These questions cover core AWS services and cloud concepts — the foundation of CLF-C02 and the area where a confident understanding of "why" separates a passing score from a high one.
Question 1
A research team runs CPU-intensive jobs for 4–6 hours. The workload saturates all available CPU cores. Which EC2 instance family is the best fit?
- A) R-series (memory optimised) for large in-memory datasets
- B) C-series (compute optimised) for maximum vCPU performance
- C) T-series (burstable) for variable workloads with low baseline
- D) I-series (storage optimised) for high-disk-IOPS workloads
Answer: B — C-series (compute optimised)
C-series instances provide the highest vCPU-to-memory ratio in the EC2 fleet. They're purpose-built for workloads where the bottleneck is processing power rather than RAM or I/O.
Instance family quick reference for the exam:
| Family | Optimised for | Typical use case |
|---|---|---|
| C (compute) | vCPU | HPC, batch jobs, video encoding |
| R (memory) | RAM | In-memory DBs, large caches |
| M (general) | Balance | Web servers, small DBs |
| T (burstable) | Baseline + burst | Dev/test, low-traffic sites |
| I (storage) | NVMe IOPS | NoSQL DBs, data warehousing |
| G/P (accelerated) | GPU | ML training, graphics |
T-series instances earn CPU credits when idle and spend them when busy — they're not appropriate for sustained high-CPU work because they throttle once credits are exhausted.
</details>Question 2
Who is responsible for patching the operating system on an Amazon EC2 instance?
- A) AWS — they manage all infrastructure including the OS
- B) The customer — EC2 is IaaS, so the customer manages from the OS up
- C) AWS manages patches; the customer applies them on a schedule they set
- D) It depends on the instance type selected
Answer: B — The customer
The AWS Shared Responsibility Model divides security into two layers:
- AWS: "Security of the cloud" — physical data centres, hardware, hypervisor, managed service infrastructure
- Customer: "Security in the cloud" — OS patching, application security, data encryption, IAM configuration
EC2 is Infrastructure as a Service (IaaS). AWS manages the physical host and the hypervisor, but you control the guest OS and everything above it — including applying patches.
How the model shifts by service type:
| Service | AWS manages | Customer manages |
|---|---|---|
| EC2 (IaaS) | Hardware, hypervisor | OS, apps, data |
| RDS (managed DB) | OS, DB engine patches | DB config, data, access |
| S3 (managed storage) | Infrastructure, durability | Bucket policies, encryption config |
| Lambda (serverless) | Runtime, OS, scaling | Function code, IAM |
The higher up the stack, the more AWS takes on.
</details>Question 3
A company stores infrequently accessed compliance archives that must be retrieved within 12 hours when needed. Which S3 storage class minimises cost?
- A) S3 Standard — for frequently accessed data
- B) S3 Standard-IA — infrequent access with millisecond retrieval
- C) S3 Glacier Flexible Retrieval — archives with retrieval options from minutes to hours
- D) S3 Glacier Deep Archive — lowest cost, retrieval within 12 hours
Answer: D — S3 Glacier Deep Archive
S3 Glacier Deep Archive is the lowest-cost S3 storage class. Standard retrieval takes up to 12 hours, which satisfies the requirement. It's designed specifically for long-term retention of data that's rarely accessed — compliance archives, backup copies, regulatory records.
S3 storage classes by cost and retrieval speed:
| Class | Min storage | Retrieval | Best for |
|---|---|---|---|
| Standard | None | Milliseconds | Frequently accessed |
| Standard-IA | 30 days | Milliseconds | Monthly access |
| One Zone-IA | 30 days | Milliseconds | Non-critical, single AZ |
| Glacier Instant | 90 days | Milliseconds | Quarterly access |
| Glacier Flexible | 90 days | Minutes–hours | Archives, flexible retrieval |
| Glacier Deep Archive | 180 days | Up to 12 hours | Rarely accessed, lowest cost |
S3 Intelligent-Tiering moves objects between tiers automatically based on access patterns and is worth knowing for the exam as an "automatic" option.
</details>Key Takeaways
- C-series = compute optimised; T-series burstable instances throttle under sustained CPU load
- Shared responsibility: AWS owns the physical infrastructure; customers own the OS and app layer on EC2
- Glacier Deep Archive = lowest cost S3; 12-hour retrieval meets most compliance archive requirements