AWS Certified Cloud Practitioner

Here you have the best Amazon CLF-C02 practice exam questions

You have 719 total questions to study from
Each page has 5 questions, making a total of 144 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on November 1, 2025
This site is not affiliated with or endorsed by Amazon.

Question 1 of 719

A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud.
Which activities related to a Snowball Edge device are available to the company at no cost?

Use of the Snowball Edge appliance for a 10-day period

The transfer of data out of Amazon S3 and to the Snowball Edge appliance

The transfer of data from the Snowball Edge appliance into Amazon S3

Daily use of the Snowball Edge appliance after 10 days

Correct Answer: A

The company can use the Snowball Edge appliance without incurring costs for up to a 10-day period. AWS generally includes 10 days of usage in their service fee for the Snowball Edge device. This means that there will be no additional charge for the first 10 days of use. Other activities, like daily use beyond the 10-day period and data transfer out of Amazon S3, typically incur additional charges. Therefore, using the device for 10 days is a cost-free activity for the company.

Question 2 of 719

A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices.
Which AWS service can the company use to meet these requirements?

AWS Trusted Advisor

Amazon Inspector

AWS Config

Amazon GuardDuty

Correct Answer: B

Amazon Inspector is specifically designed to assess the security of applications deployed on Amazon EC2 instances. It identifies vulnerabilities and deviations from best practices, providing detailed findings that help improve the security posture of your applications. This makes it the most suitable service for the company's need to assess application vulnerabilities and identify infrastructure deployments that do not meet best practices.

Question 3 of 719

A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally.
What is the MOST operationally efficient AWS solution for this scenario?

Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.

Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.

Move each user’s working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user.

Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.

Correct Answer: B

To extend file storage capabilities while retaining local performance benefits, deploying an AWS Storage Gateway file gateway is the most operationally efficient solution. This enables seamless extension of on-premises file storage into the AWS Cloud, providing low-latency access to data stored in Amazon S3, and maintaining the performance benefit of local access. It also centralizes storage management and simplifies administration, eliminating the need for individual S3 buckets for each user.

Question 4 of 719

According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?

Hard code an IAM user’s secret key and access key directly in the application, and upload the file.

Store the IAM user’s secret key and access key in a text file on the EC2 instance, read the keys, then upload the file.

Have the EC2 instance assume a role to obtain the privileges to upload the file.

Modify the S3 bucket policy so that any service can upload to it at any time.

Correct Answer: C

According to security best practices, the most secure way to give an Amazon EC2 instance access to an Amazon S3 bucket is by having the EC2 instance assume a role to obtain the necessary privileges. This method employs AWS Identity and Access Management (IAM) roles to grant temporary permissions to the instance. This approach is preferred because it eliminates the need to hard code or store access keys directly on the instance or in application code, thereby reducing the risk of credential exposure and adhering to the principle of least privilege. By assuming a role, the EC2 instance is granted only the permissions it needs for a limited duration, enhancing overall security.

Question 5 of 719

Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?

Physical security of DynamoDB

Patching of DynamoDB

Access to DynamoDB tables

Encryption of data at rest in DynamoDB

Correct Answer: C

Under the AWS Shared Responsibility Model, AWS is responsible for the physical security, patching, and encryption of data at rest in DynamoDB. The customer is responsible for managing access to their DynamoDB tables, which includes defining permissions, roles, and policies to control who can access the tables and what actions they can perform. This involves setting up appropriate IAM policies and roles to restrict access to authorized users and applications.