The CLF-C02 is the entry point to the AWS certification path. It tests whether you understand cloud computing at a conceptual level, can recognize AWS services by name and purpose, and know how AWS handles security, billing, and support. The exam is broad, not deep. You won't write code or design architectures. But you will need to know what roughly 40 services do, how pricing works across different compute models, and where the line falls between what AWS secures and what you're responsible for.
AWS doesn't publish official pass rates. Third-party estimates put it around 70% for candidates who study seriously. That's higher than most associate-level certs, but the CLF-C02 still catches people who underestimate the breadth of material. There are over 200 AWS services. The exam won't test all of them, but it expects you to recognize the major ones on sight.
Exam Format and Scoring
The CLF-C02 has 65 questions. Fifty are scored; fifteen are unscored pretest questions that AWS uses to evaluate future exam items. You won't know which questions count and which don't, so treat every question as scored.
You get 90 minutes. That's generous. Most candidates finish with 20-30 minutes to spare, which means pacing is rarely a problem. Use the extra time to review flagged questions.
Questions come in two types: multiple choice (one correct answer from four options) and multiple response (pick two or three correct answers, and the question tells you how many). Multiple response questions appear less frequently but are worth the same as single-answer items.
Scoring is scaled from 100 to 1,000. You need a 700 to pass. AWS uses a compensatory scoring model, so strength in one domain can offset weakness in another. But the scaling isn't linear, and AWS doesn't disclose the exact formula.
The Four Domains
Cloud Concepts (24%)
This domain tests whether you understand why organizations move to the cloud and what they gain from doing so. The six advantages of cloud computing (trade capital expense for variable expense, benefit from economies of scale, stop guessing capacity, increase speed and agility, stop spending money running data centers, go global in minutes) show up regularly. Know them cold.
The CLF-C02 added the AWS Cloud Adoption Framework (CAF) to this domain. CAF has six perspectives: business, people, governance, platform, security, and operations. You don't need to memorize every detail of each perspective, but you should be able to match a perspective to a scenario. If a question describes an organization evaluating the financial impact of migration, that's the business perspective. If it's about training staff, that's people.
Cloud deployment models also fall here: public, private, hybrid. Know when each makes sense. A regulated financial institution keeping sensitive workloads on-premises while running others in AWS is a hybrid deployment. Straightforward, but the exam tests it.
Security and Compliance (30%)
Security is the heaviest domain. Nearly a third of scored questions come from here, and the shared responsibility model is the single most tested concept on the entire exam.
The model breaks down like this: AWS is responsible for security "of" the cloud (physical infrastructure, networking hardware, the hypervisor layer). You are responsible for security "in" the cloud (your data, your IAM configurations, your OS patches on EC2 instances, your encryption decisions). The boundary shifts depending on the service. With EC2, you patch the operating system. With Lambda, AWS handles the runtime environment; you just secure your function code and permissions.
IAM (Identity and Access Management) gets heavy coverage. Know the difference between users, groups, roles, and policies. Users are individual identities. Groups are collections of users that share permissions. Roles are assumed by services or users temporarily. Policies are JSON documents that define what actions are allowed or denied on which resources. The principle of least privilege comes up repeatedly: give only the permissions needed for a task, nothing more.
Other security services to recognize: AWS Shield (DDoS protection), AWS WAF (web application firewall), Amazon GuardDuty (threat detection), AWS CloudTrail (API activity logging), AWS Config (resource configuration tracking), and AWS KMS (encryption key management). You won't need to configure any of these. You need to know what each one does and when you'd pick it.
Cloud Technology and Services (34%)
This is the widest domain and the one where rote memorization of service names pays off. The CLF-C02 expects you to match a use case to the right service.
Compute: EC2 (virtual servers), Lambda (serverless functions), ECS/EKS (containers), Elastic Beanstalk (managed application deployment), Lightsail (simplified VPS). Know when to pick each. Need full control over the OS? EC2. Running short event-driven functions? Lambda. Want AWS to handle the infrastructure for a web app? Elastic Beanstalk.
Storage: S3 (object storage), EBS (block storage for EC2), EFS (managed file system), S3 Glacier (archival storage). S3 storage classes are exam favorites: S3 Standard for frequently accessed data, S3 Infrequent Access for less-accessed data, S3 Glacier and Glacier Deep Archive for archives. S3 Intelligent-Tiering automatically moves data between access tiers based on usage patterns.
Databases: RDS (managed relational databases, supports MySQL, PostgreSQL, MariaDB, Oracle, SQL Server), DynamoDB (managed NoSQL), Aurora (high-performance MySQL/PostgreSQL-compatible), Redshift (data warehousing), ElastiCache (in-memory caching). The exam tests whether you can pick the right database type for a scenario, not whether you can write SQL.
Networking: VPC (virtual private cloud), subnets (public and private), security groups (stateful firewalls at the instance level), NACLs (stateless firewalls at the subnet level), Route 53 (DNS), CloudFront (CDN). Know the difference between security groups and NACLs; that comparison appears often.
The CLF-C02 puts more weight on serverless and container services than the older CLF-C01 did. Lambda, Fargate (serverless container execution), and Step Functions (workflow orchestration) all show up. You don't need to know how to write a Lambda function, but you should know that Lambda charges per invocation and per millisecond of compute time.
Billing, Pricing, and Support (12%)
Smallest domain by weight, but the questions are very specific. AWS pricing models come up constantly:
- On-Demand: Pay per hour or per second with no commitment. Highest unit cost, maximum flexibility.
- Reserved Instances: One- or three-year commitments for significant discounts (up to 72%). Best for predictable, steady-state workloads.
- Spot Instances: Bid on unused EC2 capacity at steep discounts (up to 90%), but AWS can reclaim the instance with two minutes' notice. Good for fault-tolerant workloads like batch processing.
- Savings Plans: Commit to a dollar amount of compute per hour for one or three years. More flexible than Reserved Instances because they apply across instance families and regions.
Know the AWS Free Tier's three offer types: always free (Lambda's 1 million requests/month), 12 months free (750 hours of t2.micro EC2), and trials (short-term access to specific services).
Support plans matter here too. Basic is free and includes billing support. Developer adds business-hours email access to Cloud Support Associates. Business gets 24/7 phone, email, and chat support plus a less-than-one-hour response time for production system down scenarios. Enterprise adds a Technical Account Manager (TAM) and a 15-minute response for business-critical workloads. The exam loves to ask which plan includes a TAM. The answer is always Enterprise.
AWS Organizations, consolidated billing, and Cost Explorer are testable. Know that Organizations lets you manage multiple AWS accounts centrally, consolidated billing aggregates charges across accounts for volume discounts, and Cost Explorer visualizes spending patterns over time.
What Changed from CLF-C01 to CLF-C02
The CLF-C01 retired in September 2023. If you're studying from older materials, be aware of the differences. Security and Compliance went from 25% to 30%. Billing dropped from 16% to 12%. Cloud Concepts dipped from 26% to 24%. Cloud Technology stayed roughly flat at 34%.
The bigger shift is in question style. The CLF-C01 tested definitions. "What is elasticity?" The CLF-C02 tests application. "A company's web traffic spikes every December. Which AWS feature allows them to automatically add and remove servers based on demand?" Same concept, but you need to recognize it in context. The CLF-C02 also added the Cloud Adoption Framework and increased coverage of serverless services.
Study Strategy
Two to four weeks of focused study is typical for someone with general IT familiarity. If cloud computing is entirely new to you, plan for six weeks.
Start with Cloud Concepts and Security. These two domains represent 54% of the exam, and the concepts from Security (shared responsibility, IAM, encryption) reappear in the other domains' questions. Once you're solid there, move to Cloud Technology and Services. Spend most of your service-memorization time on the big ones: EC2, S3, RDS, Lambda, VPC, IAM, CloudFront, Route 53, and DynamoDB. These cover a disproportionate share of exam questions.
Billing is the smallest domain, but don't skip it. The pricing model questions (on-demand vs. reserved vs. spot vs. savings plans) are straightforward if you've studied them, and nearly impossible to reason through if you haven't. Same for the support plan tiers.
Practice exams are the best predictor of readiness. If you're consistently scoring above 80% on full-length practice tests with realistic question styles, you're ready. Below 70%, keep studying. Between 70% and 80%, focus on the domains where you're weakest.
One technique that works well for service recognition: build a flashcard for every AWS service you encounter. Front side: service name. Back side: one sentence describing what it does. S3? Object storage. Lambda? Serverless compute, pay per invocation. GuardDuty? Threat detection using machine learning. You'll accumulate 40-60 cards. Run through them daily with spaced repetition and you'll lock in the associations within a week or two.
TechPrep AWS Cloud Practitioner
2,500 practice questions across all four CLF-C02 domains. 1,500 multiple-choice questions with detailed explanations plus 1,000 rapid-fire items for service recognition drills. Confidence calibration catches the topics where you feel solid but aren't.
Common Mistakes
Confusing security groups and NACLs. Security groups are stateful (return traffic is automatically allowed), operate at the instance level, and only support allow rules. NACLs are stateless (you must explicitly allow return traffic), operate at the subnet level, and support both allow and deny rules.
Mixing up S3 storage classes. Standard is for frequent access. Infrequent Access costs less per GB but charges a retrieval fee. Glacier is for archives you won't need for hours. Glacier Deep Archive is for archives you won't need for 12+ hours. Intelligent-Tiering automates the decision. If a question describes data that's accessed unpredictably, Intelligent-Tiering is usually the answer.
Overthinking billing questions. The exam asks about pricing models at a conceptual level. You won't calculate costs. You need to know that Reserved Instances suit steady workloads, Spot Instances suit interruptible workloads, and On-Demand suits everything else at a premium.
Forgetting that 15 questions are unscored. This isn't a strategic concern since you can't identify which ones they are. But it means a few questions that feel oddly specific or off-topic might be pretest items. Don't let them shake your confidence.
Test Day
The CLF-C02 is available at Pearson VUE testing centers and as an online proctored exam. Online proctoring requires a webcam, a clean desk, and a stable internet connection. Testing centers are more controlled but require scheduling and travel.
Bring valid government-issued ID. No notes, no phones, no reference materials. You can flag questions for review and return to them before submitting; unlike the CAT-ASVAB, the CLF-C02 lets you move forward and backward freely.
You'll see your pass/fail result immediately on screen. The detailed score report, broken down by domain, arrives via email within five business days. If you fail, you can retake the exam after 14 days. There's no limit on attempts, but each attempt costs $100 USD.