Back to AWS Certified Cloud Practitioner CLF-C02 questions

Scenario-based practice

Hard Difficulty Questions

Practise AWS Certified Cloud Practitioner CLF-C02 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
CLF-C02
exam code
Amazon Web Services
vendor

Scenario guide

How to approach hard difficulty questions

These are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam.

Quick answer

Hard Difficulty Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CLF-C02 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Read the full NAT/PAT explanation →

A company wants to improve their application's reliability by ensuring it can handle the failure of a single Availability Zone. According to AWS Well-Architected Framework, what architectural pattern achieves this?

Question 2hardmultiple choice
Full question →

A company has unpredictable, short-lived batch processing workloads that can be interrupted. Which EC2 purchasing option would provide the lowest cost for these workloads?

Question 3hardmultiple choice
Full question →

A company is designing a microservices architecture on AWS. According to the AWS Well-Architected Framework's Operational Excellence pillar, which practice best supports the ability to safely make frequent, small changes to production?

Question 4hardmultiple choice
Full question →

A company is evaluating the AWS Sustainability pillar in the Well-Architected Framework. Which action aligns with AWS cloud sustainability best practices?

Question 5hardmultiple choice
Full question →

A company is using Amazon EC2 and wants to understand the difference between Compute Savings Plans and EC2 Instance Savings Plans. Which statement is accurate?

Question 6hardmultiple choice
Read the full NAT/PAT explanation →

A company architect is designing a new system on AWS. They want to implement the Well-Architected Framework principle of 'loosely coupled components.' Which architecture pattern best achieves this?

Question 7hardmultiple choice
Full question →

A company is designing a cloud architecture and wants to follow the Well-Architected Framework principle of 'stop guessing capacity.' Which AWS feature directly supports this principle?

Question 8hardmultiple choice
Full question →

A company stores sensitive financial data in Amazon S3. They need to ensure that even if an attacker gains access to the S3 service, they cannot read the data without a customer-controlled encryption key. Which S3 encryption method satisfies this requirement?

Question 9hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a resilient multi-tier web application on AWS. The architect wants to implement the Well-Architected Framework Reliability pillar design principle of 'automatically recover from failure.' Which combination of services implements this most completely?

Question 10hardmultiple choice
Read the full NAT/PAT explanation →

A company's cloud finance team wants to implement cloud financial management (FinOps) on AWS. Which combination of AWS services provides the most comprehensive cost visibility, budgeting, and optimization capabilities?

Question 11hardmultiple choice
Full question →

A company's security policy requires that access keys for IAM users must be rotated every 90 days. Which AWS service can automatically detect users with non-compliant key age?

Question 12hardmultiple choice
Full question →

A company architect is reviewing their architecture for the Operational Excellence pillar of the Well-Architected Framework. Which practice is a core recommendation of this pillar?

Question 13hardmultiple choice
Full question →

According to the AWS Well-Architected Framework, which design principle is most closely associated with the recommendation to 'stop spending money on undifferentiated heavy lifting'?

Question 14hardmultiple choice
Read the full NAT/PAT explanation →

A company recently migrated to AWS and needs to ensure their S3 buckets are not publicly accessible. Which combination of controls best prevents accidental public S3 exposure?

Question 15hardmultiple choice
Full question →

A company has 10 EC2 On-Demand instances running. They purchase a 1-year Compute Savings Plan for a commitment equivalent to 6 instances. What happens to the remaining 4 instances' cost?

Question 16hardmultiple choice
Full question →

A customer is evaluating moving to AWS and asks about the total cost of ownership (TCO) benefits. Which of the following is NOT a factor that reduces TCO when migrating to AWS?

Question 17hardmultiple choice
Full question →

A security team needs to continuously assess their AWS resources for security vulnerabilities and deviations from security best practices. Which service provides automated security assessments?

Question 18hardmultiple choice
Full question →

Which AWS service provides a petabyte-scale data transfer solution for moving large amounts of data into AWS when network transfer is not feasible?

Question 19hardmultiple choice
Full question →

Which AWS pricing model allows customers to commit to a consistent amount of compute usage (measured in $/hour) for a 1 or 3-year term in exchange for significant discounts, without being locked to specific instance types?

Question 20hardmultiple choice
Full question →

A company runs a payment processing application on AWS that must comply with the Payment Card Industry Data Security Standard (PCI DSS). An external auditor requests a copy of the AWS SOC 2 report and the PCI DSS Attestation of Compliance (AOC) to verify the security controls of the underlying AWS infrastructure. The company needs to obtain these documents directly from AWS. Which AWS service should the company use?

These CLF-C02 practice questions are part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style CLF-C02 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.