Real exam-style questions covering cloud concepts, AWS core services, security, pricing, billing, and the shared responsibility model for the CLF-C02 certification.
Cloud computing is the on-demand delivery of IT resources (compute, storage, databases, networking, software) over the internet with pay-as-you-go pricing. Instead of owning and maintaining physical data centers, you access technology services from a cloud provider like AWS.
The Shared Responsibility Model divides security responsibilities between AWS and the customer. AWS is responsible for security OF the cloud (hardware, software, networking, facilities). The customer is responsible for security IN the cloud (data, identity management, OS configuration, network/firewall settings, encryption).
An AWS Region is a physical location in the world where AWS has multiple data centers (Availability Zones). Each Region is completely independent and isolated from other Regions. Examples: us-east-1 (N. Virginia), eu-west-1 (Ireland), ap-southeast-1 (Singapore). Choose a Region based on latency, compliance, and service availability.
An Availability Zone is one or more discrete data centers within an AWS Region, each with redundant power, networking, and connectivity. AZs are physically separated but connected with low-latency links. Deploying across multiple AZs provides high availability and fault tolerance.
Edge locations are AWS data center endpoints used by CloudFront (CDN) and Route 53 to cache content closer to end users. There are more edge locations than Regions. They reduce latency for global users by serving cached content from the nearest location.
Amazon EC2 (Elastic Compute Cloud) provides resizable virtual servers (instances) in the cloud. You choose the instance type (CPU, memory, storage), OS, and configuration. EC2 is IaaS - you manage the OS and above. Use cases: web servers, application servers, batch processing.
Amazon S3 (Simple Storage Service) is object storage with unlimited capacity. Objects are stored in buckets. S3 provides 99.999999999% (11 nines) durability. Use cases: backup and restore, static website hosting, data lakes, media storage. S3 is not a file system - it stores objects (files + metadata) accessed via HTTP.
Amazon RDS (Relational Database Service) is a managed relational database service. AWS handles provisioning, patching, backup, recovery, and scaling. Supported engines: MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Amazon Aurora. You manage the database schema and data; AWS manages the infrastructure.
Amazon DynamoDB is a fully managed, serverless NoSQL key-value and document database. It provides single-digit millisecond performance at any scale. DynamoDB automatically scales capacity up and down. Use cases: gaming, IoT, mobile apps, real-time leaderboards. No servers to manage.
Amazon VPC (Virtual Private Cloud) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network you define. You control IP address ranges, subnets, route tables, and network gateways. VPC is the networking foundation for most AWS services.
An Internet Gateway (IGW) is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. It serves two purposes: provides a target in route tables for internet-routable traffic, and performs NAT for instances with public IP addresses.
AWS IAM (Identity and Access Management) enables you to manage access to AWS services and resources securely. You create users, groups, roles, and policies. IAM is global (not region-specific). Key principle: grant least privilege - give only the permissions needed to perform a task.
An IAM Policy is a JSON document that defines permissions. It specifies what actions are allowed or denied on which AWS resources. Types: AWS managed policies (pre-built by AWS), customer managed policies (you create), and inline policies (embedded directly in a user/group/role).
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
}]
}AWS CloudTrail records API calls and account activity across your AWS infrastructure. It provides event history for auditing, compliance, and security analysis. CloudTrail logs who made a request, what service was called, when it happened, and from where. Enabled by default for 90 days; create a trail for longer retention.
Amazon CloudWatch is a monitoring and observability service. It collects metrics, logs, and events from AWS resources and applications. Use CloudWatch to: set alarms (e.g., CPU > 80%), create dashboards, trigger auto-scaling, and analyze logs. CloudWatch Logs stores application and system logs.
AWS Trusted Advisor is an online tool that provides real-time guidance to help you provision resources following AWS best practices. It checks across five categories: Cost Optimization, Performance, Security, Fault Tolerance, and Service Limits. Basic and Developer support plans get limited checks; Business and Enterprise get all checks.
The AWS Well-Architected Framework provides best practices for building secure, high-performing, resilient, and efficient infrastructure. It has six pillars:
Amazon Route 53 is a highly available and scalable DNS (Domain Name System) web service. It translates domain names to IP addresses. Route 53 also provides domain registration, health checking, and traffic routing policies (simple, weighted, latency-based, failover, geolocation).
Amazon CloudFront is a fast content delivery network (CDN) service. It delivers data, videos, applications, and APIs globally with low latency by caching content at edge locations. CloudFront integrates with S3, EC2, ELB, and Route 53. It also provides DDoS protection via AWS Shield.
AWS WAF (Web Application Firewall) protects web applications from common web exploits (SQL injection, cross-site scripting). You create rules to allow, block, or monitor web requests. WAF integrates with CloudFront, ALB, API Gateway, and AppSync.
Amazon SNS (Simple Notification Service) is a fully managed pub/sub messaging service. Publishers send messages to topics; subscribers receive them. Supports multiple protocols: HTTP/HTTPS, email, SMS, SQS, Lambda. Use case: send notifications when an event occurs (e.g., tl-alert when S3 upload completes).
Amazon SQS (Simple Queue Service) is a fully managed message queuing service. It decouples application components by storing messages in a queue until they are processed. Types: Standard (at-least-once delivery, best-effort ordering) and FIFO (exactly-once processing, strict ordering).
AWS Lambda is a serverless compute service that runs code in response to events without provisioning or managing servers. You pay only for compute time consumed (per request and duration). Lambda supports Node.js, Python, Java, Go, Ruby, and more. Use cases: API backends, data processing, automation.
AWS Auto Scaling automatically adjusts the number of EC2 instances (or other resources) based on demand. It ensures you have the right number of instances to handle load. Types: dynamic scaling (responds to demand changes) and predictive scaling (uses ML to forecast demand).
Amazon ECS (Elastic tl-container Service) is a fully managed tl-container orchestration service. It runs Docker containers on a cluster of EC2 instances or AWS Fargate (serverless). ECS manages tl-container scheduling, scaling, and health monitoring.
AWS Fargate is a serverless compute engine for containers. It works with ECS and EKS. With Fargate, you do not manage servers or clusters - you just define your tl-container requirements (CPU, memory) and Fargate handles the infrastructure. Pay only for the resources your containers use.
AWS Elastic Beanstalk is a PaaS service that automatically handles deployment, capacity provisioning, load balancing, auto-scaling, and health monitoring. You upload your application code and Beanstalk handles the rest. Supports Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker.
Amazon S3 Glacier is a low-cost cloud storage service for data archiving and long-term backup. Retrieval times range from minutes (Instant Retrieval) to hours (Flexible Retrieval) to 12 hours (Deep Archive). Glacier is ideal for data that is rarely accessed but must be retained for compliance.
The AWS Pricing Calculator (calculator.aws) is a free tool to estimate the cost of AWS services for your use case. You configure services and get a monthly cost estimate. Useful for planning migrations, comparing deployment options, and budgeting.
AWS Cost Explorer is a tool to visualize, understand, and manage your AWS costs and usage over time. It provides graphs of spending, identifies cost trends, and shows which services cost the most. You can filter by service, region, account, and tags.
AWS Budgets lets you set custom cost and usage budgets and receive alerts when you exceed (or are forecasted to exceed) your thresholds. You can set budgets for cost, usage, reservation coverage, and Savings Plans utilization. Alerts can be sent via email or SNS.
AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors (ISVs). You can find, test, buy, and deploy software that runs on AWS. Categories include security, networking, storage, machine learning, and business intelligence.
AWS Organizations lets you centrally manage multiple AWS accounts. Features: consolidated billing (single payment method for all accounts), service control policies (SCPs) to restrict what services accounts can use, and organizational units (OUs) to group accounts.
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It automatically assesses EC2 instances and tl-container images for software vulnerabilities and unintended network exposure.
AWS Artifact is a self-service portal for on-demand access to AWS compliance reports and agreements. It provides access to AWS security and compliance documents such as SOC reports, PCI reports, and ISO certifications. Useful for audits and compliance requirements.
Explore 500+ free tutorials across 20+ languages and frameworks.