How to Pass the AWS Cloud Practitioner (CLF-C02)
4-domain breakdown, 4-week study plan, and the exam traps that catch every first-time candidate
The AWS Cloud Practitioner (CLF-C02) is the most accessible entry point into AWS certification — it requires no hands-on AWS experience and covers cloud concepts at a conceptual level. Most candidates pass in 3–5 weeks of part-time study. This guide covers what to focus on, what to skip, and the questions that trip up first-time candidates.
Understand the four exam domains
CLF-C02 is divided into four domains. Knowing the weightings tells you where to spend your study time.
Domain 1: Cloud Concepts — 24% of score
Domain 2: Security and Compliance — 30% of score ← heaviest
Domain 3: Cloud Technology & Services — 34% of score ← heaviest
Domain 4: Billing, Pricing & Support — 12% of score
Key implication: Domain 3 (specific AWS services) and Domain 2 (security)
together make up 64% of the exam. Spend the majority of your time here.Domain 4 (billing) is only 12% but is very learnable — the AWS pricing models, support tiers, and cost tools are straightforward and high-confidence marks. Don't neglect it.
Learn the core AWS services in Domain 3
Domain 3 is the heaviest and tests your knowledge of the most important AWS services by category. You don't need to know how to configure them — you need to know what problem each one solves and when to choose it.
Compute: EC2, Lambda, ECS, EKS, Elastic Beanstalk, Lightsail
Storage: S3, EBS, EFS, S3 Glacier, Storage Gateway
Database: RDS, DynamoDB, Aurora, Redshift, ElastiCache
Networking: VPC, CloudFront, Route 53, Direct Connect, VPN
Security: IAM, Cognito, WAF, Shield, GuardDuty, Inspector
Monitoring: CloudWatch, CloudTrail, Config, Trusted Advisor
Integration: SQS, SNS, EventBridge, Step Functions
Management: CloudFormation, Systems Manager, Organizations
For each service, know:
- What category it belongs to
- What problem it solves
- The key differentiator from similar servicesThe most tested service distinctions: S3 vs EBS vs EFS (when to use each); SQS vs SNS (messaging vs pub/sub); RDS vs DynamoDB (relational vs NoSQL); CloudTrail vs CloudWatch (audit logging vs metrics/monitoring).
Master Domain 2 — Shared Responsibility and IAM
Security (30% of exam) centres on two key topics: the AWS Shared Responsibility Model and IAM. Know these deeply.
Shared Responsibility Model:
AWS is responsible FOR the cloud (hardware, facilities, hypervisor, managed services)
Customer is responsible IN the cloud (OS patching, application security, data encryption, IAM)
Key exam trap: "Who is responsible for patching the OS on an EC2 instance?"
Answer: The CUSTOMER. AWS patches the underlying hypervisor, not your EC2 OS.
IAM key concepts:
- Users: individual people or services
- Groups: collection of users, assigned policies
- Roles: temporary credentials, used by services and cross-account access
- Policies: JSON documents defining Allow/Deny actions on resources
- Root user: should NEVER be used for daily tasks — enable MFA immediatelyThe Shared Responsibility Model is tested with service-specific questions. For RDS: AWS patches the database engine. For EC2: customer patches the OS. For Lambda: AWS manages everything except the code. Know the model per service type.
Understand the pricing and billing tools
Domain 4 (12%) is high ROI — relatively simple concepts with clear right/wrong answers. Know the four pricing models and the key billing tools.
AWS Pricing Models:
1. On-Demand — pay per hour/second, no commitment, highest cost
2. Reserved — 1 or 3 year commitment, up to 72% discount (Standard)
Convertible Reserved: can change instance type, 54% discount
3. Spot — bid on unused capacity, up to 90% discount, can be interrupted
4. Savings Plans — flexible commitment to $ spend/hour, applies to multiple services
Key billing tools:
- AWS Pricing Calculator: estimate costs before you build
- AWS Cost Explorer: analyse and visualise past spend
- AWS Budgets: set alerts when spend exceeds threshold
- Cost Allocation Tags: label resources for cost tracking
- AWS Organizations + SCPs: manage multiple accounts, enforce guardrailsThe most common exam trap: 'Which reserved instance type allows you to change the instance family?' — Convertible Reserved Instances. Standard Reserved Instances lock you to the instance type.
Build a 4-week study schedule
CLF-C02 requires 3–5 weeks of part-time study (1–2 hours/day). Here's a realistic schedule:
Week 1: Cloud Concepts + Security (Domains 1 & 2)
- Cloud computing models (IaaS, PaaS, SaaS)
- Global infrastructure (Regions, AZs, Edge Locations)
- Shared Responsibility Model
- IAM: users, groups, roles, policies, MFA
Week 2: Core AWS Services (Domain 3, Part 1)
- Compute: EC2, Lambda, ECS, Beanstalk
- Storage: S3, EBS, EFS, Glacier
- Database: RDS, DynamoDB, Aurora, Redshift
Week 3: Core AWS Services + Networking (Domain 3, Part 2)
- Networking: VPC, CloudFront, Route 53
- Security services: WAF, Shield, GuardDuty
- Monitoring: CloudWatch, CloudTrail
- Integration: SQS, SNS, EventBridge
Week 4: Billing + Practice Exams
- Pricing models, billing tools, support tiers
- 3× full practice exams (65 questions each)
- Review every wrong answer — understand WHY, not just whatHandle exam-day question types
CLF-C02 uses scenario questions — not 'what is X'. You'll be asked which service to use for a described business need. Learn the pattern.
Pattern: "A company wants to [business need]. Which AWS service should they use?"
Common scenarios and answers:
- "Store flat files at lowest cost for infrequent access" → S3 Glacier / S3 Intelligent-Tiering
- "Run code without managing servers" → Lambda
- "Protect against DDoS attacks automatically" → AWS Shield Standard (free) / Shield Advanced
- "Track API calls across the account for auditing" → CloudTrail (not CloudWatch)
- "Get notified when a spend threshold is exceeded" → AWS Budgets
- "Deploy identical infrastructure across multiple accounts" → CloudFormation StackSets
- "Migrate a large database with minimal downtime" → AWS DMS (Database Migration Service)When two services seem correct, look for the qualifying word: 'automatically', 'at no extra cost', 'without managing servers', 'for compliance auditing'. These qualifiers usually eliminate one option.
Key tips
Do at least 3 full practice exams (65 questions each) in the week before the real exam. Courseiva has a CLF-C02 question bank you can use.
Review every wrong practice answer — don't just note the correct answer, understand why the others were wrong.
The AWS free tier lets you explore most services without cost. Hands-on experience with S3, EC2, IAM, and Lambda dramatically improves retention.
The support plan tiers (Basic, Developer, Business, Enterprise) are frequently tested — know what each includes and what it costs.
CloudTrail = who did what (API audit log). CloudWatch = metrics and alarms. Config = compliance and configuration history. These three are often tested together.
Frequently asked questions
How long does the CLF-C02 exam take?
90 minutes, 65 questions. You have 83 seconds per question on average. The exam isn't time-pressured for most candidates — the difficulty is knowing the material, not the speed.
What score do I need to pass?
750 out of 1000. Questions are scored on a scaled model — some questions are worth more than others, and some are unscored pilot questions.
Do I need hands-on AWS experience to pass?
No — it's a foundational exam. But candidates who have logged into the AWS Console and used S3, EC2, and IAM even briefly perform significantly better on scenario questions than those who studied only from flashcards.
Related glossary terms
Browse full glossary →Practice with real exam questions
Apply what you just learned with exam-style practice questions.