This second practice exam shifts the focus toward AWS services in depth. You will encounter questions about global infrastructure, compute pricing models, storage types, database options, networking components, and cost management tools. The exam contains 20 questions spanning all four CLF-C02 domains and is designed to take approximately 30 minutes. As before, answer all questions before checking your results by expanding each accordion.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/roxsross/aws-cloud-practitioner-complete-guide/llms.txt
Use this file to discover all available pages before exploring further.
Exam Instructions
Prepare Your Answer Sheet
Time Yourself
Reveal and Score
Domain 1: Cloud Concepts (5 Questions)
Question 1: An AWS Region consists of multiple isolated locations within a geographic area. What are these isolated locations called?
Question 1: An AWS Region consists of multiple isolated locations within a geographic area. What are these isolated locations called?
- A) Edge Locations
- B) Availability Zones
- C) Regional Clusters
- D) Data Center Pods
Question 2: What is the difference between elasticity and scalability in the context of cloud computing?
Question 2: What is the difference between elasticity and scalability in the context of cloud computing?
- A) Elasticity means adding more servers permanently; scalability means adding them temporarily
- B) Scalability refers to the ability to handle increased load; elasticity refers to automatically scaling in and out to match demand
- C) They are synonyms and mean the same thing in AWS documentation
- D) Elasticity applies only to storage services; scalability applies only to compute services
Question 3: How many AWS Regions does an Edge Location belong to?
Question 3: How many AWS Regions does an Edge Location belong to?
- A) Edge Locations belong to a specific AWS Region
- B) Edge Locations are independent of Regions and exist in a global network separate from the Regional infrastructure
- C) Each Edge Location belongs to exactly two Regions for redundancy
- D) Edge Locations are the same as Availability Zones
Question 4: A company runs a batch processing workload every weekend that can be interrupted and restarted without issue. Which EC2 pricing model offers the greatest cost savings for this use case?
Question 4: A company runs a batch processing workload every weekend that can be interrupted and restarted without issue. Which EC2 pricing model offers the greatest cost savings for this use case?
- A) On-Demand Instances
- B) Reserved Instances (Standard, 3-year term)
- C) Spot Instances
- D) Dedicated Instances
Question 5: AWS Compute Optimizer analyzes your workload metrics and provides recommendations to improve performance and reduce costs. Which metric does it primarily analyze?
Question 5: AWS Compute Optimizer analyzes your workload metrics and provides recommendations to improve performance and reduce costs. Which metric does it primarily analyze?
- A) Monthly billing data from AWS Cost Explorer
- B) Historical CPU utilization, memory usage, and network I/O from CloudWatch
- C) IAM policy attachments and unused permissions
- D) S3 access patterns and storage class assignments
Domain 2: Security & Compliance (6 Questions)
Question 6: What is an IAM Role, and when should it be used instead of an IAM User?
Question 6: What is an IAM Role, and when should it be used instead of an IAM User?
- A) An IAM Role is a named collection of policies applied to a specific person; use it for all human users
- B) An IAM Role is an identity with permission policies that can be assumed by AWS services, applications, or users from another account, without needing long-term credentials
- C) An IAM Role is the same as an IAM Group but limited to a single policy
- D) An IAM Role is only used for cross-account billing consolidation
Question 7: What is the difference between AWS Shield Standard and AWS Shield Advanced?
Question 7: What is the difference between AWS Shield Standard and AWS Shield Advanced?
- A) AWS Shield Standard protects only EC2; AWS Shield Advanced protects all AWS services
- B) AWS Shield Standard provides automatic DDoS protection for all AWS customers at no extra charge; AWS Shield Advanced adds enhanced detection, 24/7 DDoS response team access, and cost protection, for a fee
- C) AWS Shield Standard requires manual activation in the AWS console; AWS Shield Advanced activates automatically
- D) They are the same product with different marketing names
Question 8: A company needs to demonstrate AWS compliance reports and certifications to their auditors for a SOC 2 assessment. Which AWS service provides access to these compliance documents?
Question 8: A company needs to demonstrate AWS compliance reports and certifications to their auditors for a SOC 2 assessment. Which AWS service provides access to these compliance documents?
- A) AWS Config
- B) AWS Artifact
- C) AWS CloudTrail
- D) AWS Trusted Advisor
Question 9: What is the primary purpose of AWS Key Management Service (KMS)?
Question 9: What is the primary purpose of AWS Key Management Service (KMS)?
- A) To manage SSH key pairs for EC2 instance access
- B) To create and manage cryptographic keys used to encrypt and decrypt data across AWS services
- C) To store database passwords and API keys for applications
- D) To manage SSL/TLS certificates for web applications
Question 10: What are Service Control Policies (SCPs) in AWS Organizations, and what do they control?
Question 10: What are Service Control Policies (SCPs) in AWS Organizations, and what do they control?
- A) SCPs are IAM policies automatically applied to all IAM users in an account
- B) SCPs are policies attached to Organizational Units (OUs) or accounts that define the maximum permissions available to accounts in the organization — they cannot grant permissions, only restrict them
- C) SCPs control which AWS services are available in each AWS Region
- D) SCPs are billing policies that set spending limits for member accounts
Question 11: What is VPC Peering in AWS?
Question 11: What is VPC Peering in AWS?
- A) A way to connect a VPC to an on-premises data center using an encrypted VPN
- B) A networking connection between two VPCs that enables traffic to route between them using private IP addresses, as if they were in the same network
- C) A feature that automatically mirrors all VPC traffic to a security analysis tool
- D) A dedicated 1 Gbps fiber connection between two AWS Regions
Domain 3: Technology & Services (7 Questions)
Question 12: A development team wants to deploy a web application without worrying about the underlying infrastructure, but still needs control over the application code and configuration. Which AWS service is best suited for this?
Question 12: A development team wants to deploy a web application without worrying about the underlying infrastructure, but still needs control over the application code and configuration. Which AWS service is best suited for this?
- A) Amazon EC2 with manual configuration
- B) AWS Elastic Beanstalk
- C) AWS Lambda
- D) Amazon Lightsail
Question 13: Which of the following accurately describes the difference between Amazon EBS, Amazon S3, and Amazon EFS?
Question 13: Which of the following accurately describes the difference between Amazon EBS, Amazon S3, and Amazon EFS?
- A) EBS is object storage; S3 is block storage; EFS is file storage
- B) EBS is block storage attached to a single EC2 instance; S3 is object storage for unstructured data accessed via HTTP; EFS is a shared file system that can be mounted by multiple EC2 instances simultaneously
- C) All three services provide the same type of storage, differing only in price
- D) S3 can only be accessed from within a VPC; EBS and EFS are both publicly accessible
Question 14: An application processes orders by placing messages in a queue so that downstream services can process them independently. Which AWS service provides this managed message queuing capability?
Question 14: An application processes orders by placing messages in a queue so that downstream services can process them independently. Which AWS service provides this managed message queuing capability?
- A) Amazon SNS (Simple Notification Service)
- B) Amazon SQS (Simple Queue Service)
- C) Amazon Kinesis Data Streams
- D) AWS EventBridge
Question 15: What is the purpose of an Amazon VPC NAT Gateway?
Question 15: What is the purpose of an Amazon VPC NAT Gateway?
- A) To allow instances in a public subnet to communicate with instances in a private subnet
- B) To enable EC2 instances in private subnets to initiate outbound connections to the internet while preventing inbound connections from the internet
- C) To translate DNS names to IP addresses for resources inside the VPC
- D) To create a secure site-to-site VPN connection from the VPC to an on-premises network
Question 16: A company needs to migrate 200TB of data from its on-premises data center to Amazon S3. Their internet connection is too slow and unreliable for an online transfer. Which AWS service should they use?
Question 16: A company needs to migrate 200TB of data from its on-premises data center to Amazon S3. Their internet connection is too slow and unreliable for an online transfer. Which AWS service should they use?
- A) AWS DataSync over the internet
- B) AWS Snowball Edge
- C) AWS Storage Gateway
- D) Amazon S3 Transfer Acceleration
Question 17: What distinguishes Amazon Aurora from a standard Amazon RDS database instance?
Question 17: What distinguishes Amazon Aurora from a standard Amazon RDS database instance?
- A) Aurora only supports NoSQL workloads; RDS supports both SQL and NoSQL
- B) Aurora is AWS’s cloud-native relational database engine that offers up to 5x throughput of standard MySQL and 3x of PostgreSQL, with automatic storage scaling and up to 15 read replicas
- C) Aurora is a data warehousing solution optimized for analytics queries
- D) Aurora requires manual backups; RDS provides automated backups
Question 18: Which AWS service allows you to define and provision your entire cloud infrastructure as code using templates, enabling repeatable and consistent deployments?
Question 18: Which AWS service allows you to define and provision your entire cloud infrastructure as code using templates, enabling repeatable and consistent deployments?
- A) AWS CodePipeline
- B) AWS OpsWorks
- C) AWS CloudFormation
- D) AWS Systems Manager
Domain 4: Billing & Support (2 Questions)
Question 19: What is the difference between AWS Cost Explorer and AWS Budgets?
Question 19: What is the difference between AWS Cost Explorer and AWS Budgets?
- A) Cost Explorer sets spending limits and sends alerts; Budgets visualizes historical spending
- B) Cost Explorer provides interactive visualizations and reports of your historical and forecasted AWS costs and usage; Budgets allows you to set custom cost or usage thresholds and receive alerts when they are exceeded or forecasted to be exceeded
- C) They are the same tool accessed from different sections of the AWS console
- D) Cost Explorer is only available on the Enterprise Support plan; Budgets is available to all customers
Question 20: Which AWS service provides a recommendation engine that analyzes your EC2 usage and recommends the optimal instance types or Reserved Instance purchases to reduce costs?
Question 20: Which AWS service provides a recommendation engine that analyzes your EC2 usage and recommends the optimal instance types or Reserved Instance purchases to reduce costs?
- A) AWS Trusted Advisor
- B) AWS Cost Explorer Reserved Instance Recommendations
- C) AWS Pricing Calculator
- D) AWS Compute Optimizer
