AWS CERTIFIED CLOUD
PRACTITIONER (CLF-
C02) QUESTIONS AND ANSWERS
WITH RATIONALES/GRADED
A+/2026 UPDATE/100% CORRECT
/INSTANT DOWNLOAD
Domain 1: Cloud Concepts (24%)
Q1. A multinational bank wants to move from owning physical servers to paying only
for the computing power they use, scaling down during off-peak hours. Which cloud
benefit does this primarily represent?
A) High Availability
B) Agility
C) OpEX (Operational Expenditure)
D) Global Reach
Rationale: Moving from purchasing data centers (Capital Expenditure/CapEx) to
paying only for what you consume (Operational Expenditure/OpEx) is a core benefit
of cloud computing .
Q2. Which design principle allows an application to automatically request more
server capacity during a flash sale and release it when the sale ends?
A) Fault Tolerance
B) Elasticity
C) Durability
D) Decoupling
Rationale: Elasticity is the ability to scale resources up and down automatically
based on demand, a hallmark of cloud computing .
,Q3. A game developer needs to deploy servers in multiple countries to reduce
latency for players. Which AWS element provides this geographic expansion?
A) AWS Global Infrastructure
B) Amazon Route 53
C) AWS WAF
D) AWS Direct Connect
Rationale: The AWS Global Infrastructure (Regions, Availability Zones, and Edge
Locations) allows you to deploy resources worldwide for low latency .
Q4. What is the "Principle of Least Privilege" in IAM?
A) Giving users administrative access by default
B) Granting only the specific permissions required to perform a task
C) Allowing all traffic to flow freely
D) Sharing passwords among team members
Rationale: Security best practice dictates users should have the minimum
permissions necessary to do their jobs .
Q5. You need to run a short, event-driven Python script triggered by an image
upload. Which compute service is most cost-effective?
A) Amazon EC2 (Always on)
B) AWS Lambda (Serverless)
C) Amazon Lightsail
D) AWS Elastic Beanstalk
Rationale: AWS Lambda runs code only when triggered (e.g., by S3 uploads) and
charges only for compute time used, making it ideal for intermittent workloads .
Q6. Which cost model is best for a workload that can tolerate interruptions (e.g.,
batch processing)?
A) On-Demand Instances
B) Reserved Instances
C) Spot Instances
D) Dedicated Hosts
Rationale: Spot Instances offer up to 90% discount but can be reclaimed by AWS,
ideal for fault-tolerant or stateless workloads .
Q7. What is the primary purpose of an AWS Availability Zone (AZ)?
A) To serve as a content delivery network
B) To provide physically separate, isolated infrastructure within a Region
C) To manage billing alarms
D) To store encrypted backups
, Rationale: AZs are distinct physical locations with independent power and cooling,
enabling high availability .
Q8. A startup wants to launch quickly without upfront hardware costs. Which cloud
advantage is most relevant?
A) Agility
B) Physical control
C) Capital expenditure
D) Data sovereignty
Rationale: Agility refers to the ability to deploy resources in minutes globally,
allowing rapid experimentation .
Q9. Which model requires the customer to manage the application and data, but
AWS manages the runtime and OS?
A) On-Premises
B) IaaS (Infrastructure as a Service)
C) PaaS (Platform as a Service)
D) SaaS (Software as a Service)
Rationale: PaaS manages the platform (OS, runtime) for you so you can focus on
code .
Q10. You need a dedicated, private connection from your office to AWS. Which
service do you use?
A) AWS Direct Connect
B) AWS VPN
C) Internet Gateway
D) VPC Peering
Rationale: Direct Connect provides a private, dedicated fiber connection, bypassing
the public internet.
Domain 2: Security and Compliance (30%)
Q11. Who is responsible for "Security IN the Cloud" (e.g., patching the guest OS on
an EC2 instance)?
A) The Customer
B) AWS
C) The Security Assertion Markup Language (SAML)
D) The Third-Party Auditor
PRACTITIONER (CLF-
C02) QUESTIONS AND ANSWERS
WITH RATIONALES/GRADED
A+/2026 UPDATE/100% CORRECT
/INSTANT DOWNLOAD
Domain 1: Cloud Concepts (24%)
Q1. A multinational bank wants to move from owning physical servers to paying only
for the computing power they use, scaling down during off-peak hours. Which cloud
benefit does this primarily represent?
A) High Availability
B) Agility
C) OpEX (Operational Expenditure)
D) Global Reach
Rationale: Moving from purchasing data centers (Capital Expenditure/CapEx) to
paying only for what you consume (Operational Expenditure/OpEx) is a core benefit
of cloud computing .
Q2. Which design principle allows an application to automatically request more
server capacity during a flash sale and release it when the sale ends?
A) Fault Tolerance
B) Elasticity
C) Durability
D) Decoupling
Rationale: Elasticity is the ability to scale resources up and down automatically
based on demand, a hallmark of cloud computing .
,Q3. A game developer needs to deploy servers in multiple countries to reduce
latency for players. Which AWS element provides this geographic expansion?
A) AWS Global Infrastructure
B) Amazon Route 53
C) AWS WAF
D) AWS Direct Connect
Rationale: The AWS Global Infrastructure (Regions, Availability Zones, and Edge
Locations) allows you to deploy resources worldwide for low latency .
Q4. What is the "Principle of Least Privilege" in IAM?
A) Giving users administrative access by default
B) Granting only the specific permissions required to perform a task
C) Allowing all traffic to flow freely
D) Sharing passwords among team members
Rationale: Security best practice dictates users should have the minimum
permissions necessary to do their jobs .
Q5. You need to run a short, event-driven Python script triggered by an image
upload. Which compute service is most cost-effective?
A) Amazon EC2 (Always on)
B) AWS Lambda (Serverless)
C) Amazon Lightsail
D) AWS Elastic Beanstalk
Rationale: AWS Lambda runs code only when triggered (e.g., by S3 uploads) and
charges only for compute time used, making it ideal for intermittent workloads .
Q6. Which cost model is best for a workload that can tolerate interruptions (e.g.,
batch processing)?
A) On-Demand Instances
B) Reserved Instances
C) Spot Instances
D) Dedicated Hosts
Rationale: Spot Instances offer up to 90% discount but can be reclaimed by AWS,
ideal for fault-tolerant or stateless workloads .
Q7. What is the primary purpose of an AWS Availability Zone (AZ)?
A) To serve as a content delivery network
B) To provide physically separate, isolated infrastructure within a Region
C) To manage billing alarms
D) To store encrypted backups
, Rationale: AZs are distinct physical locations with independent power and cooling,
enabling high availability .
Q8. A startup wants to launch quickly without upfront hardware costs. Which cloud
advantage is most relevant?
A) Agility
B) Physical control
C) Capital expenditure
D) Data sovereignty
Rationale: Agility refers to the ability to deploy resources in minutes globally,
allowing rapid experimentation .
Q9. Which model requires the customer to manage the application and data, but
AWS manages the runtime and OS?
A) On-Premises
B) IaaS (Infrastructure as a Service)
C) PaaS (Platform as a Service)
D) SaaS (Software as a Service)
Rationale: PaaS manages the platform (OS, runtime) for you so you can focus on
code .
Q10. You need a dedicated, private connection from your office to AWS. Which
service do you use?
A) AWS Direct Connect
B) AWS VPN
C) Internet Gateway
D) VPC Peering
Rationale: Direct Connect provides a private, dedicated fiber connection, bypassing
the public internet.
Domain 2: Security and Compliance (30%)
Q11. Who is responsible for "Security IN the Cloud" (e.g., patching the guest OS on
an EC2 instance)?
A) The Customer
B) AWS
C) The Security Assertion Markup Language (SAML)
D) The Third-Party Auditor
