AWS Certified Cloud Practitioner (CLF-C02) #10: Full-Scale Mock Exam — 50 Questions with Explanations

19 min read

This is the checkpoint that verifies whether everything from #1 through #9 is actually in your head. The 50 questions below match the domain weights of the real exam.

How to take it #

  • Work through it in 60–75 minutes (the real exam is 65 questions in 90 minutes; this mock is sized for 50)
  • Answer one question at a time without peeking at the explanation; grade everything at the end
  • 36+ correct (72%) puts you in safe passing territory
  • If a domain stands out as weak, loop back to that post and review

Domain distribution #

DomainQuestionsRange
Domain 1 — Cloud Concepts (24%)12Q1 – Q12
Domain 2 — Security and Compliance (30%)15Q13 – Q27
Domain 3 — Cloud Technology (34%)17Q28 – Q44
Domain 4 — Billing and Support (12%)6Q45 – Q50

Domain 1 — Cloud Concepts #

Q1. A company wants to stop operating its own data center and pay only for what it uses. Which cloud value proposition does this match?
Q2. What is the biggest reason AWS has been able to lower prices year over year?
Q3. Which of the following is NOT one of the six pillars of the Well-Architected Framework?
Q4. A company is planning a cloud skills development program for its employees. Which AWS Cloud Adoption Framework perspective does this fall under?
Q5. Why does an EC2 instance only show up in the region where it was created?
Q6. Which part of the AWS global infrastructure should you use to deliver video to users worldwide quickly?
Q7. Which of the following is an example of IaaS?
Q8. Which deployment model keeps part of a data center on-premises and runs the rest on AWS?
Q9. What do you call the property where Auto Scaling automatically grows and shrinks resources to match demand?
Q10. Which of the following is NOT one of the four criteria for selecting a region?
Q11. Which option is closest to a best practice for the Operational Excellence pillar?
Q12. Among the six benefits of AWS Cloud, which is closest in meaning to “Stop guessing capacity”?

Domain 2 — Security and Compliance #

Q13. Which of the following is AWS’s responsibility?
Q14. Code running on an EC2 instance needs to access S3. What is the recommended way to manage credentials?
Q15. Which of the following is a best practice for the AWS root user?
Q16. Which service do you use to track who called which API and when?
Q17. How do you automatically check that an S3 bucket always has public access blocked?
Q18. Where do you download AWS’s SOC 2 compliance reports?
Q19. Which service automatically scans the OS and applications on an EC2 instance for known CVE vulnerabilities?
Q20. Which service automatically identifies sensitive data such as PII or credit card numbers in data stored in S3?
Q21. Which service protects web applications against L7 attacks such as SQL injection and XSS?
Q22. Which AWS service includes DDoS protection at no additional charge by default?
Q23. Which service consolidates billing across multiple AWS accounts and lets you manage permissions in one place?
Q24. How do you prevent every account in a specific OU from using the EC2 service?
Q25. Which is the standard AWS service for managing the keys used to encrypt data at rest?
Q26. Which AWS service supports automatic rotation of database passwords?
Q27. Which of the following are always the customer’s responsibility? (Choose TWO)

Domain 3 — Cloud Technology and Services #

Q28. What is the most suitable compute service for automatically generating a thumbnail every time an image is uploaded to an S3 bucket?
Q29. You want to use Lambda for a data processing job that runs for 3 hours. Is that possible?
Q30. Multiple Linux EC2 instances need concurrent read/write access to the same files. Which storage should you use?
Q31. What is the cheapest S3 class for storing data subject to a 7-year legal retention requirement?
Q32. How do you apply automatic cost optimization to data with irregular and unpredictable access patterns?
Q33. Which firewall controls inbound traffic at the level of an individual EC2 instance?
Q34. Which load balancer routes HTTP traffic to different backends by path?
Q35. How do you connect an on-premises data center to AWS with consistent bandwidth and low latency without going over the internet?
Q36. Which service lets you manage domain registration and DNS in one place and also supports health checks and failover?
Q37. You need a serverless NoSQL database with single-digit millisecond response times. Which service?
Q38. Which database is best for loading years of sales data and running large-scale analytics with a BI tool?
Q39. How do you cache frequently queried data in memory to take load off the database?
Q40. How do you use standard Kubernetes while offloading the management overhead to AWS?
Q41. How do you serve static images, CSS, and JS quickly to users worldwide with caching?
Q42. How do you connect dozens of VPCs and on-premises networks together through a hub?
Q43. Which service automatically provisions EC2, ELB, and Auto Scaling when you upload your code as a zip file?
Q44. How do you consolidate the findings from multiple security services (GuardDuty, Inspector, Macie) onto a single dashboard?

Domain 4 — Billing, Pricing, and Support #

Q45. You plan to run EC2 steadily for 3 years and want the maximum discount. Which pricing model is best?
Q46. What is the cheapest EC2 pricing model for a batch workload that tolerates interruption?
Q47. You need a 15-minute response time for production-down incidents and a dedicated TAM. Which Support Plan?
Q48. How do you estimate the projected cost of the next 12 months before adopting AWS?
Q49. How do you split the bill by department when multiple teams use the same AWS account?
Q50. What is the cheapest Support Plan that gives you access to the full set of Trusted Advisor checks?

Scoring #

Total Score
Correct 0 / 0
Answered 0 / 0
Score rangeVerdictNext step
45+ (90%+)Very stable. Head to the test centerBook the exam
36–44 (72–88%)Passing zone. One more loop on weak domainsRe-read weak-domain posts #2–#8
28–35 (56–70%)Not there yet. Focused study on weak domainsTwo weak domains plus another mock
27 or fewerNeed another full loopRe-read the entire series

Per-domain score analysis #

Count correct answers per domain to find your weak spots.

DomainQuestionsTarget (72%)Review if short
Domain 1 (Q1–Q12)129+#2 , #3
Domain 2 (Q13–Q27)1511+#4 , #5
Domain 3 (Q28–Q44)1713+#6 , #7
Domain 4 (Q45–Q50)65+#8

If you didn’t clear the passing line #

  • Look at the per-domain score and start with the weakest domain
  • Re-read that post in the series, focusing on tables, mappings, and the trap sections
  • Try external mocks from Tutorials Dojo or AWS Skill Builder to see different question patterns
  • Retake this mock about a week later to check progress

If you cleared the passing line #

  • Skim the #9 compressed checklist one last time
  • Register for the exam (AWS Certification portal)
  • Pick an exam date within the next 1–2 weeks while study momentum is still high
  • Right before the exam, walk through the “30-minute pre-exam checklist” in #9

After CLF-C02 #

Tracks that flow naturally on from CLF-C02:

CertificationFormatNotes
SAA-C03 (Solutions Architect Associate)130 min / 65 questionsThe most popular. Architecture design
DVA-C02 (Developer Associate)130 min / 65 questionsDeveloper angle (Lambda, DynamoDB, API Gateway)
SOA-C02 (SysOps Administrator Associate)180 min / includes labOperator angle

The vocabulary from CLF-C02 is the foundation for all three Associate exams. If you want to add another track, the natural ordering is dev background → DVA-C02, architecture/infra → SAA-C03, ops/SRE → SOA-C02.

Series wrap-up #

The 10 posts of the CLF-C02 series are done. What this series built:

  • #1 — Exam structure and study strategy
  • #2 — Domain 1 cloud concepts
  • #3 — Domain 1 Well-Architected 6 Pillars
  • #4 — Domain 2 shared responsibility model and IAM
  • #5 — Domain 2 compliance and encryption
  • #6 — Domain 3 compute and storage
  • #7 — Domain 3 networking and databases
  • #8 — Domain 4 billing and support
  • #9 — Exam tips and checklists
  • #10 — 50-question mock exam ← this post

If the 27-post AWS Basics track was the feel on top of the console, this series was the work of layering on the vocabulary that turns that feel into exam answers. After passing, the next step is the SAA-C03 (architecture) or DVA-C02 (developer) track — each will be a standalone series.

Good luck with the exam.

X