How many questions are on the exam and how long do I get?

65 questions in 90 minutes. Only 50 are scored; the other 15 are unscored trial questions that are not identified on the exam, so treat every question as if it counts.

What score do I need to pass?

700 on a scaled range of 100-1,000. It is reported simply as pass or fail. Because scoring is compensatory, you only need to clear the overall bar, not each domain.

Are there any hands-on or performance-based questions?

No. The CLF-C02 has only multiple choice (one correct answer of four) and multiple response (two or more correct out of five or more options). There are no labs or build tasks.

Do I need IT experience or any prerequisites?

There are no prerequisites. AWS suggests up to about 6 months of AWS exposure, but the exam is designed to be passable by people new to the cloud who may not have an IT background, provided they study the fundamentals.

How much does it cost?

USD $100. Earning any AWS Certification also gives you a 50% discount voucher toward your next AWS exam.

Does the certification expire?

Yes, it is valid for 3 years. You can recertify for free via AWS Cloud Quest: Recertify Cloud Practitioner, by retaking the exam, or simply by passing any Associate- or Professional-level AWS exam.

Which domain should I focus on most?

Cloud Technology and Services is the largest at 34%, followed by Security and Compliance at 30%. Together those two are 64% of your score, so prioritize core services and the shared responsibility model.

How to Pass AWS Certified Cloud Practitioner (CLF-C02)

A practical, no-fluff guide to passing AWS Certified Cloud Practitioner (CLF-C02) — the current exam format and domain weights, scoring and cost, a realistic study plan, and the highest-leverage strategy to pass.

Last reviewed June 7, 2026. Exam logistics change — always confirm current details on the official certification site before you book.

Take a timed mock exam →

The exam at a glance

The AWS Certified Cloud Practitioner (exam code CLF-C02) is AWS’s entry-level, foundational certification. It proves you understand the AWS Cloud broadly, without needing to code or design architecture.

65 questions total, but only 50 are scored. The other 15 are unscored trial questions mixed in and not identified, so treat every question as if it counts.
90 minutes to finish.
Two item types only: multiple choice (one correct answer of four) and multiple response (two or more correct of five+). There are no hands-on labs or performance-based questions.
Passing score: 700 on a scaled range of 100-1,000.
Fee: USD $100.
Valid for 3 years. Foundational certs do expire, but recertifying is easy (more below).

You can take it at a Pearson VUE test center or online with a proctor, in any of 13 languages.

How it is scored

Your result is simply pass or fail, reported as a scaled score from 100 to 1,000 with 700 to pass. Scaling lets AWS compare results fairly across different versions of the exam.

Two things work in your favor:

Compensatory scoring: you only need to clear the overall 700 bar. You do not have to pass each domain separately, so a weak area can be offset by a strong one.
No penalty for guessing. Unanswered questions are scored as incorrect, so never leave a question blank.

Because 15 questions don’t count and aren’t identified, don’t waste energy guessing which ones are “fake.” Answer them all.

Are you eligible, and what does it cost?

There are no prerequisites. Anyone can register and pay the $100 fee.

AWS recommends up to 6 months of exposure to the AWS Cloud, but this exam is genuinely designed for beginners, including people with no prior IT background. The following are explicitly out of scope: coding, designing cloud architecture, troubleshooting, implementation, and load/performance testing. You need breadth, not depth.

Bonus: earning any AWS Certification gives you a 50% discount voucher toward your next AWS exam, which makes this a smart first step if you plan to pursue an Associate-level cert later.

Build a realistic study plan

Most motivated beginners pass in 3-4 weeks of part-time study. Here is a workable rhythm:

Week 1 - Concepts and economics. Cover Cloud Concepts and Billing/Pricing/Support: the benefits of cloud, the AWS Well-Architected Framework, the AWS pricing model, Free Tier, Cost Explorer, Budgets, and the support plans.
Week 2 - Security and compliance. This is 30% of the exam. Master the shared responsibility model, IAM (users, groups, roles, MFA, policies), and services like Organizations, KMS, WAF, Shield, GuardDuty, and Artifact.
Week 3 - Core services. The biggest domain (34%). Learn the flagship compute, storage, database, and networking services and when to use each.
Week 4 - Practice and polish. Take full-length timed practice exams, review every wrong answer, and re-read weak spots. Aim to consistently score 80%+ on practice before booking.

Pair reading with a free course (AWS Skill Builder’s official Cloud Practitioner Essentials is excellent) and quiz yourself daily.

The exam mindset and highest-leverage strategy

This exam rewards recognition over recall. You rarely need deep configuration detail; you need to match a scenario to the right service or concept.

Prioritize by weight. Cloud Technology and Services (34%) plus Security and Compliance (30%) make up 64% of your score. If time is short, those two come first.
Learn the elevator pitch for each service. For every in-scope service, be able to say in one sentence “what it does and when you’d pick it.” That single skill answers most questions.
Eliminate distractors. Wrong answers are usually real AWS services used in the wrong context. Rule out the obviously off-topic options, then choose between what’s left.
Watch the clock loosely. 90 minutes for 65 questions is roughly 80 seconds each, which is generous. Flag tough ones, move on, and return.

Master the domains

Domain weights — spend your study time in proportion.

Cloud Concepts (24%). The value and benefits of cloud (trade capex for opex, elasticity, global reach), cloud economics, the AWS Well-Architected Framework’s pillars, and cloud migration concepts. Mostly conceptual.

Security and Compliance (30%). The single most important topic is the shared responsibility model: AWS secures of the cloud (hardware, global infrastructure), you secure in the cloud (your data, IAM, OS patching, configuration). Know IAM thoroughly, plus encryption (KMS), DDoS protection (Shield), web filtering (WAF), threat detection (GuardDuty), and where to find compliance reports (Artifact).

Cloud Technology and Services (34%). The broadest domain. Know AWS global infrastructure (Regions, Availability Zones, edge locations and how they deliver high availability), the main ways to interact with AWS (Console, CLI, SDKs, infrastructure as code), and the flagship services: EC2 and Lambda (compute), S3 and EBS (storage), RDS/Aurora and DynamoDB (databases), VPC and Route 53 (networking). Be able to pick the right one for a use case.

Billing, Pricing, and Support (12%). The smallest domain but easy points. Understand the pay-as-you-go model, EC2 pricing options (On-Demand, Reserved, Spot, Savings Plans), the Free Tier, cost tools (Cost Explorer, AWS Budgets, Cost and Usage Report), Organizations consolidated billing, and the AWS Support plans (Basic, Developer, Business, Enterprise On-Ramp, Enterprise).

Common pitfalls

Over-studying one area. Going deep on EC2 while ignoring billing or security loses easy points elsewhere.
Confusing security responsibilities. Mixing up what AWS secures versus what you secure is the classic trap.
Mixing up similar services. S3 vs EBS vs EFS, security groups vs network ACLs, and the support plans are frequent confusions; make crisp comparison notes.
Leaving questions blank. Wrong guesses cost nothing; blanks are scored as incorrect just like a wrong answer. Always pick something.
Relying only on brain dumps. They go stale and won’t teach you to reason through scenarios. Use reputable practice exams instead.

After you pass

Your certification is valid for 3 years. To recertify, you can do any one of:

Complete AWS Cloud Quest: Recertify Cloud Practitioner (game-based training, no exam required, free).
Pass the current version of the Cloud Practitioner exam again.
Pass any Associate- or Professional-level AWS exam, which also recertifies your Cloud Practitioner status.

That last point matters: the natural next step is an Associate certification (Solutions Architect Associate, Developer Associate, or SysOps Administrator Associate), and earning one keeps your foundational cert current automatically. Don’t forget the 50% discount voucher you earned.

The week before, and exam day

In the final week:

Take at least two full, timed practice exams and review every miss.
Re-read your notes on the shared responsibility model, support plans, EC2 pricing options, and S3 storage classes.
Stop cramming the night before; sleep matters more than one more topic.

On exam day:

Online proctored? Test your webcam, clear your desk and room, and have a valid photo ID ready. Test center? Arrive 15-30 minutes early with two forms of ID.
Do a quick first pass answering everything you know, flagging the hard ones.
Use your remaining time on flagged questions, then review flagged answers before submitting.
Answer every question. You’ll get your pass/fail on screen, with the official scaled score following by email.

You’ve got this. Cover the breadth, lean into the two heaviest domains, and trust your practice scores.

Quick-reference: exam tips by domain

Pulled from every term in this subject — a fast last-pass before exam day.

Cloud Technology and Services

Auto Scaling — Auto Scaling adds and removes instances; ELB distributes traffic across them.
Availability Zone — Deploy across multiple AZs to survive a single datacenter failure.
AWS CloudFormation — CloudFormation is AWS-native infrastructure as code using JSON or YAML templates.
Amazon CloudFront — CloudFront is the CDN that uses edge locations to speed up content delivery.
Amazon CloudWatch — CloudWatch monitors performance and health; CloudTrail logs who did what.
Amazon DynamoDB — DynamoDB is NoSQL and serverless; RDS is relational and instance-based.
Amazon EBS — EBS is block storage for one EC2 instance; S3 is object storage for the internet.
Amazon EC2 — EC2 is the core IaaS compute service where you control the OS.
Edge Location — Edge locations are far more numerous than Regions and serve cached content fast.
AWS Elastic Beanstalk — Beanstalk is PaaS-like — upload your code and AWS provisions the resources.
Elastic Load Balancing — ELB spreads load for availability; pair it with Auto Scaling and multiple AZs.
AWS Lambda — Lambda is serverless — you pay per request and duration, never for idle servers.
Amazon RDS — RDS is managed relational (SQL); DynamoDB is managed NoSQL.
AWS Region — Choose a Region for latency, cost, compliance, and service availability.
Amazon Route 53 — Route 53 is DNS plus health checks and routing policies — also registers domains.
Amazon S3 — S3 is object storage with storage classes from Standard to Glacier to optimize cost.
Amazon SNS — SNS pushes messages to many subscribers; SQS queues them for one consumer to pull.
Amazon SQS — SQS is a pull-based queue (one consumer); SNS is push-based pub/sub (many subscribers).
Amazon VPC — A VPC is your private network in AWS, with subnets, route tables, and gateways.

Security and Compliance

AWS Artifact — Artifact is where you download audit reports like SOC and PCI — the go-to for compliance evidence.
AWS CloudTrail — CloudTrail answers who did what and when; CloudWatch tracks how resources are performing.
Amazon Cognito — Cognito manages end-user identities for your apps; IAM manages access to AWS itself.
AWS Config — Config tracks resource configuration changes over time and checks them against rules.
Amazon GuardDuty — GuardDuty detects threats from logs; Inspector scans resources for vulnerabilities.
IAM — IAM is free and global; use users, groups, roles, and policies to grant least-privilege access.
IAM Policy — Policies follow least privilege; an explicit deny always overrides an allow.
IAM Role — Use roles instead of access keys for EC2 and other services — credentials rotate automatically.
Amazon Inspector — Inspector finds vulnerabilities in EC2, containers, and Lambda; GuardDuty detects active threats.
AWS KMS — KMS handles encryption keys; CloudHSM is the dedicated hardware option for stricter control.
Amazon Macie — Macie is about sensitive data (like PII) in S3; GuardDuty is about threats.
Multi-Factor Authentication — Always enable MFA on the root user — it is a top recommended security best practice.
Root User — Lock the root user away, enable MFA, and use IAM users or roles for daily work.
AWS Secrets Manager — Use Secrets Manager for automatic secret rotation rather than hardcoding credentials.
Shared Responsibility Model — AWS secures the cloud (hardware, facilities); you secure what is in the cloud (data, config, access).
AWS Shield — Shield Standard is free and automatic; Shield Advanced adds extra protection and support.
AWS WAF — WAF protects at the application layer (Layer 7); Shield protects against DDoS.

Cloud Concepts

Agility — Agility is about speed to deploy — spinning up resources in minutes, not weeks.
CapEx vs OpEx — The cloud shifts spending from CapEx to OpEx — a frequently tested distinction.
Cloud Computing — The cloud lets you rent IT resources instead of buying and maintaining your own datacenter.
Cost Optimization — Cost optimization is a Well-Architected pillar — right-size, use the right pricing model, and eliminate waste.
Economies of Scale — Massive economies of scale are why AWS can keep lowering prices over time.
Elasticity — Elasticity is automatic, dynamic scaling — think Auto Scaling responding to load.
High Availability — Spread workloads across multiple Availability Zones to achieve high availability.
IaaS — IaaS gives the most control and the most responsibility — EC2 is the classic AWS example.
PaaS — PaaS removes OS management — AWS Elastic Beanstalk and RDS lean toward this model.
Pay-As-You-Go — Pay-as-you-go is AWS's default pricing — you pay for what you use, when you use it.
Reliability — Reliability is one of the six pillars of the Well-Architected Framework.
SaaS — SaaS gives the least control and the least responsibility — you just use the app.
Scalability — Scaling up adds power to one resource; scaling out adds more instances — the cloud-native way.
Well-Architected Framework — Memorize the six pillars: operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability.

Billing, Pricing, and Support

Billing Dashboard — The Billing Dashboard is the quick at-a-glance summary; Cost Explorer is the deep-dive tool.
AWS Budgets — Budgets is proactive (alerts before overspend); Cost Explorer is analytical (reviews past spend).
Consolidated Billing — Consolidated billing can lower costs through aggregated volume and shared discounts.
AWS Control Tower — Control Tower automates landing-zone setup on top of AWS Organizations.
AWS Cost Explorer — Cost Explorer analyzes past spend; the Pricing Calculator estimates future spend.
AWS Marketplace — Marketplace purchases appear on your AWS bill, simplifying procurement.
On-Demand Pricing — On-Demand has no commitment but the highest per-hour price — good for spiky or short-term needs.
AWS Organizations — Organizations enables consolidated billing and service control policies across accounts.
AWS Pricing Calculator — Pricing Calculator = estimate before; Cost Explorer = analyze after.
Reserved Instances — Reserved Instances suit steady, predictable workloads; Spot suits flexible, interruptible ones.
Savings Plans — Savings Plans are more flexible than Reserved Instances but both reward commitment with discounts.
Spot Instances — Spot is cheapest but interruptible — use it for fault-tolerant, flexible workloads.
AWS Support Plans — Enterprise adds a Technical Account Manager and the fastest response times; Basic is free.
Total Cost of Ownership — TCO compares on-premises costs against running the same workloads on AWS.
AWS Trusted Advisor — Trusted Advisor checks cost, performance, security, fault tolerance, and service limits.

Frequently asked questions

How many questions are on the exam and how long do I get?: 65 questions in 90 minutes. Only 50 are scored; the other 15 are unscored trial questions that are not identified on the exam, so treat every question as if it counts.
What score do I need to pass?: 700 on a scaled range of 100-1,000. It is reported simply as pass or fail. Because scoring is compensatory, you only need to clear the overall bar, not each domain.
Are there any hands-on or performance-based questions?: No. The CLF-C02 has only multiple choice (one correct answer of four) and multiple response (two or more correct out of five or more options). There are no labs or build tasks.
Do I need IT experience or any prerequisites?: There are no prerequisites. AWS suggests up to about 6 months of AWS exposure, but the exam is designed to be passable by people new to the cloud who may not have an IT background, provided they study the fundamentals.
How much does it cost?: USD $100. Earning any AWS Certification also gives you a 50% discount voucher toward your next AWS exam.
Does the certification expire?: Yes, it is valid for 3 years. You can recertify for free via AWS Cloud Quest: Recertify Cloud Practitioner, by retaking the exam, or simply by passing any Associate- or Professional-level AWS exam.
Which domain should I focus on most?: Cloud Technology and Services is the largest at 34%, followed by Security and Compliance at 30%. Together those two are 64% of your score, so prioritize core services and the shared responsibility model.

Sources

AWS Certified Cloud Practitioner - official certification page — Amazon Web Services
AWS Certified Cloud Practitioner (CLF-C02) Exam Guide - official online documentation — Amazon Web Services
CLF-C02 Exam Guide - Content Domain 3: Cloud Technology and Services (34%) — Amazon Web Services
CLF-C02 Exam Guide - In-Scope AWS Services (lists 'Amazon SageMaker AI') — Amazon Web Services
AWS Certification Recertification policy — Amazon Web Services