AWS Cloud Practitioner Services Overview: Free Practice Questions + Study Guide

What is AWS Cloud Practitioner?

The AWS Cloud Practitioner certification (CLF-C02) is the entry-level AWS certification designed for individuals who want to demonstrate a foundational understanding of the AWS Cloud. It is ideal for people in non-technical roles such as sales, management, and finance, as well as technical professionals beginning their cloud journey.

The exam covers four domains: Cloud Concepts (24%), Security and Compliance (30%), Cloud Technology and Services (34%), and Billing, Pricing, and Support (12%). Unlike the Solutions Architect or Developer certifications, the Cloud Practitioner does not require deep hands-on configuration knowledge -- instead, it tests your understanding of what each service does, when to use it, and how it fits into the broader AWS ecosystem.

This study guide focuses on the core AWS services you need to know for the CLF-C02 exam, organized by category: compute, storage, database, networking, and security. For each category, we cover the key services, their primary use cases, and important distinctions that appear on the exam.

Compute Services (EC2, Lambda, ECS)

AWS provides a range of AWS Compute services to run applications, from traditional virtual servers to fully serverless platforms. Understanding the differences between these services is critical for the Cloud Practitioner exam.

Amazon EC2 (Elastic Compute Cloud) is the foundational compute service in AWS. EC2 provides resizable virtual servers (instances) in the cloud, giving you full control over the operating system, networking, and storage. EC2 instance types are optimized for different workloads:

• General Purpose (T3, M5) -- balanced compute, memory, and networking for web servers and small databases
• Compute Optimized (C5, C6g) -- high-performance processors for batch processing, gaming servers, and scientific modeling
• Memory Optimized (R5, X1) -- large memory capacity for in-memory databases and real-time big data analytics
• Storage Optimized (I3, D2) -- high sequential read/write access for data warehousing and distributed file systems

AWS Lambda is a serverless compute service that runs your code in response to events without provisioning or managing servers. You pay only for the compute time consumed -- there is no charge when your code is not running. Lambda is ideal for event-driven architectures, such as processing S3 uploads, API Gateway requests, or DynamoDB stream events. Functions can run for up to 15 minutes per invocation.

Amazon ECS (Elastic Container Service) and AWS Fargate provide container orchestration. ECS lets you run Docker containers on a cluster of EC2 instances that you manage, while Fargate removes the need to manage the underlying infrastructure entirely -- you just define your containers and Fargate handles the rest.

AWS Elastic Beanstalk is a Platform-as-a-Service (PaaS) offering that handles deployment, capacity provisioning, load balancing, and auto-scaling for your applications. You simply upload your code and Elastic Beanstalk automatically handles the infrastructure. It supports Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker.

Storage Services (S3, EBS, EFS, Glacier)

AWS offers three primary storage types -- object storage, block storage, and file storage -- each designed for different use cases. Knowing when to use each is a common exam topic.

Amazon S3 (Simple Storage Service) is an object storage service with virtually unlimited capacity. S3 stores data as objects in buckets and is ideal for static websites, backups, data lakes, and media hosting. S3 offers multiple storage classes to optimize cost based on access frequency:

• S3 Standard -- frequently accessed data, 99.99% availability
• S3 Standard-IA -- infrequent access, lower storage cost with retrieval fees
• S3 Glacier Flexible Retrieval -- archival storage, retrieval in minutes to hours
• S3 Glacier Deep Archive -- lowest cost, retrieval in 12-48 hours

Amazon EBS (Elastic Block Store) provides block-level storage volumes for EC2 instances. Think of EBS as a virtual hard drive attached to your virtual server. EBS volumes persist independently from the EC2 instance lifecycle, and they can be snapshotted for backups. EBS is ideal for databases, boot volumes, and applications requiring low-latency access to data.

Amazon EFS (Elastic File System) is a fully managed, scalable NFS file system that can be mounted by multiple EC2 instances simultaneously across multiple Availability Zones. EFS is ideal for shared content repositories, development environments, and home directories.

S3 Glacier provides secure, durable, and extremely low-cost archival storage. Glacier is designed for data that is rarely accessed and where retrieval times of minutes to hours are acceptable. Glacier Deep Archive offers the lowest storage cost in AWS, with retrieval times of 12-48 hours.

Database Services (RDS, DynamoDB, Aurora)

AWS offers purpose-built database services so you can choose the right tool for each workload. The Cloud Practitioner exam tests your ability to match database types to use cases.

Amazon RDS (Relational Database Service) is a managed service that makes it easy to set up, operate, and scale relational databases in the cloud. RDS handles backups, patching, and replication. Supported engines include:

• MySQL
• PostgreSQL
• MariaDB
• Oracle
• Microsoft SQL Server
• Amazon Aurora

Amazon DynamoDB is a fully managed NoSQL database service that provides single-digit millisecond latency at any scale. DynamoDB is a key-value and document database ideal for gaming leaderboards, IoT data, session management, and any workload requiring consistent low-latency performance. It is serverless -- you do not provision or manage any servers.

Amazon Aurora is a MySQL and PostgreSQL-compatible relational database engine built for the cloud. Aurora delivers up to five times the throughput of standard MySQL and three times the throughput of standard PostgreSQL. It automatically grows storage as needed (up to 128 TB), replicates data across three Availability Zones, and provides automated failover.

Amazon Redshift is a fully managed data warehouse service designed for running complex analytical queries against petabytes of structured data. Redshift uses columnar storage and massively parallel processing (MPP) to deliver fast query performance on large datasets.

Networking Services (VPC, CloudFront, Route 53)

AWS Networking services provide the connectivity and content delivery infrastructure that underpins every AWS architecture. Understanding VPC, CloudFront, Route 53, and Direct Connect is essential for the exam.

Amazon VPC (Virtual Private Cloud) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. With VPC, you control your IP address ranges, subnets, route tables, and network gateways. You can create public subnets for internet-facing resources and private subnets for backend systems like databases.

Amazon CloudFront is a content delivery network (CDN) that caches your content at edge locations around the world, reducing latency for end users. CloudFront integrates with S3, EC2, Elastic Load Balancing, and Lambda@Edge to deliver static assets, APIs, and dynamic content with low latency and high transfer speeds.

Amazon Route 53 is a highly available and scalable DNS (Domain Name System) web service. Route 53 translates domain names into IP addresses, performs health checks, and supports routing policies including simple, weighted, latency-based, failover, and geolocation routing.

AWS Direct Connect provides a dedicated, private network connection from your on-premises data center to AWS. Direct Connect bypasses the public internet, providing more consistent network performance, lower latency, and higher bandwidth. It is commonly used for hybrid cloud architectures and large-scale data transfer.

Security and Identity (IAM, KMS, Shield)

Security is a top priority in AWS and represents 30% of the Cloud Practitioner exam. Understanding IAM, encryption, and protection services is critical.

AWS IAM (Identity and Access Management) controls who can access your AWS resources and what actions they can perform. IAM is free to use and is the foundation of AWS security:

• Users -- individual identities with long-term credentials (password + access keys)
• Groups -- collections of users with shared permissions (e.g., "Developers", "Admins")
• Roles -- temporary credentials assumed by users, applications, or AWS services (e.g., an EC2 instance accessing S3)
• Policies -- JSON documents that define permissions (allow/deny specific actions on specific resources)

AWS KMS (Key Management Service) lets you create and manage cryptographic keys used to encrypt your data across AWS services. KMS integrates with S3, EBS, RDS, and many other services to provide server-side encryption. All key usage is logged in CloudTrail for auditing.

AWS Shield provides managed DDoS (Distributed Denial-of-Service) protection. Shield Standard is automatically enabled for all AWS customers at no additional cost, protecting against common layer 3 and layer 4 attacks. Shield Advanced provides enhanced protection, real-time visibility, and 24/7 access to the AWS DDoS Response Team (DRT) for an additional fee.

AWS WAF (Web Application Firewall) protects web applications from common exploits such as SQL injection and cross-site scripting (XSS). WAF lets you create rules to filter web traffic based on IP addresses, HTTP headers, body content, or custom URI strings.

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior across your AWS accounts. GuardDuty analyzes CloudTrail logs, VPC Flow Logs, and DNS logs using machine learning to identify threats.

AWS Cloud Practitioner Services Practice Questions

Test your understanding with these 5 expert-created questions. Each includes a detailed explanation to reinforce your learning.