, and tenancy, making them ideal for workloads that may need to change instance types over time while still receiving a discounted rate.

5

A company publishes a message each time a new product is added to its catalogue. Three services need to receive this message simultaneously: an email notification service, an inventory update service, and an analytics service. Which AWS service should the company use to deliver the message to all three services at the same time?

Amazon SNS

Amazon SNS is the correct choice because it is a fully managed pub/sub messaging service designed to deliver messages to multiple subscribers simultaneously. When a new product is added, the company can publish a single message to an SNS topic, and SNS will fan out that message to all three subscribed endpoints (email, inventory, and analytics) in parallel, ensuring they receive it at the same time.

6

A media company stores frequently accessed video thumbnails in Amazon S3. The thumbnails are read multiple times every day and must be highly available and durable. Which S3 storage class is most appropriate for this workload?

S3 Standard

S3 Standard is the most appropriate storage class because it offers high durability (99.999999999%) and high availability (99.99%) with low-latency access, making it ideal for frequently accessed, critical data like video thumbnails that are read multiple times daily. It provides automatic replication across a minimum of three Availability Zones, ensuring both high availability and durability without retrieval fees or minimum storage duration penalties.

7

A company needs a service to translate domain names (like www.example.com) into IP addresses, check the health of their web servers, and automatically redirect traffic to a healthy backup server if the primary server fails. Which AWS service provides all of these capabilities?

Amazon Route 53

Amazon Route 53 is a DNS web service that translates domain names to IP addresses. It also offers health checks that monitor the availability of web servers and can automatically route traffic away from unhealthy endpoints to healthy ones using DNS failover routing policies.

8

A startup runs an application on AWS and receives a monthly bill that charges exactly for the number of compute hours used, the gigabytes of data stored, and the gigabytes of data transferred. The company pays nothing for resources they did not use. Which cloud computing characteristic does this represent?

Measured service

This scenario describes a pay-per-use model where costs directly correlate with actual consumption of compute hours, storage, and data transfer. Measured service is the cloud characteristic that enables this by automatically monitoring, controlling, and reporting resource usage, providing transparency for both the provider and consumer. AWS implements this through services like AWS CloudTrail and detailed billing reports, ensuring customers are charged only for what they consume.

9

A financial institution runs its core banking application on-premises due to regulatory requirements. It has connected its data centre to AWS using AWS Direct Connect and runs analytics workloads on AWS that access data from the on-premises systems. Which cloud deployment model does this describe?

Hybrid cloud

This scenario describes a hybrid cloud deployment because the financial institution maintains its core banking application on an on-premises data center (private infrastructure) while also running analytics workloads on AWS (public cloud). The two environments are connected via AWS Direct Connect, a dedicated network link that enables secure, low-latency data transfer between the on-premises systems and AWS, allowing the analytics workloads to access on-premises data. Hybrid cloud specifically refers to the integration of on-premises private infrastructure with public cloud services, which matches this setup.

10

A company wants to run a MySQL database in AWS without managing database software installation, applying patches, setting up backups, or configuring replication for high availability. Which AWS service meets these requirements?

Amazon RDS

Amazon RDS is a managed database service that automates database software installation, patching, backup, and replication for high availability. By choosing RDS for MySQL, the company offloads these administrative tasks to AWS, meeting the requirement to avoid manual management of the database software, patches, backups, and replication configuration.

11

A security auditor needs to know which IAM user deleted a specific S3 bucket last week, from which IP address the action was taken, and at what exact time. Which AWS service captures this information?

AWS CloudTrail

AWS CloudTrail is the correct service because it records all API calls made to the AWS environment, including S3 bucket deletion actions (DeleteBucket). It captures the identity of the IAM user, the source IP address, and the exact timestamp of each API call, which directly meets the auditor's requirements.

12

A development team wants to deploy a Python web application to AWS without managing load balancers, auto scaling groups, or the underlying EC2 instance operating systems. They want to upload their code and have AWS handle the infrastructure. Which cloud service model does this represent?

Platform as a Service (PaaS)

Platform as a Service (PaaS) provides a managed platform where developers can upload code and AWS handles the underlying infrastructure, including load balancing, auto scaling, and OS patching. AWS Elastic Beanstalk is a PaaS service that abstracts EC2 instances, load balancers, and auto scaling groups, allowing the team to focus solely on their Python web application code.

13

An operations team documents all operational procedures as runbooks, deploys infrastructure using AWS CloudFormation templates stored in version control, and continuously refines their processes based on lessons learned from incidents. Which pillar of the AWS Well-Architected Framework does this represent?

Operational Excellence

Operational Excellence focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures. Documenting runbooks, using infrastructure as code (CloudFormation) with version control, and refining processes from incident lessons are core practices of this pillar, as they enable repeatable, auditable, and continuously improving operations.

14

A startup's development team wants to deploy their Node.js web application to AWS without learning about load balancers, auto scaling, or EC2 configuration. They want to simply upload their application code and have AWS handle everything else. Which AWS service is designed for this use case?

AWS Elastic Beanstalk

AWS Elastic Beanstalk is the correct service because it is a Platform as a Service (PaaS) offering that automatically handles capacity provisioning, load balancing, auto scaling, and application health monitoring. The development team can simply upload their Node.js application code, and Elastic Beanstalk deploys it on pre-configured EC2 instances without requiring any manual configuration of infrastructure components.

15

An application running on an Amazon EC2 instance needs to access an Amazon S3 bucket. The security team requires that no long-term access keys be stored on the instance. Which IAM feature should be used to grant the EC2 instance permission to access S3?

Attach an IAM role to the EC2 instance

Option C is correct because an IAM role can be attached to an EC2 instance, allowing the instance to obtain temporary security credentials from AWS STS via the instance metadata service. This eliminates the need to store long-term access keys on the instance, satisfying the security team's requirement. The EC2 instance automatically rotates these temporary credentials before they expire, providing secure, programmatic access to the S3 bucket.

16

A security team wants to automatically scan their Amazon EC2 instances for known software vulnerabilities (CVEs) and assess whether any instances have unintended network access paths open. Which AWS service performs these automated security assessments?

Amazon Inspector

Amazon Inspector is the correct service because it is specifically designed to perform automated vulnerability scans (including CVEs) and network reachability assessments on EC2 instances. It uses a combination of AWS security best practices and common vulnerability databases to identify software vulnerabilities and unintended network access paths, such as open ports or overly permissive security groups.

17

A company wants to monitor the CPU utilisation of their EC2 instances and automatically send an email alert when utilisation exceeds 80% for more than 5 consecutive minutes. Which AWS service provides this monitoring and alerting capability?

Amazon CloudWatch

Amazon CloudWatch is the correct service because it provides both monitoring of EC2 CPU utilization metrics and the ability to create CloudWatch Alarms that trigger actions, such as sending an email via Amazon SNS, when a metric like CPUUtilization exceeds a threshold (e.g., 80%) for a specified number of consecutive evaluation periods (e.g., 5 minutes). This directly fulfills the requirement for monitoring and alerting on CPU utilization.

18

A company's public-facing web application is being attacked with SQL injection and cross-site scripting (XSS) attempts. Which AWS service should they deploy to detect and block these web application attacks?

AWS WAF

AWS WAF is a web application firewall that helps protect web applications from common web exploits like SQL injection and cross-site scripting (XSS). It allows you to create custom rules to filter and monitor HTTP(S) requests based on conditions such as IP addresses, HTTP headers, or request body patterns, and can block malicious traffic before it reaches your application.

19

A company operates 8 separate AWS accounts for different departments. They want to receive one consolidated monthly bill and benefit from combined usage discounts across all accounts for services like S3 and data transfer. Which AWS feature provides this?

AWS Organizations with consolidated billing

AWS Organizations with consolidated billing allows you to combine usage across all accounts in the organization to receive a single monthly bill and aggregate usage for volume discounts on services like S3 and data transfer. This feature enables you to centrally manage billing and take advantage of tiered pricing based on combined usage, which is exactly what the company needs.

20

A company wants to analyse petabytes of historical sales data using standard SQL queries and connect their existing business intelligence (BI) tools to the data store. The workload is analytical (OLAP), not transactional (OLTP). Which AWS service is designed for this use case?

Amazon Redshift

Amazon Redshift is a fully managed, petabyte-scale data warehouse service designed for analytical (OLAP) workloads. It uses standard SQL and integrates directly with popular BI tools via JDBC/ODBC connections, making it ideal for querying large historical datasets and connecting existing business intelligence tools.

21

A company wants all IAM users to verify their identity with both a password and a one-time code from an authenticator app before accessing the AWS Management Console. Which security control should the company enable?

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is the correct security control because it requires users to present two independent factors: something they know (password) and something they have (a one-time code from an authenticator app). This satisfies the company's requirement for both a password and a one-time code before accessing the AWS Management Console, significantly reducing the risk of unauthorized access even if a password is compromised.

22

A healthcare company stores patient records in Amazon S3 buckets across multiple accounts and needs to automatically discover and classify any objects containing personally identifiable information (PII) or protected health information (PHI). Which AWS service provides this capability?

Amazon Macie

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to automatically discover, classify, and protect sensitive data stored in Amazon S3. It is specifically designed to identify personally identifiable information (PII) and protected health information (PHI) by analyzing object metadata and content, making it the correct choice for this healthcare compliance use case.

Study all 1024+ CLF-C02 cards

CLF-C02 flashcards by domain

The CLF-C02 flashcard bank covers all 4 official blueprint domains published by Amazon Web Services. Cards are distributed proportionally, so domains with higher exam weight have more cards.

Domain Coverage

Cloud Concepts

~1 cards

Security and Compliance

~1 cards

Cloud Technology and Services

~1 cards

Billing, Pricing, and Support

~1 cards

Flashcards vs practice tests: which is better for CLF-C02?

Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:

Flashcards — concept retention

Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that CLF-C02 questions assume you know.

Best in: weeks 1–3

Practice tests — application

Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.CLF-C02 questions test scenario reasoning — not just recall — so practice tests are essential.

Best in: weeks 3–6

The most effective CLF-C02 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.

CLF-C02 flashcards — frequently asked questions

Are the CLF-C02 flashcards free?

Yes. Courseiva provides free CLF-C02 flashcards across all official exam domains. Every card includes the correct answer and a full explanation of why it is right and why the distractors are wrong. The platform also includes topic-based practice, mock exams, and readiness tracking — no account required.

How many CLF-C02 flashcards are on Courseiva?

Courseiva has 1024+ original CLF-C02 flashcards across all 4 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official Amazon Web Services exam objectives.

How are Courseiva flashcards different from Anki or Quizlet?

Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official CLF-C02 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.

Can I use CLF-C02 flashcards offline?

Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.

Free forever · No credit card required

Track your CLF-C02 flashcard progress

Save your results, see which domains need more work, and get spaced repetition recommendations — all free.

Sign Up Free

Free forever · Every certification included

Start Studying

⚡Quick 10 cards📝20-card session🎯30-card session📊50-card shuffle💪100-card marathon

Also Study With

Practice TestMock ExamStudy GuideExam Domains

Related Flashcards

SAA-C03DVA-C02AZ-900GCDL

Related Flashcard Sets

SAA-C03

Solutions Architect Associate

DVA-C02

Developer Associate

AZ-900

Azure Fundamentals

GCDL

Google Cloud Digital Leader

Browse all certifications →