AWS Certified Cloud Practitioner (CLF-C02) Fast-Track Prep

CLF-C02 score range and passing score

Scores range from 100 to 1000. A scaled score of 700 or higher is required to pass.

Two main question types on CLF-C02

Multiple-choice (one correct answer) and multiple-response (two or more correct answers, with the exact number specified).

Most heavily weighted domains on CLF-C02

Cloud Technology and Services and Security and Compliance together account for roughly two-thirds of the exam.

Key focus of the Cloud Technology and Services domain

High-level understanding of core services such as EC2, Lambda, S3, RDS, DynamoDB, VPC, and how to choose between them.

Key focus of the Billing, Pricing, and Support domain

Pricing models, AWS Free Tier, cost tools (Pricing Calculator, Cost Explorer, Budgets), and AWS Support plans.

Shared responsibility model

AWS is responsible for the security **of** the cloud (infrastructure). Customers are responsible for security **in** the cloud (configurations, data, access).

Elasticity

The ability to automatically or quickly scale IT resources up or down based on demand so you only use (and pay for) what you need at any given time.

Agility

The ability to provision and deprovision cloud resources rapidly, enabling faster experimentation, iteration, and innovation.

AWS Region

A physical geographic area containing multiple, isolated Availability Zones. Regions are isolated from each other for fault tolerance and data sovereignty.

Availability Zone (AZ)

One or more discrete data centers with independent power, cooling, and networking within an AWS Region, connected to other AZs by low-latency links.

Edge Location

A site used by services like Amazon CloudFront and Route 53 to cache and deliver content or DNS responses closer to end users, reducing latency.

Design for failure

An AWS design principle that assumes components will fail and builds redundancy, monitoring, and automatic recovery so the system continues to operate.

AWS shared responsibility model

A framework that defines how AWS and the customer divide security and compliance duties. AWS handles security OF the cloud; the customer handles security IN the cloud.

Security of the cloud

AWS’s responsibilities: physical data centers, hardware, networking, facilities, and the foundational services infrastructure, including the hypervisor.

Security in the cloud

Customer responsibilities: service configuration, IAM, network settings, data protection, application security, and compliance of workloads.

Least privilege

The practice of granting identities only the permissions they need to perform required tasks and no more, reducing potential damage from misuse or compromise.

AWS Identity and Access Management (IAM)

Core AWS service for managing users, groups, roles, and permissions via policies that control who can access which AWS resources.

Security group

A stateful virtual firewall at the instance or resource level in a VPC that controls inbound and outbound traffic based on rules.

IAM User

An identity with long-term credentials representing a person or application. Best practice is to minimize use for humans and prefer federation.

IAM Group

A collection of IAM users used to manage permissions collectively. You cannot log in as a group.

IAM Role

An identity that can be assumed to obtain temporary credentials, commonly used by AWS services, federated users, or for cross-account access.

Identity-Based Policy

A JSON policy attached to a user, group, or role defining what actions are allowed or denied on which resources.

Resource-Based Policy

A JSON policy attached directly to a resource (such as an S3 bucket or KMS key) specifying who can access it and how.

Service Control Policy (SCP)

An AWS Organizations policy that sets the maximum permissions for accounts or organizational units. It does not grant permissions by itself.

Amazon EC2

Core AWS service that provides virtual machines in the cloud. You manage the operating system, patches, and application stack.

AWS Lambda

Serverless compute service where you run code without provisioning or managing servers. Billed per request and execution time.

Amazon ECS

AWS-managed container orchestration service for running Docker containers on EC2 instances or AWS Fargate.

AWS Fargate

Serverless compute engine for containers used with ECS or EKS. You define tasks or pods; AWS manages servers and OS.

On-Demand Instances

Pricing model with no long-term commitment. Pay for compute capacity by the hour or second, ideal for new or unpredictable workloads.

Reserved Instances / Savings Plans

Discounted pricing options in exchange for 1- or 3-year commitments. Best for steady-state, predictable usage.

Amazon S3

Object storage service for storing and retrieving any amount of data, often used for static assets, backups, and data lakes.

Amazon EBS

Block storage volumes attached to EC2 instances, suitable for OS volumes and databases running on a single instance.

Amazon EFS

Managed, scalable NFS file system for Linux, allowing multiple EC2 instances to share the same files.

Amazon RDS

Managed relational database service supporting engines like MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server.

Amazon DynamoDB

Fully managed NoSQL key-value and document database, designed for high throughput and low latency at scale.

Amazon ElastiCache

Managed in-memory caching service compatible with Redis and Memcached, used to speed up applications and reduce database load.

Amazon CloudWatch

AWS monitoring service for metrics, logs, alarms, and dashboards. Used to track performance and operational health of resources and applications.

AWS CloudTrail

Service that records API calls and console actions in your AWS account. Used for auditing, security investigations, and compliance.

AWS Config

Service that records configuration changes to supported AWS resources and evaluates them against compliance rules.

AWS Organizations

Service for centrally managing and governing multiple AWS accounts using Organizational Units and Service Control Policies.

AWS Control Tower

Service that helps you set up and govern a secure, multi-account AWS environment (landing zone) with built-in guardrails.

Infrastructure as Code (IaC)

Practice of defining and managing infrastructure using machine-readable templates or code instead of manual console configuration.

On-Demand Pricing

A pay-as-you-go model with no long-term commitments. You pay by the second or hour for resources like EC2 or RDS, ideal for new, spiky, or unpredictable workloads.

Savings Plans

A 1- or 3-year commitment to a consistent amount of compute usage for lower prices. More flexible than traditional Reserved Instances, especially Compute Savings Plans.

Spot Instances

Discounted EC2 capacity using spare AWS resources that can be interrupted with short notice. Best for fault-tolerant, flexible batch or background workloads.

AWS Cost Explorer

A visual tool for analyzing historical AWS cost and usage. Supports filtering by service, Region, account, and tag, and provides basic forecasting.

AWS Budgets

A service that lets you set custom cost or usage budgets and receive alerts via email or SNS when your actual or forecasted spend exceeds thresholds.

AWS Pricing Calculator

A free web-based tool for estimating the future monthly cost of planned AWS architectures. Used for planning and comparing design options.

Basic Support

Free plan included with all AWS accounts. Provides 24x7 customer service and billing support, access to documentation, whitepapers, AWS re:Post, and Trusted Advisor core checks, but no technical support engineers for workloads.

Developer Support

Paid plan aimed at dev/test environments. Adds business-hours email access to AWS support associates and general guidance, but does not provide 24x7 phone or chat for production workloads.

Business Support

Production-focused plan providing 24x7 access to AWS support engineers via phone, chat, and email, full Trusted Advisor checks, and access to the Support API.

Enterprise Support

High-end plan for mission-critical workloads. Includes all Business features plus a Technical Account Manager (or similar role), proactive guidance, architecture reviews, and fastest response for critical issues.

AWS Support Center

Console area where you create and manage AWS support cases for billing, account, service limit increases, and technical support (depending on your plan).

AWS Knowledge Center

Collection of short, official troubleshooting articles for common AWS issues and questions, ideal for quick fixes to specific problems.

Scaled score (AWS exams)

A normalized score (100–1000 for CLF-C02) that accounts for small differences in exam versions. Passing CLF-C02 requires a scaled score of 700, not a specific raw percentage.

First pass / second pass strategy

An approach where you answer all questions you can do quickly on the first pass, flagging hard ones, then return on a second pass to spend more time on flagged questions.

Educated guess

A choice made after eliminating clearly wrong answers and using logic and exam context, rather than random guessing. Key skill when time is limited.

Shared responsibility model

AWS secures the cloud (infrastructure, hardware, global network); customers secure what they put in the cloud (data, IAM, OS on EC2, application-level controls).

Consolidated billing

A feature of AWS Organizations that lets you combine usage from multiple accounts into one bill, often unlocking volume discounts and simplifying cost management.

Support plan selection principle

Choose the lowest-cost AWS Support plan that still meets business requirements for response time, 24/7 access, and criticality, instead of defaulting to Enterprise.