Free CLF-C02 Practice Questions
(AWS Certified Cloud Practitioner)
The CLF-C02 exam tests your knowledge of AWS Cloud fundamentals. Practice real-world scenarios to prepare for the fundamentals of AWS and best practices.
CLF-C02 Practice Questions
10 Free Questions • Updated for 2026 • No dumps
Designed by experts and updated regularly based on exam changes.
1
A startup is launching a new social media application expecting unpredictable user growth. They need to minimize upfront IT infrastructure costs and rapidly adapt to demand fluctuations. Which AWS cloud benefit is most critical for this scenario?
A
Increased security posture and compliance.
B
Reduced need for staff training.
C
Elasticity and pay-as-you-go pricing.
D
Global infrastructure and high availability.
✅ Correct Answer: C
Explanation: Elasticity allows the startup to scale resources up or down automatically with demand, avoiding over-provisioning. Pay-as-you-go pricing eliminates large upfront capital expenditures. While other benefits are present, elasticity and cost efficiency are paramount for unpredictable growth and cost minimization. Global infrastructure isn't the primary cost-saving benefit here.
2
A company running EC2 instances for their application must secure data within the operating system. According to the AWS Shared Responsibility Model, who is responsible for patching the guest operating system?
A
The customer is responsible for guest OS patching.
B
The responsibility is shared equally between AWS and the customer.
C
A third-party auditor is responsible for OS patching.
D
AWS is responsible for patching the guest operating system.
✅ Correct Answer: A
Explanation: Under the Shared Responsibility Model, AWS is responsible for the security *of* the cloud (infrastructure), while the customer is responsible for security *in* the cloud (guest OS, applications, data). Therefore, patching the guest operating system falls to the customer. While shared, this specific task is customer responsibility.
3
A small business uses an Amazon EC2 instance for a consistent, non-interruptible workload running 24/7. They want to minimize costs without sacrificing availability. Which EC2 pricing model offers the most significant savings for this use case?
A
On-Demand Instances for flexibility.
B
EC2 Spot Instances for potential cost reduction.
C
EC2 Reserved Instances for a 1-year term.
D
Savings Plans covering compute usage.
✅ Correct Answer: C
Explanation: Reserved Instances offer significant discounts for consistent, long-term workloads by committing to a 1-year or 3-year term. Spot Instances are interruptible and not suitable for non-interruptible workloads. On-Demand is most expensive. Savings Plans provide similar benefits but Reserved Instances directly target specific EC2 capacity for consistent use. Savings Plans apply broadly to compute usage.
4
A company needs to host a web application with extremely low latency for users in Europe, Asia, and North America, and requires disaster recovery across geographically separate locations. Which AWS global infrastructure components are essential?
A
Multiple AWS Regions and Availability Zones.
B
One Availability Zone with Auto Scaling Groups.
C
A single AWS Region with multiple Edge Locations.
D
A single Edge Location with CloudFront CDN.
✅ Correct Answer: A
Explanation: Multiple AWS Regions provide geographic isolation for disaster recovery and allow deploying the application closer to users for low latency globally. Availability Zones within a region provide high availability but not disaster recovery across continents. Edge Locations primarily cache content, not host entire applications for disaster recovery. A single Edge Location is not sufficient for global presence.
5
A new developer joins a team and needs programmatic access to launch EC2 instances in a specific VPC. Which IAM entity and credential type should be provided to grant this access securely and with the principle of least privilege?
A
A shared IAM group's access keys.
B
The AWS root user credentials for initial setup.
C
An IAM Role assigned to the developer's laptop.
D
An IAM User with an attached policy and access keys.
✅ Correct Answer: D
Explanation: An IAM User with a specific, least-privilege policy attached provides controlled programmatic access using unique access keys. The root user has unrestricted access and should never be used for daily tasks. IAM Roles are for granting temporary access to AWS services or federated users, not direct programmatic access to an individual developer's laptop for managing resources. Shared group keys violate individual accountability.
6
A company has web servers in a public subnet and database servers in a private subnet. The web servers need to accept inbound internet traffic, but database servers must remain inaccessible from the internet. How can this network isolation be enforced?
A
Use Security Groups and NACLs to control traffic flow.
B
Configure Amazon Route 53 to block direct database access.
C
Use AWS WAF to block all traffic to the database servers.
D
Place all servers in a single public subnet with strong passwords.
✅ Correct Answer: A
Explanation: Security Groups act as virtual firewalls for instances, and Network Access Control Lists (NACLs) operate at the subnet level, together providing granular control over inbound and outbound traffic. This allows internet access to web servers while isolating database servers. Placing all servers in public subnets is insecure. AWS WAF protects web applications, not direct database access. Route 53 is a DNS service and doesn't block network traffic.
7
A developer needs to run a short-lived, event-driven function that processes image uploads to S3. The function should only execute when triggered, scale automatically based on demand, and incur costs only during execution. Which AWS compute service is the most suitable?
A
Amazon ECS on EC2 for containerized workloads.
B
AWS Lambda for serverless, event-driven execution.
C
AWS Batch for managing batch computing jobs.
D
Amazon EC2 instances with Auto Scaling.
✅ Correct Answer: B
Explanation: AWS Lambda is ideal for event-driven, short-lived functions, offering automatic scaling and a pay-per-execution billing model (serverless). EC2 instances and ECS on EC2 still require managing servers, even with Auto Scaling. AWS Batch is for longer-running, high-performance computing jobs, not typically simple event-driven functions. Lambda provides the most cost-effective and operationally efficient solution.
8
A large enterprise with critical production workloads needs 24/7 technical support, architectural guidance, and a dedicated Technical Account Manager (TAM). Which AWS Support Plan best meets these requirements?
A
Enterprise Support Plan.
B
Developer Support Plan.
C
Basic Support Plan.
D
Business Support Plan.
✅ Correct Answer: A
Explanation: The Enterprise Support Plan offers the highest level of support, including 24/7 technical assistance, architectural guidance, a dedicated TAM, and proactive programs, which is crucial for critical production workloads in a large enterprise. Developer and Business plans offer less comprehensive support, lacking a dedicated TAM. The Basic plan offers minimal support. The Business plan offers 24/7 support but no TAM or architectural guidance.
9
A company stores large volumes of unstructured data (images, videos) that are frequently accessed initially but become rarely accessed after 90 days. They need a cost-effective storage solution that automatically moves data to lower-cost tiers. Which S3 storage class is most appropriate?
A
Amazon S3 One Zone-IA.
B
Amazon S3 Glacier Deep Archive.
C
Amazon S3 Standard.
D
Amazon S3 Intelligent-Tiering.
✅ Correct Answer: D
Explanation: Amazon S3 Intelligent-Tiering automatically moves data between access tiers (frequent, infrequent, archive) based on changing access patterns, optimizing storage costs without performance impact or operational overhead. S3 Standard is for frequently accessed data. Glacier Deep Archive is for extremely infrequent access with retrieval delays. S3 One Zone-IA is cost-effective but not resilient against AZ loss and doesn't automatically tier.
10
A security auditor recommends rotating IAM user access keys regularly to enhance security. Which AWS service can help automate this process and manage other sensitive application credentials securely?
A
AWS Key Management Service (KMS).
B
AWS Secrets Manager.
C
Amazon CloudWatch Logs.
D
AWS Systems Manager Parameter Store.
✅ Correct Answer: B
Explanation: AWS Secrets Manager is specifically designed to store, manage, and automatically rotate sensitive credentials like database passwords, API keys, and IAM user access keys, improving security posture. KMS manages encryption keys, not credentials. Parameter Store stores configuration data, but Secrets Manager offers richer features for credential management and rotation. CloudWatch Logs is for logging and monitoring.
Practice More Questions
Take full-length timed quizzes and track your performance.
Start Free PracticeFrequently Asked Questions
Are these questions real exam dumps?
No, examOS does not use or promote exam dumps. All questions are concept-focused, scenario-based, and designed to help you understand architectural decisions and real-world trade-offs.
How does ExamOS help me prepare better?
ExamOS provides short, timed quizzes aligned with official exam domains. Each question includes detailed explanations so you can learn the reasoning behind the correct answer, not just memorize it.
Is ExamOS free to use?
Yes. You get free credits when you register, which you can use to take practice quizzes. You can earn additional credits through referrals or upgrade later for unlimited practice.