AWS Cloud Practitioner (CLF-C02) Exam Cheat Sheet — 2026

> One-page quick reference for exam day | citadelcloudmanagement.com

---

Exam Overview

• Code: CLF-C02 | Questions: 65 | Time: 90 minutes | Passing: 700/1000
• Format: Multiple choice + multiple response | Cost: $100 USD

---

Domain 1: Cloud Concepts (24%)

Cloud Value Proposition

• 6 advantages: trade CapEx for OpEx, massive economies of scale, stop guessing capacity, increase speed/agility, stop spending money on data centers, go global in minutes
• Well-Architected Framework pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability

Cloud Architecture Principles

• Design for failure (everything fails eventually)
• Decouple components (loose coupling via SQS, SNS)
• Think parallel (horizontal scaling > vertical scaling)
• Elasticity: scale up AND down automatically

Cloud Deployment Models

• Public cloud (AWS), Private cloud (on-premises), Hybrid (AWS Outposts, VPN, Direct Connect)
• Multi-region = disaster recovery; Multi-AZ = high availability

---

Domain 2: Security and Compliance (30%)

Shared Responsibility Model (memorize this)

• AWS: security OF the cloud (hardware, networking, facilities, hypervisor)
• Customer: security IN the cloud (data, OS patching, firewall rules, IAM, encryption)

IAM (Identity and Access Management)

• Root account: use only for billing, enable MFA immediately
• Users, Groups, Roles, Policies (JSON documents)
• Least privilege principle: grant minimum permissions needed
• IAM is global (not region-specific)

Key Security Services

• AWS Shield: DDoS protection (Standard = free, Advanced = paid)
• AWS WAF: web application firewall, filter HTTP traffic
• Amazon GuardDuty: threat detection using ML
• AWS Inspector: automated vulnerability scanning for EC2/ECR
• AWS Macie: discovers and protects sensitive data (PII) in S3
• CloudTrail: logs ALL API calls (who did what, when)
• AWS Config: tracks resource configuration changes over time
• Security Hub: centralized security findings dashboard

Compliance

• AWS Artifact: access AWS compliance reports (SOC, PCI, HIPAA)
• Shared responsibility means compliance is shared too

---

Domain 3: Cloud Technology and Services (34%)

Compute

• EC2: virtual servers (On-Demand, Reserved, Spot, Dedicated)
• Lambda: serverless, pay per invocation, max 15 min runtime
• ECS/EKS: container orchestration (Docker/Kubernetes)
• Elastic Beanstalk: PaaS, deploy apps without managing infrastructure
• Lightsail: simple VPS for small workloads

Storage

• S3: object storage, 11 9s durability, storage classes (Standard, IA, Glacier, Deep Archive)
• EBS: block storage for EC2 (like a hard drive)
• EFS: managed file system, shared across EC2 instances
• S3 Glacier: archive storage, retrieval in minutes to hours

Database

• RDS: managed relational DB (MySQL, PostgreSQL, Aurora)
• DynamoDB: managed NoSQL, single-digit ms latency, serverless option
• Aurora: AWS-built, 5x faster than MySQL, 3x faster than PostgreSQL
• Redshift: data warehouse for analytics
• ElastiCache: in-memory caching (Redis, Memcached)

Networking

• VPC: your private network in AWS
• Subnets: public (internet-facing) vs private (internal)
• Security Groups: instance-level firewall (stateful)
• NACLs: subnet-level firewall (stateless)
• Route 53: DNS service
• CloudFront: CDN, edge locations worldwide
• Direct Connect: dedicated physical connection to AWS

Other Key Services

• CloudFormation: infrastructure as code (JSON/YAML templates)
• CloudWatch: monitoring, logs, alarms, dashboards
• SNS: push notifications (pub/sub)
• SQS: message queuing (decoupling)
• Trusted Advisor: best practice recommendations (cost, security, performance)

---

Domain 4: Billing, Pricing, and Support (12%)

Pricing Models

• On-Demand: pay by the hour/second, no commitment
• Reserved Instances: 1 or 3 year commitment, up to 72% discount
• Spot Instances: up to 90% discount, can be interrupted
• Savings Plans: flexible pricing across compute services

Free Tier

• 12 months free: EC2 t2.micro (750 hrs/mo), S3 (5 GB), RDS (750 hrs)
• Always free: Lambda (1M requests/mo), DynamoDB (25 GB)

Billing Tools

• AWS Budgets: set custom cost/usage budgets with alerts
• Cost Explorer: visualize and analyze spending over time
• Pricing Calculator: estimate costs before deploying
• Cost and Usage Report: most detailed billing data
• Organizations: consolidated billing across multiple accounts

Support Plans

• Basic: free, documentation + forums
• Developer: $29/mo, email support
• Business: $100/mo, 24/7 phone, 1-hour response for production down
• Enterprise: $15K/mo, TAM, 15-minute response for critical

---

Exam Tips

1. Shared Responsibility Model appears in 5-8 questions — know it cold
2. If a question mentions "serverless," think Lambda, DynamoDB, S3, Fargate
3. "Cost optimization" questions: look for Reserved Instances, Spot, or right-sizing
4. "High availability" = Multi-AZ; "Disaster recovery" = Multi-Region
5. When in doubt between two AWS services, pick the managed/serverless option

---

*Get the full study guide and 17 free courses at citadelcloudmanagement.com*