AWS Certified Cloud Practitioner

(CLF-C02) Exam Guide

Introduction
The AWS Certified Cloud Practitioner (CLF-C02) exam is intended for individuals who can effectively
demonstrate overall knowledge of the AWS Cloud, independent of a specific job role.

The exam validates a candidate’s ability to complete the following tasks:

• Explain the value of the AWS Cloud

• Understand and explain the AWS shared responsibility model
• Understand security best practices
• Understand AWS Cloud costs, economics, and billing practices
• Describe and position the core AWS services, including compute, network, database, and storage
services
• Identify AWS services for common use cases

Target candidate description

The target candidate has up to 6 months of exposure to AWS Cloud design, implementation, and/or
operations. This certification is ideal for candidates who are from non-IT backgrounds. These candidates
might be in the early stages of pursuing an AWS Cloud career or might work with people in AWS Cloud
roles.

Recommended AWS knowledge

The target candidate should have knowledge in the following areas:

• AWS Cloud concepts

• Security and compliance in the AWS Cloud
• Core AWS services
• Economics of the AWS Cloud

What is considered out of scope for the target candidate?

The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be
able to perform. These items are considered out of scope for the exam:

• Coding
• Cloud architecture design
• Troubleshooting
• Implementation
• Load and performance testing

To view a detailed list of specific tools and technologies that might be covered on the exam, in addition to
lists of in-scope AWS services and out-of-scope AWS services, refer to the Appendix.

Version 1.0 CLF-C02 1 | PAGE

Exam content
Response types
There are two types of questions on the exam:

• Multiple choice: Has one correct response and three incorrect responses (distractors)
• Multiple response: Has two or more correct responses out of five or more response options

Select one or more responses that best complete the statement or answer the question. Distractors, or
incorrect answers, are response options that a candidate with incomplete knowledge or skill might choose.
Distractors are generally plausible responses that match the content area.

Unanswered questions are scored as incorrect; there is no penalty for guessing. The exam includes 50
questions that will affect your score.

Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS collects information about
candidate performance on these unscored questions to evaluate these questions for future use as scored
questions. These unscored questions are not identified on the exam.

Exam results
The AWS Certified Cloud Practitioner (CLF-C02) exam is a pass or fail exam. The exam is scored against a
minimum standard established by AWS professionals who follow certification industry best practices and
guidelines.

Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 700.
Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring
models help equate scores across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance at each section level. This
information is intended to provide general feedback about your exam performance. The exam uses a
compensatory scoring model, which means that you do not need to achieve a passing score in each
section. You need to pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more questions than other
sections have. The table contains general information that highlights your strengths and weaknesses. Use
caution when interpreting section-level feedback.

Content outline
This exam guide includes weightings, test domains, and task statements for the exam. This guide is not a
comprehensive listing of the content on the exam. However, additional context for each of the task
statements is available to help guide your preparation for the exam. The following table lists the main
content domains and their weightings. The table precedes the complete exam content outline, which
includes the additional context. The percentage in each domain represents only scored content.

Version 1.0 CLF-C02 2 | PAGE

 Domain % of Exam
Domain 1: Cloud Concepts 24%

Domain 2: Security and Compliance 30%

Domain 3: Cloud Technology and Services 34%

Domain 4: Billing, Pricing, and Support 12%

TOTAL 100%

Domain 1: Cloud Concepts

Task Statement 1.1: Define the benefits of the AWS Cloud.

Knowledge of:
• Value proposition of the AWS Cloud

Skills in:
• Understanding the economies of scale (for example, cost savings)
• Understanding the benefits of global infrastructure (for example, speed of deployment, global
reach)
• Understanding the advantages of high availability, elasticity, and agility

Task Statement 1.2: Identify design principles of the AWS Cloud.

Knowledge of:
• AWS Well-Architected Framework

Skills in:
• Understanding the pillars of the Well-Architected Framework (for example, operational
excellence, security, reliability, performance efficiency, cost optimization, sustainability)
• Identifying differences between the pillars of the Well-Architected Framework

Task Statement 1.3: Understand the benefits of and strategies for migration to the AWS Cloud.

Knowledge of:
• Cloud adoption strategies
• Resources to support the cloud migration journey

Skills in:
• Understanding the benefits of the AWS Cloud Adoption Framework (AWS CAF) (for example,
reduced business risk; improved environmental, social, and governance [ESG]performance;
increased revenue; increased operational efficiency)
• Identifying appropriate migration strategies (for example, database replication, use of AWS
Snowball)

Version 1.0 CLF-C02 3 | PAGE

Task Statement 1.4: Understand concepts of cloud economics.

Knowledge of:
• Aspects of cloud economics
• Cost savings of moving to the cloud

Skills in:
• Understanding the role of fixed costs compared with variable costs
• Understanding costs that are associated with on-premises environments
• Understanding the differences between licensing strategies (for example, Bring Your Own
License [BYOL] model compared with included licenses)
• Understanding the concept of rightsizing
• Identifying benefits of automation (for example, provisioning and configuration management
with AWS CloudFormation)
• Identifying managed AWS services (for example, Amazon RDS, Amazon Elastic Container
Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], Amazon DynamoDB)

Domain 2: Security and Compliance

Task Statement 2.1: Understand the AWS shared responsibility model.

Knowledge of:
• AWS shared responsibility model

Skills in:
• Recognizing the components of the AWS shared responsibility model
• Describing the customer’s responsibilities on AWS
• Describing AWS responsibilities
• Describing responsibilities that the customer and AWS share
• Describing how AWS responsibilities and customer responsibilities can shift, depending on the
service used (for example, Amazon RDS, AWS Lambda, Amazon EC2)

Task Statement 2.2: Understand AWS Cloud security, governance, and compliance concepts.

Knowledge of:
• AWS compliance and governance concepts
• Benefits of cloud security (for example, encryption)
• Where to capture and locate logs that are associated with cloud security

Skills in:
• Identifying where to find AWS compliance information (for example, AWS Artifact)
• Understanding compliance needs among geographic locations or industries (for example, AWS
Compliance)
• Describing how customers secure resources on AWS (for example, Amazon Inspector, AWS
Security Hub, Amazon GuardDuty, AWS Shield)
• Identifying different encryption options (for example, encryption in transit, encryption at rest)

Version 1.0 CLF-C02 4 | PAGE

 • Recognizing services that aid in governance and compliance (for example, monitoring with
Amazon CloudWatch; auditing with AWS CloudTrail, AWS Audit Manager, and AWS Config;
reporting with access reports)
• Recognizing compliance requirements that vary among AWS services

Task Statement 2.3: Identify AWS access management capabilities.

Knowledge of:
• Identity and access management (for example, AWS Identity and Access Management [IAM])
• Importance of protecting the AWS root user account
• Principle of least privilege
• AWS IAM Identity Center (AWS Single Sign-On)

Skills in:
• Understanding access keys, password policies, and credential storage (for example, AWS
Secrets Manager, AWS Systems Manager)
• Identifying authentication methods in AWS (for example, multi-factor authentication [MFA],
IAM Identity Center, cross-account IAM roles)
• Defining groups, users, custom policies, and managed policies in compliance with the principle
of least privilege
• Identifying tasks that only the account root user can perform
• Understanding which methods can achieve root user protection
• Understanding the types of identity management (for example, federated)

Task Statement 2.4: Identify components and resources for security.

Knowledge of:
• Security capabilities that AWS provides
• Security-related documentation that AWS provides

Skills in:
• Describing AWS security features and services (for example, security groups, network ACLs,
AWS WAF)
• Understanding that third-party security products are available from AWS Marketplace
• Identifying where AWS security information is available (for example, AWS Knowledge Center,
AWS Security Center, AWS Security Blog)
• Understanding the use of AWS services for identifying security issues (for example, AWS
Trusted Advisor)

Domain 3: Cloud Technology and Services

Task Statement 3.1: Define methods of deploying and operating in the AWS Cloud.

Knowledge of:
• Different ways of provisioning and operating in the AWS Cloud
• Different ways to access AWS services
• Types of cloud deployment models
• Connectivity options

Version 1.0 CLF-C02 5 | PAGE

 Skills in:
• Deciding between options such as programmatic access (for example, APIs, SDKs, CLI), the
AWS Management Console, and infrastructure as code (IaC)
• Evaluating requirements to determine whether to use one-time operations or repeatable
processes
• Identifying different deployment models (for example, cloud, hybrid, on-premises)
• Identifying connectivity options (for example, AWS VPN, AWS Direct Connect, public internet)

Task Statement 3.2: Define the AWS global infrastructure.

Knowledge of:
• AWS Regions, Availability Zones, and edge locations
• High availability
• Use of multiple Regions
• Benefits of edge locations
• AWS Wavelength Zones and AWS Local Zones

Skills in:
• Describing relationships among Regions, Availability Zones, and edge locations
• Describing how to achieve high availability by using multiple Availability Zones
• Recognizing that Availability Zones do not share single points of failure
• Describing when to use multiple Regions (for example, disaster recovery, business continuity,
low latency for end users, data sovereignty)
• Describing at a high level the benefits of edge locations (for example, Amazon CloudFront,
AWS Global Accelerator)

Task Statement 3.3: Identify AWS compute services.

Knowledge of:
• AWS compute services

Skills in:
• Recognizing the appropriate use of different EC2 instance types (for example, compute
optimized, storage optimized)
• Recognizing the appropriate use of different container options (for example, Amazon ECS,
Amazon EKS)
• Recognizing the appropriate use of different serverless compute options (for example, AWS
Fargate, Lambda)
• Recognizing that auto scaling provides elasticity
• Identifying the purposes of load balancers

Task Statement 3.4: Identify AWS database services.

Knowledge of:
• AWS database services
• Database migration

Version 1.0 CLF-C02 6 | PAGE

 Skills in:
• Deciding when to use EC2 hosted databases or AWS managed databases
• Identifying relational databases (for example, Amazon RDS, Amazon Aurora)
• Identifying NoSQL databases (for example, DynamoDB)
• Identifying memory-based databases
• Identifying database migration tools (for example AWS Database Migration Service [AWS
DMS], AWS Schema Conversion Tool [AWS SCT])

Task Statement 3.5: Identify AWS network services.

Knowledge of:
• AWS network services

Skills in:
• Identifying the components of a VPC (for example, subnets, gateways)
• Understanding security in a VPC (for example, network ACLs, security groups)
• Understanding the purpose of Amazon Route 53
• Identifying edge services (for example, CloudFront, Global Accelerator)
• Identifying network connectivity options to AWS (for example AWS VPN, Direct Connect)

Task Statement 3.6: Identify AWS storage services.

Knowledge of:
• AWS storage services

Skills in:
• Identifying the uses for object storage
• Recognizing the differences in Amazon S3 storage classes
• Identifying block storage solutions (for example, Amazon Elastic Block Store [Amazon EBS],
instance store)
• Identifying file services (for example, Amazon Elastic File System [Amazon EFS], Amazon FSx)
• Identifying cached file systems (for example, AWS Storage Gateway)
• Understanding use cases for lifecycle policies
• Understanding use cases for AWS Backup

Task Statement 3.7: Identify AWS artificial intelligence and machine learning (AI/ML) services and analytics
services.

Knowledge of:
• AWS AI/ML services
• AWS analytics services

Skills in:
• Understanding the different AI/ML services and the tasks that they accomplish (for example,
Amazon SageMaker, Amazon Lex, Amazon Kendra)
• Identifying the services for data analytics (for example, Amazon Athena, Amazon Kinesis, AWS
Glue, Amazon QuickSight)

Version 1.0 CLF-C02 7 | PAGE

Task Statement 3.8: Identify services from other in-scope AWS service categories.

Knowledge of:
• Application integration services of Amazon EventBridge, Amazon Simple Notification Service
(Amazon SNS), and Amazon Simple Queue Service (Amazon SQS)
• Business application services of Amazon Connect and Amazon Simple Email Service (Amazon
SES)
• Customer engagement services of AWS Activate for Startups, AWS IQ, AWS Managed Services
(AMS), and AWS Support
• Developer tool services and capabilities of AWS AppConfig, AWS Cloud9, AWS CloudShell,
AWS CodeArtifact, AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, AWS CodePipeline,
AWS CodeStar, and AWS X-Ray
• End-user computing services of Amazon AppStream 2.0, Amazon WorkSpaces, and Amazon
WorkSpaces Web
• Frontend web and mobile services of AWS Amplify and AWS AppSync
• IoT services of AWS IoT Core and AWS IoT Greengrass

Skills in:
• Choosing the appropriate service to deliver messages and to send alerts and notifications
• Choosing the appropriate service to meet business application needs
• Choosing the appropriate service for AWS customer support
• Choosing the appropriate option for business support assistance
• Identifying the tools to develop, deploy, and troubleshoot applications
• Identifying the services that can present the output of virtual machines (VMs) on end-user
machines
• Identifying the services that can create and deploy frontend and mobile services
• Identifying the services that manage IoT devices

Domain 4: Billing, Pricing, and Support

Task Statement 4.1: Compare AWS pricing models.

Knowledge of:
• Compute purchasing options (for example, On-Demand Instances, Reserved Instances, Spot
Instances, Savings Plans, Dedicated Hosts, Dedicated Instances, Capacity Reservations)
• Data transfer charges
• Storage options and tiers

Skills in:
• Identifying and comparing when to use various compute purchasing options
• Describing Reserved Instance flexibility
• Describing Reserved Instance behavior in AWS Organizations
• Understanding incoming data transfer costs and outgoing data transfer costs (for example,
from one Region to another Region, within the same Region)
• Understanding different pricing options for various storage options and tiers

Version 1.0 CLF-C02 8 | PAGE

Task Statement 4.2: Understand resources for billing, budget, and cost management.

Knowledge of:
• Billing support and information
• Pricing information for AWS services
• AWS Organizations
• AWS cost allocation tags

Skills in:
• Understanding the appropriate uses and capabilities of AWS Budgets, AWS Cost Explorer, and
AWS Billing Conductor
• Understanding the appropriate uses and capabilities of AWS Pricing Calculator
• Understanding AWS Organizations consolidated billing and allocation of costs
• Understanding various types of cost allocation tags and their relation to billing reports (for
example, AWS Cost and Usage Report)

Task Statement 4.3: Identify AWS technical resources and AWS Support options.

Knowledge of:
• Resources and documentation available on official AWS websites
• AWS Support plans
• Role of the AWS Partner Network, including independent software vendors and system
integrators
• AWS Support Center

Skills in:
• Locating AWS whitepapers, blogs, and documentation on official AWS websites
• Identifying and locating AWS technical resources (for example AWS Prescriptive Guidance,
AWS Knowledge Center, AWS re:Post)
• Identifying AWS Support options for AWS customers (for example, customer service and
communities, AWS Developer Support, AWS Business Support, AWS Enterprise On-Ramp
Support, AWS Enterprise Support)
• Identifying the role of Trusted Advisor, AWS Health Dashboard, and the AWS Health API to
help manage and monitor environments for cost optimization
• Identifying the role of the AWS Trust and Safety team to report abuse of AWS resources
• Understanding the role of AWS Partners (for example AWS Marketplace, independent software
vendors, system integrators)
• Identifying the benefits of being an AWS Partner (for example, partner training and
certification, partner events, partner volume discounts)
• Identifying the key services that AWS Marketplace offers (for example, cost management,
governance and entitlement)
• Identifying technical assistance options available at AWS (for example, AWS Professional
Services, AWS Solutions Architects)

Version 1.0 CLF-C02 9 | PAGE

Appendix
Which key tools, technologies, and concepts might be covered on the exam?
The following is a non-exhaustive list of the tools, technologies, and concepts that could appear on the
exam. This list is subject to change and is provided to help you understand the general scope of services,
features, or technologies on the exam. Although some of these topics will likely be covered more than
others on the exam, the order and placement of them in this list is no indication of relative weight or
importance:

• APIs
• Benefits of migrating to the AWS Cloud
• AWS Cloud Adoption Framework (AWS CAF)
• AWS Compliance
• Compute
• Cost management
• Databases
• Amazon EC2 instance types (for example, Reserved, On-Demand, Spot)
• AWS global infrastructure (for example, AWS Regions, Availability Zones)
• Infrastructure as code (IaC)
• AWS Knowledge Center
• Machine learning
• Management and governance
• Migration and data transfer
• Network services
• AWS Partner Network
• AWS Prescriptive Guidance
• AWS Pricing Calculator
• AWS Professional Services
• AWS re:Post
• AWS SDKs
• Security
• AWS Security Blog
• AWS Security Center
• AWS shared responsibility model
• AWS Solutions Architects
• Storage
• AWS Support Center
• AWS Support plans
• AWS Well-Architected Framework

Version 1.0 CLF-C02 10 | PAGE

In-scope AWS services and features
Analytics:
• Amazon Athena
• AWS Data Exchange
• Amazon EMR
• AWS Glue
• Amazon Kinesis
• Amazon Managed Streaming for Apache Kafka (Amazon MSK)
• Amazon OpenSearch Service
• Amazon QuickSight
• Amazon Redshift

Application Integration:
• Amazon EventBridge
• Amazon Simple Notification Service (Amazon SNS)
• Amazon Simple Queue Service (Amazon SQS)
• AWS Step Functions

Business Productivity:
• Amazon Connect
• Amazon Simple Email Service (Amazon SES)

Compute:
• AWS Batch
• Amazon EC2
• AWS Elastic Beanstalk
• Amazon Lightsail
• AWS Local Zones
• AWS Outposts
• AWS Wavelength

Containers:
• Amazon Elastic Container Registry (Amazon ECR)
• Amazon Elastic Container Service (Amazon ECS)
• Amazon Elastic Kubernetes Service (Amazon EKS)

Cost Management:
• AWS Billing Conductor
• AWS Budgets
• AWS Cost and Usage Report
• AWS Cost Explorer
• AWS Marketplace

Customer Engagement:
• AWS Activate for Startups
• AWS IQ
• AWS Managed Services (AMS)
• AWS Support

Version 1.0 CLF-C02 11 | PAGE

Database:
• Amazon Aurora
• Amazon DynamoDB
• Amazon MemoryDB for Redis
• Amazon Neptune
• Amazon RDS

Developer Tools:
• AWS AppConfig
• AWS CLI
• AWS Cloud9
• AWS CloudShell
• AWS CodeArtifact
• AWS CodeBuild
• AWS CodeCommit
• AWS CodeDeploy
• AWS CodePipeline
• AWS CodeStar
• AWS X-Ray

End-User Computing:
• Amazon AppStream 2.0
• Amazon WorkSpaces
• Amazon WorkSpaces Web

Frontend Web and Mobile:

• AWS Amplify
• AWS AppSync
• AWS Device Farm

Internet of Things (IoT):

• AWS IoT Core
• AWS IoT Greengrass

Machine Learning:
• Amazon Comprehend
• Amazon Kendra
• Amazon Lex
• Amazon Polly
• Amazon Rekognition
• Amazon SageMaker
• Amazon Textract
• Amazon Transcribe
• Amazon Translate

Version 1.0 CLF-C02 12 | PAGE

Management and Governance:
• AWS Auto Scaling
• AWS CloudFormation
• AWS CloudTrail
• Amazon CloudWatch
• AWS Compute Optimizer
• AWS Config
• AWS Control Tower
• AWS Health Dashboard
• AWS Launch Wizard
• AWS License Manager
• AWS Management Console
• AWS Organizations
• AWS Resource Groups and Tag Editor
• AWS Service Catalog
• AWS Systems Manager
• AWS Trusted Advisor
• AWS Well-Architected Tool

Migration and Transfer:

• AWS Application Discovery Service
• AWS Application Migration Service
• AWS Database Migration Service (AWS DMS)
• AWS Migration Hub
• AWS Schema Conversion Tool (AWS SCT)
• AWS Snow Family
• AWS Transfer Family

Networking and Content Delivery:

• Amazon API Gateway
• Amazon CloudFront
• AWS Direct Connect
• AWS Global Accelerator
• Amazon Route 53
• Amazon VPC
• AWS VPN

Security, Identity, and Compliance:

• AWS Artifact
• AWS Audit Manager
• AWS Certificate Manager (ACM)
• AWS CloudHSM
• Amazon Cognito
• Amazon Detective
• AWS Directory Service
• AWS Firewall Manager
• Amazon GuardDuty
• AWS Identity and Access Management (IAM)
• AWS IAM Identity Center (AWS Single Sign-On)

Version 1.0 CLF-C02 13 | PAGE

 • Amazon Inspector
• AWS Key Management Service (AWS KMS)
• Amazon Macie
• AWS Network Firewall
• AWS Resource Access Manager (AWS RAM)
• AWS Secrets Manager
• AWS Security Hub
• AWS Shield
• AWS WAF
Serverless:
• AWS Fargate
• AWS Lambda

Storage:
• AWS Backup
• Amazon Elastic Block Store (Amazon EBS)
• Amazon Elastic File System (Amazon EFS)
• AWS Elastic Disaster Recovery
• Amazon FSx
• Amazon S3
• Amazon S3 Glacier
• AWS Storage Gateway

Out-of-scope AWS services and features

The following is a non-exhaustive list of AWS services and features that are not covered on the exam.
These services and features do not represent every AWS offering that is excluded from the exam content.
Services or features that are entirely unrelated to the target job roles for the exam are excluded from this
list because they are assumed to be irrelevant.

Out-of-scope AWS services and features include the following:

Game Tech:
• Amazon GameLift
• Amazon Lumberyard

Media Services:
• AWS Elemental Appliances and Software
• AWS Elemental MediaConnect
• AWS Elemental MediaConvert
• AWS Elemental MediaLive
• AWS Elemental MediaPackage
• AWS Elemental MediaStore
• AWS Elemental MediaTailor
• Amazon Interactive Video Service (Amazon IVS)

Robotics:
• AWS RoboMaker

Version 1.0 CLF-C02 14 | PAGE