The AWS Certified Cloud Practitioner (CLF-C02) is the starting point for AWS certification. It validates that you understand cloud concepts, AWS services, pricing, and the Shared Responsibility Model at a foundational level. It's designed for people who work alongside cloud teams rather than building infrastructure themselves: business analysts, project managers, account managers, finance professionals, and anyone else who needs to communicate intelligently about AWS without being a hands-on practitioner.
If you're planning to move into a technical AWS role, CLF-C02 also functions as a confidence-building first step before tackling an associate-level exam.
Exam Overview
| Detail | Value |
|---|---|
| Exam code | CLF-C02 |
| Questions | 65 (50 scored, 15 unscored) |
| Time | 90 minutes |
| Passing score | 700 / 1000 |
| Format | Multiple choice and multiple response |
| Cost | $100 USD |
The 15 unscored questions are indistinguishable from the 50 that count. Treat every question seriously. 700/1000 means roughly 72% of your scored answers need to be correct.
Exam Domains
| Domain | Weight |
|---|---|
| Cloud Technology and Services | 34% |
| Security and Compliance | 30% |
| Cloud Concepts | 24% |
| Billing, Pricing, and Support | 12% |
Cloud Technology and Security together are 64% of the exam. That's where to spend most of your study time. Billing and pricing is only 12% but shows up with specific, testable questions about support plans and pricing models.
Core Concepts to Master
Cloud Computing Models
Understand the three cloud service models and when each applies:
- IaaS (Infrastructure as a Service): you manage the OS and above; AWS manages hardware and hypervisor. EC2 is the primary example.
- PaaS (Platform as a Service): you manage the application; AWS manages the OS and runtime. Elastic Beanstalk and RDS are examples.
- SaaS (Software as a Service): fully managed application you use but don't configure at an infrastructure level. Workmail and Chime are examples.
Also understand the three deployment models: public cloud (AWS), private cloud (on-premises), and hybrid (both connected).
The Shared Responsibility Model
This is one of the most tested topics on CLF-C02. AWS is responsible for security of the cloud: physical hardware, data centres, the global network, and the hypervisor. You are responsible for security in the cloud: your operating system, your applications, your IAM configuration, and your data.
The boundary shifts depending on the service type. With EC2, you're responsible for the OS patch cycle. With RDS, AWS handles OS patching for you. With S3, you're responsible for bucket policies and object-level permissions.
Key AWS Service Categories
You need to know what the major services do and which category they belong to:
Compute: EC2 (virtual servers), Lambda (serverless functions), Elastic Beanstalk (managed application platform), Lightsail (simplified VPS), Fargate (serverless containers).
Storage: S3 (object storage), EBS (block storage for EC2), EFS (file storage), Glacier (archival storage). Know the S3 storage tiers: Standard, Intelligent-Tiering, Standard-IA, One Zone-IA, Glacier Instant Retrieval, Glacier Flexible Retrieval, Glacier Deep Archive.
Database: RDS (managed relational databases: MySQL, PostgreSQL, Oracle, SQL Server, MariaDB), Aurora (AWS-native relational), DynamoDB (NoSQL), ElastiCache (in-memory caching), Redshift (data warehouse).
Networking: VPC (private network in AWS), CloudFront (CDN), Route 53 (DNS), Direct Connect (dedicated network connection to AWS), VPN (encrypted connection over internet).
Security and Identity: IAM (users, groups, roles, policies), Shield (DDoS protection), WAF (web application firewall), GuardDuty (threat detection), Inspector (vulnerability assessment), Macie (S3 data classification), Cognito (user identity for applications).
Management and Monitoring: CloudWatch (metrics and logs), CloudTrail (API activity logging), Config (configuration history and compliance), Trusted Advisor (best practice recommendations), Systems Manager (operational management).
IAM Fundamentals
IAM is tested across the Security domain and often in other domains too. Key concepts:
- Users: individual identities with long-term credentials
- Groups: collections of users; assign permissions to groups, not individual users
- Roles: assumed by services or external identities; provide temporary credentials
- Policies: JSON documents that define what is allowed or denied
The root account should only be used for initial setup and billing. Use MFA on the root account. Create individual IAM users instead of sharing credentials.
Pricing Models
Know the four EC2 pricing options and the trade-offs:
| Pricing Type | Best For |
|---|---|
| On-Demand | Unpredictable workloads, short-term use |
| Reserved (1 or 3 year) | Steady-state workloads, maximum savings |
| Spot | Fault-tolerant batch workloads, lowest cost |
| Savings Plans | Flexible commitment, applies across instance families |
Also know: the AWS Free Tier (12 months of limited free usage for new accounts plus some always-free services), and the three AWS Support plans above Basic: Developer, Business, and Enterprise.
Common Exam Traps
Mixing up CloudWatch and CloudTrail: CloudWatch monitors metrics and logs (CPU utilisation, Lambda invocations, custom application metrics). CloudTrail records API calls (who did what, when). These are consistently confused by candidates who learn their names but not their specific functions.
Shared Responsibility edge cases: questions often test the boundary between AWS and customer responsibility for specific service types. Know the distinction between managed services (AWS manages more) versus unmanaged services like EC2 (you manage more).
Support plan specifics: questions ask which support plan includes a Technical Account Manager (Enterprise), which includes 24/7 phone support (Business and above), and what the response time SLA is for production system failures at each tier. These details require memorisation.
Reserved Instance vs Savings Plans: both offer discounts for commitments, but Savings Plans apply more flexibly across instance families and compute types. Reserved Instances apply to specific instance configurations. Candidates who conflate them choose the wrong answer in pricing questions.
Study Plan
| Week | Focus |
|---|---|
| 1 | Cloud concepts, deployment models, global infrastructure (regions, AZs, edge locations) |
| 2 | Core services: compute, storage, database overview |
| 3 | Security: Shared Responsibility Model, IAM, security services |
| 4 | Billing, pricing, Support plans, and practice exams |
Two weeks of intensive study is sufficient if you can commit 2-3 hours daily. Stretch to four weeks if you're fitting it around a full work schedule.
Recommended Resources
- AWS Cloud Practitioner Essentials (free, AWS Skill Builder)
- AWS Certified Cloud Practitioner exam guide (AWS)
- CLF-C02 practice exams on this site
Final Thoughts
The CLF-C02 is the right first step if you work in or around cloud environments and need a structured way to build AWS literacy. It won't make you a developer or architect, but it'll give you a solid foundation for communicating with technical teams and understanding what AWS does and why it matters.
Study the services, understand the Shared Responsibility Model, know the pricing options, and take enough practice exams to confirm you're solid across all four domains. Start with our CLF-C02 practice exams to get a baseline on where you stand.