This third and final practice exam uses scenario-based questions — the format most commonly seen on the real AWS CLF-C02 exam. Each question describes a real-world business situation and asks you to identify the most appropriate AWS service or solution. The exam contains 20 questions across all four exam domains and should take approximately 30 minutes. Scenario questions require you to understand why a service is used, not just what it does. Challenge yourself: answer all 20 before expanding a single accordion.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/roxsross/aws-cloud-practitioner-complete-guide/llms.txt
Use this file to discover all available pages before exploring further.
Exam Instructions
Read Each Scenario Carefully
Use the Process of Elimination
Answer All 20 Before Checking
Domain 1: Cloud Concepts (5 Questions)
Question 1: A small startup is launching their first web application and wants a simple, straightforward cloud platform with pre-configured virtual servers, storage, and networking — without the complexity of configuring a full VPC. Which AWS service is designed for this use case?
Question 1: A small startup is launching their first web application and wants a simple, straightforward cloud platform with pre-configured virtual servers, storage, and networking — without the complexity of configuring a full VPC. Which AWS service is designed for this use case?
- A) Amazon EC2 with a custom VPC configuration
- B) AWS Elastic Beanstalk
- C) Amazon Lightsail
- D) AWS Fargate
Question 2: A company wants to run a web server that experiences traffic spikes during business hours but near-zero traffic overnight. They want to avoid paying for unused capacity during off-peak hours while ensuring the application always has sufficient resources during peak times. Which solution best addresses this need?
Question 2: A company wants to run a web server that experiences traffic spikes during business hours but near-zero traffic overnight. They want to avoid paying for unused capacity during off-peak hours while ensuring the application always has sufficient resources during peak times. Which solution best addresses this need?
- A) Purchase Reserved Instances sized for peak traffic
- B) Deploy EC2 On-Demand instances with an Auto Scaling group that scales based on CPU utilization
- C) Use a single large On-Demand EC2 instance large enough for peak traffic
- D) Use AWS Lambda for the web server application
Question 3: A global e-commerce company wants to expand their AWS footprint so that customers in South America experience lower latency when accessing their platform. Which AWS infrastructure concept should they leverage?
Question 3: A global e-commerce company wants to expand their AWS footprint so that customers in South America experience lower latency when accessing their platform. Which AWS infrastructure concept should they leverage?
- A) Deploy to additional Availability Zones within the us-east-1 Region
- B) Launch a new AWS Region in South America (e.g., sa-east-1)
- C) Use more Edge Locations in existing Regions
- D) Increase the instance size of existing EC2 servers in us-east-1
sa-east-1) allows companies to serve South American customers from a local Region rather than routing traffic internationally to North America. Availability Zones are within the same Region — adding more AZs in us-east-1 does not reduce geographic latency for South American users. Edge Locations cache content via CloudFront but are not full compute Regions. Larger instances improve processing speed, not geographic network latency.Question 4: A media company wants to launch their streaming service in five new countries simultaneously. Their on-premises infrastructure would take months and millions of dollars to expand globally. Which AWS advantage most directly addresses this business goal?
Question 4: A media company wants to launch their streaming service in five new countries simultaneously. Their on-premises infrastructure would take months and millions of dollars to expand globally. Which AWS advantage most directly addresses this business goal?
- A) Trade capital expense for variable expense
- B) Benefit from massive economies of scale
- C) Go global in minutes
- D) Stop guessing about infrastructure capacity
Question 5: A cloud architect reviews an application and finds that it provisions large EC2 instances 24/7 even though CPU utilization rarely exceeds 10%. The architect recommends rightsizing to smaller instance types. Which AWS Well-Architected Framework pillar guides this recommendation?
Question 5: A cloud architect reviews an application and finds that it provisions large EC2 instances 24/7 even though CPU utilization rarely exceeds 10%. The architect recommends rightsizing to smaller instance types. Which AWS Well-Architected Framework pillar guides this recommendation?
- A) Reliability
- B) Security
- C) Cost Optimization
- D) Operational Excellence
Domain 2: Security & Compliance (6 Questions)
Question 6: A company needs to give an EC2 instance permission to read objects from a specific S3 bucket. A junior developer suggests creating an IAM User, generating access keys, and storing them in the application. What is the AWS-recommended approach instead?
Question 6: A company needs to give an EC2 instance permission to read objects from a specific S3 bucket. A junior developer suggests creating an IAM User, generating access keys, and storing them in the application. What is the AWS-recommended approach instead?
- A) Store the IAM User access keys in the EC2 instance’s environment variables
- B) Attach an IAM Role to the EC2 instance with a policy that grants read access to the specific S3 bucket
- C) Make the S3 bucket publicly readable so the EC2 instance doesn’t need credentials
- D) Create an IAM Group for EC2 instances and add the EC2 instance as a member
Question 7: A security engineer needs to scan Amazon EC2 instances and container images in Amazon ECR for known software vulnerabilities and unintended network exposure. Which AWS service is purpose-built for this type of vulnerability assessment?
Question 7: A security engineer needs to scan Amazon EC2 instances and container images in Amazon ECR for known software vulnerabilities and unintended network exposure. Which AWS service is purpose-built for this type of vulnerability assessment?
- A) Amazon GuardDuty
- B) AWS Macie
- C) Amazon Inspector
- D) AWS Shield Advanced
Question 8: A company processes credit card transactions and needs to provide their compliance team with documentation proving that AWS meets PCI DSS requirements for the infrastructure components AWS manages. Which service provides this documentation?
Question 8: A company processes credit card transactions and needs to provide their compliance team with documentation proving that AWS meets PCI DSS requirements for the infrastructure components AWS manages. Which service provides this documentation?
- A) Amazon GuardDuty compliance reports
- B) AWS Trusted Advisor security checks
- C) AWS Artifact compliance reports
- D) AWS Config conformance packs
Question 9: A company wants to archive records for exactly 7 years to comply with financial regulations. The data is never accessed during this period, and they need the absolute lowest storage cost available. Which S3 storage class should they use?
Question 9: A company wants to archive records for exactly 7 years to comply with financial regulations. The data is never accessed during this period, and they need the absolute lowest storage cost available. Which S3 storage class should they use?
- A) S3 Standard-IA
- B) S3 Glacier Flexible Retrieval
- C) S3 Glacier Deep Archive
- D) S3 One Zone-IA
Question 10: A company has 20 AWS accounts across different business units. They want to ensure no account can create EC2 instances outside of the us-east-1 and eu-west-1 regions, regardless of the IAM permissions in those accounts. How can they enforce this?
Question 10: A company has 20 AWS accounts across different business units. They want to ensure no account can create EC2 instances outside of the us-east-1 and eu-west-1 regions, regardless of the IAM permissions in those accounts. How can they enforce this?
- A) Apply IAM boundary policies to every IAM user across all 20 accounts manually
- B) Use AWS Organizations with a Service Control Policy (SCP) that denies EC2 actions in all regions except us-east-1 and eu-west-1
- C) Enable AWS Config rules to detect and remediate EC2 instances launched in unapproved regions
- D) Use Amazon GuardDuty to block EC2 launches in unapproved regions
aws:RequestedRegion condition key) to block EC2 actions in all regions except the approved ones. Because SCPs act as the maximum permission boundary, no IAM policy in any member account can override them. AWS Config can detect violations after the fact but cannot preventively block actions. GuardDuty detects threats but doesn’t enforce resource policies.Question 11: A company wants to identify which IAM users in their account do not have MFA enabled — a critical security oversight. Which AWS tool surfaces this information in a centralized dashboard without requiring custom scripts?
Question 11: A company wants to identify which IAM users in their account do not have MFA enabled — a critical security oversight. Which AWS tool surfaces this information in a centralized dashboard without requiring custom scripts?
- A) AWS CloudTrail — filter for MFA-related events
- B) AWS IAM Credential Report
- C) AWS Trusted Advisor — Security checks
- D) Amazon Inspector — IAM assessment
Domain 3: Technology & Services (7 Questions)
Question 12: A startup wants to build a mobile app backend that automatically scales with user demand, handles HTTP requests, and runs custom business logic — all without provisioning or managing any servers. Which combination of AWS services best meets this requirement?
Question 12: A startup wants to build a mobile app backend that automatically scales with user demand, handles HTTP requests, and runs custom business logic — all without provisioning or managing any servers. Which combination of AWS services best meets this requirement?
- A) Amazon EC2 + Elastic Load Balancer
- B) AWS Lambda + Amazon API Gateway
- C) AWS Elastic Beanstalk + Amazon RDS
- D) Amazon ECS + AWS Fargate
Question 13: A retail company needs to replicate terabytes of on-premises file server data to AWS on an ongoing basis over their existing internet connection, while keeping the local file server fully functional for their staff. Which AWS service provides this hybrid storage connectivity?
Question 13: A retail company needs to replicate terabytes of on-premises file server data to AWS on an ongoing basis over their existing internet connection, while keeping the local file server fully functional for their staff. Which AWS service provides this hybrid storage connectivity?
- A) AWS Snowball Edge
- B) AWS DataSync
- C) AWS Storage Gateway
- D) Amazon S3 Transfer Acceleration
Question 14: A development team wants to store their application source code in a managed, version-controlled repository on AWS, and automatically build, test, and deploy the code to production whenever changes are pushed. Which AWS services should they use?
Question 14: A development team wants to store their application source code in a managed, version-controlled repository on AWS, and automatically build, test, and deploy the code to production whenever changes are pushed. Which AWS services should they use?
- A) Amazon S3 + AWS Lambda
- B) AWS CodeCommit + AWS CodePipeline
- C) AWS CloudFormation + AWS OpsWorks
- D) Amazon ECR + AWS ECS
Question 15: A company's web application serves users across North America, Europe, and Asia-Pacific. Users in Asia are reporting significantly higher page load times compared to users in North America, where the origin servers are located. Which AWS service will most effectively reduce latency for the Asian users?
Question 15: A company's web application serves users across North America, Europe, and Asia-Pacific. Users in Asia are reporting significantly higher page load times compared to users in North America, where the origin servers are located. Which AWS service will most effectively reduce latency for the Asian users?
- A) Deploy additional EC2 instances in the us-east-1 Region
- B) Use Amazon CloudFront with edge locations in Asia-Pacific
- C) Upgrade the origin EC2 instances to a larger instance type
- D) Enable Amazon Route 53 Latency-Based Routing
Question 16: A financial institution needs a consistent, low-latency, high-bandwidth private network connection between their on-premises data center and AWS — without data traveling over the public internet. Which AWS service provides this dedicated physical connection?
Question 16: A financial institution needs a consistent, low-latency, high-bandwidth private network connection between their on-premises data center and AWS — without data traveling over the public internet. Which AWS service provides this dedicated physical connection?
- A) AWS Site-to-Site VPN
- B) Amazon CloudFront
- C) AWS Direct Connect
- D) AWS PrivateLink
Question 17: A company runs a read-heavy application backed by Amazon DynamoDB. They are experiencing latency in the milliseconds range but need sub-millisecond response times for frequently accessed data. Which AWS service should they add to their architecture?
Question 17: A company runs a read-heavy application backed by Amazon DynamoDB. They are experiencing latency in the milliseconds range but need sub-millisecond response times for frequently accessed data. Which AWS service should they add to their architecture?
- A) Amazon ElastiCache for Redis in front of DynamoDB
- B) Amazon DynamoDB Accelerator (DAX)
- C) Amazon RDS Read Replicas
- D) Amazon CloudFront with DynamoDB as the origin
Question 18: A company wants to run containerized applications at scale without managing the underlying EC2 instances or clusters. They want to define their containers and let AWS handle the infrastructure entirely. Which AWS service meets this requirement?
Question 18: A company wants to run containerized applications at scale without managing the underlying EC2 instances or clusters. They want to define their containers and let AWS handle the infrastructure entirely. Which AWS service meets this requirement?
- A) Amazon ECS with EC2 launch type
- B) Amazon ECR
- C) AWS Fargate
- D) Amazon EKS with self-managed node groups
Domain 4: Billing & Support (2 Questions)
Question 19: A company wants to receive an email notification as soon as their AWS monthly spend is forecasted to exceed $500. Which AWS service and feature should they configure?
Question 19: A company wants to receive an email notification as soon as their AWS monthly spend is forecasted to exceed $500. Which AWS service and feature should they configure?
- A) AWS Cost Explorer — set a monthly report threshold
- B) AWS Budgets — create a cost budget with a forecasted spend alert at $500
- C) Amazon CloudWatch — create a billing alarm at $500
- D) AWS Trusted Advisor — enable cost optimization notifications
Question 20: A company with a complex, distributed microservices architecture on AWS is experiencing an intermittent production outage. They need to get on the phone with AWS support engineers within 15 minutes and have a designated Technical Account Manager (TAM). Which support plan do they require?
Question 20: A company with a complex, distributed microservices architecture on AWS is experiencing an intermittent production outage. They need to get on the phone with AWS support engineers within 15 minutes and have a designated Technical Account Manager (TAM). Which support plan do they require?
- A) AWS Developer Support
- B) AWS Business Support
- C) AWS Enterprise On-Ramp Support
- D) AWS Enterprise Support
