AWS Cloud Practitioner is the most accessible AWS certification — and the most commonly misspent on. People spend 8 to 12 weeks on a 30-hour course when most backgrounds can handle this exam in 2 to 4 weeks of focused prep.
This guide gives you exactly what you need: what's on the exam, what actually matters, and how to prepare without wasting time.
CLF-C02 Exam Overview
| Detail | Info |
|---|---|
| Exam code | CLF-C02 |
| Number of questions | 65 (50 scored, 15 unscored) |
| Time limit | 90 minutes |
| Passing score | 700 / 1000 |
| Cost | $100 (USD) |
| Format | Multiple choice, multiple response |
| Delivery | Pearson VUE or PSI (testing centre or online proctored) |
Passing CLF-C02 also earns you a 50% discount voucher for your next AWS exam — saving $75 on an associate exam or $150 on a professional or specialty exam.
The Four CLF-C02 Domains
Domain 1: Cloud Concepts — 24%
What it covers:
- What cloud computing is and the six advantages AWS lists
- Cloud deployment models: public cloud, private cloud, hybrid cloud
- Cloud service models: IaaS, PaaS, SaaS
- The AWS Global Infrastructure: Regions, Availability Zones, Edge Locations
- Well-Architected Framework pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability
What the exam tests: Recognition at a conceptual level. Why would a company choose cloud over on-premises? What's the difference between a Region and an Availability Zone? What does high availability mean?
Domain 2: Security and Compliance — 30%
The highest-weighted domain. Nearly a third of your score comes from here.
What it covers:
- Shared Responsibility Model — this is the single most important concept for this exam
- IAM — users, groups, roles, policies, MFA
- AWS security services: Shield, WAF, GuardDuty, Inspector, Macie, Security Hub
- Encryption concepts: in transit vs at rest
- Compliance programs AWS supports (SOC, ISO, HIPAA, GDPR)
- AWS Artifact for compliance documentation
The Shared Responsibility Model — know it cold:
| AWS responsible for ("of the cloud") | You responsible for ("in the cloud") |
|---|---|
| Physical data centres | Your data |
| Hardware and networking | IAM and access management |
| Managed service infrastructure | OS patching on EC2 |
| Hypervisor layer | Application configuration |
| Global infrastructure | Encryption settings |
Questions will present scenarios and ask whether AWS or the customer is responsible for a specific security task. If you know the model precisely, these are free marks.
Domain 3: Cloud Technology and Services — 34%
The broadest domain. You need to know what each major AWS service is and when you'd use it.
Compute:
- EC2 — virtual machines, key purchasing options (On-Demand, Reserved, Spot, Savings Plans)
- Lambda — serverless functions, event-driven
- Elastic Beanstalk — managed platform for deploying apps
- ECS/EKS — container orchestration
- Lightsail — simplified VPS for small workloads
Storage:
- S3 — object storage, storage classes (Standard, Standard-IA, Glacier)
- EBS — block storage attached to EC2
- EFS — file storage, shared across multiple EC2
- Storage Gateway — hybrid cloud storage
Database:
- RDS — managed relational database (MySQL, PostgreSQL, Oracle, SQL Server)
- Aurora — AWS-native relational database, MySQL/PostgreSQL compatible
- DynamoDB — managed NoSQL key-value database
- ElastiCache — in-memory caching (Redis, Memcached)
- Redshift — data warehousing
Networking:
- VPC — your private network in AWS
- CloudFront — CDN for fast content delivery globally
- Route 53 — DNS service
- Direct Connect — dedicated network connection from on-premises to AWS
Developer and Management:
- CloudWatch — monitoring and logging
- CloudTrail — audit log of every API call
- CloudFormation — infrastructure as code (IaC)
- Systems Manager — manage EC2 at scale
- Trusted Advisor — automated best practice checks
At the Cloud Practitioner level you do not need to know how to configure any of these — you need to know what they are, what they do, and which one you'd reach for in a given scenario.
Domain 4: Billing, Pricing, and Support — 12%
What it covers:
- AWS pricing model: pay-as-you-go, pay less when you reserve, pay less as you use more
- AWS Free Tier — what's included and for how long
- Pricing Calculator, Cost Explorer, Budgets, Cost and Usage Reports
- Support plans: Basic, Developer, Business, Enterprise On-Ramp, Enterprise
- AWS Organizations — managing multiple accounts, consolidated billing
What the exam tests: Which support plan gives you a Technical Account Manager (Enterprise)? What's the difference between Cost Explorer and Budgets? When does the 12-month Free Tier end?
How to Prepare for CLF-C02 Efficiently
The mistake most people make: Starting with a 30-hour video course. CLF-C02 is a recognition and awareness exam, not a configuration exam. You don't need to watch hours of demos of services you'll never touch. You need conceptual fluency across a wide surface area.
What actually works:
Day 1: Take a 65-question practice exam. Score it by domain. See where you stand. Most people with tech backgrounds will find they already know 50 to 60 percent of the content.
Days 2–14: Use flashcards and targeted quizzing on your two weakest domains. For most people this is the Shared Responsibility Model nuances and the billing/support plan details. Spend 45 minutes a day.
Day 14: Take a full mock exam. If you're above 75% across all domains, book the real exam for a week out. If one domain is still low, spend another week on it.
The CLF-C02 is one of the fastest certifications to get if you use the right method. Most technical professionals pass in 2 to 3 weeks. Non-technical professionals in 4 to 6 weeks.
The Concepts Most CLF-C02 Candidates Get Wrong
1. Shared Responsibility nuances. Candidates understand the basic model but get caught on edge cases — is patching the OS on an EC2 instance AWS's responsibility or mine? (Yours.) Is patching the underlying hypervisor mine? (AWS's.) Is encrypting S3 objects at rest AWS's job or mine? (Yours — you choose whether to enable it.)
2. EC2 pricing options. On-Demand vs Reserved vs Spot vs Savings Plans. Know the use case for each. Spot is for fault-tolerant, interruptible workloads. Reserved is for predictable, steady-state usage. Savings Plans are more flexible than Reserved but require a spend commitment.
3. Support plan tiers. Business gives you 24/7 phone, chat, and email support with a TAM available at Enterprise tier only. Basic is free. Know which plan gives you which features.
4. Global Infrastructure. A Region is a geographic area with multiple Availability Zones. An AZ is one or more physical data centres. An Edge Location is a CloudFront endpoint for caching content close to users. These are different things and the exam tests whether you know the difference.
Your Next Step
Take a baseline practice exam today and score it by domain. You'll immediately know whether you're 2 weeks or 6 weeks away from being ready — and which domains need the most work.
Don't start with the course. Start with the exam.