AWS Certified Cloud Practitioner (CLF-CO2) Exam
New 2025-2026 Exam with All 65 Questions, Correct
Answers and Rationale
Question 1 Which AWS services can be used to store files? (Choose 2 answers)
A. Amazon CloudWatch
B. Amazon Simple Storage Service (Amazon S3)
C. Amazon Elastic Block Store (Amazon EBS)
D. AWS Config
E. Amazon Athena Correct Answers: B, C
Rationale: Amazon S3 is a scalable object storage service, and Amazon EBS provides block
storage for EC2 instances. Both are designed for file storage. CloudWatch is for monitoring,
AWS Config is for resource tracking, and Amazon Athena is for querying data, not storage.
Question 2 Which of the following services uses AWS edge locations?
A. Amazon Virtual Private Cloud (Amazon VPC)
B. Amazon CloudFront
C. Amazon Elastic Compute Cloud (Amazon EC2)
D. AWS Storage Gateway Correct Answer: B
Rationale: Amazon CloudFront is a content delivery network (CDN) that uses edge locations to
cache content for low-latency delivery. VPC, EC2, and Storage Gateway do not primarily use
edge locations.
Question 3 Which of the following is a benefit of Amazon Elastic Compute Cloud (Amazon
EC2) over physical servers?
A. Automated backup
B. Paying only for what you use
C. The ability to choose hardware vendors
D. Root/administrator access Correct Answer: B
Rationale: EC2 allows users to pay only for the compute resources they use, unlike physical
servers that require upfront hardware costs. Automated backups are not inherent to EC2,
hardware vendors are managed by AWS, and root access is available but not unique to EC2.
Question 4 What is the value of having AWS Cloud services accessible through an Application
Programming Interface (API)?
A. Cloud resources can be managed programmatically
B. AWS infrastructure use will always be cost-optimized
C. All application testing is managed by AWS
D. Customer-owned, on-premises infrastructure becomes programmable Correct Answer: A
Rationale: APIs allow programmatic management of AWS resources, enabling automation and
integration. The other options are incorrect as APIs do not inherently optimize costs, manage
testing, or make on-premises infrastructure programmable.
Question 5 Which of the following examples supports the cloud design principle "design for
, failure and nothing will fail"?
A. Adding an elastic load balancer in front of a single Amazon EC2 instance
B. Creating and deploying the most cost-effective solution
C. Deploying an application in multiple Availability Zones
D. Using Amazon CloudWatch alerts to monitor performance Correct Answer: C
Rationale: Deploying across multiple Availability Zones ensures high availability and fault
tolerance, aligning with the "design for failure" principle. A single ELB or CloudWatch alerts do
not inherently provide redundancy, and cost-effectiveness is unrelated.
Question 6 Which service allows an administrator to create and modify AWS user permissions?
A. AWS Config
B. AWS CloudTrail
C. AWS Key Management Service (AWS KMS)
D. AWS Identity and Access Management (IAM) Correct Answer: D
Rationale: IAM is used to manage user permissions and access to AWS resources. AWS Config
tracks configurations, CloudTrail logs API calls, and KMS manages encryption keys.
Question 7 Which AWS service automates infrastructure provisioning and administrative tasks
for an analytical data warehouse?
A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon ElastiCache
D. Amazon Aurora Correct Answer: A
Rationale: Amazon Redshift is a managed data warehouse service that automates provisioning
and administrative tasks. DynamoDB is a NoSQL database, ElastiCache is for caching, and
Aurora is a relational database.
Question 8 Which of the following is the responsibility of the AWS customer according to the
Shared Security Model?
A. Managing AWS Identity and Access Management (IAM)
B. Securing edge locations
C. Monitoring physical device security
D. Implementing service organization control (SOC) standards Correct Answer: A
Rationale: Customers are responsible for managing IAM, including user access and permissions.
AWS handles edge location security, physical device security, and SOC compliance.
Question 9 Where can a customer go to get more detail about Amazon EC2 billing activity that
took place 3 months ago?
A. Amazon EC2 dashboard
B. AWS Cost and Usage Reports
C. AWS Trusted Advisor dashboard
D. AWS CloudTrail logs stored in Amazon S3 Correct Answer: B
Rationale: AWS Cost and Usage Reports provide detailed billing information, including
historical EC2 activity. The EC2 dashboard, Trusted Advisor, and CloudTrail logs do not focus
on billing details.
New 2025-2026 Exam with All 65 Questions, Correct
Answers and Rationale
Question 1 Which AWS services can be used to store files? (Choose 2 answers)
A. Amazon CloudWatch
B. Amazon Simple Storage Service (Amazon S3)
C. Amazon Elastic Block Store (Amazon EBS)
D. AWS Config
E. Amazon Athena Correct Answers: B, C
Rationale: Amazon S3 is a scalable object storage service, and Amazon EBS provides block
storage for EC2 instances. Both are designed for file storage. CloudWatch is for monitoring,
AWS Config is for resource tracking, and Amazon Athena is for querying data, not storage.
Question 2 Which of the following services uses AWS edge locations?
A. Amazon Virtual Private Cloud (Amazon VPC)
B. Amazon CloudFront
C. Amazon Elastic Compute Cloud (Amazon EC2)
D. AWS Storage Gateway Correct Answer: B
Rationale: Amazon CloudFront is a content delivery network (CDN) that uses edge locations to
cache content for low-latency delivery. VPC, EC2, and Storage Gateway do not primarily use
edge locations.
Question 3 Which of the following is a benefit of Amazon Elastic Compute Cloud (Amazon
EC2) over physical servers?
A. Automated backup
B. Paying only for what you use
C. The ability to choose hardware vendors
D. Root/administrator access Correct Answer: B
Rationale: EC2 allows users to pay only for the compute resources they use, unlike physical
servers that require upfront hardware costs. Automated backups are not inherent to EC2,
hardware vendors are managed by AWS, and root access is available but not unique to EC2.
Question 4 What is the value of having AWS Cloud services accessible through an Application
Programming Interface (API)?
A. Cloud resources can be managed programmatically
B. AWS infrastructure use will always be cost-optimized
C. All application testing is managed by AWS
D. Customer-owned, on-premises infrastructure becomes programmable Correct Answer: A
Rationale: APIs allow programmatic management of AWS resources, enabling automation and
integration. The other options are incorrect as APIs do not inherently optimize costs, manage
testing, or make on-premises infrastructure programmable.
Question 5 Which of the following examples supports the cloud design principle "design for
, failure and nothing will fail"?
A. Adding an elastic load balancer in front of a single Amazon EC2 instance
B. Creating and deploying the most cost-effective solution
C. Deploying an application in multiple Availability Zones
D. Using Amazon CloudWatch alerts to monitor performance Correct Answer: C
Rationale: Deploying across multiple Availability Zones ensures high availability and fault
tolerance, aligning with the "design for failure" principle. A single ELB or CloudWatch alerts do
not inherently provide redundancy, and cost-effectiveness is unrelated.
Question 6 Which service allows an administrator to create and modify AWS user permissions?
A. AWS Config
B. AWS CloudTrail
C. AWS Key Management Service (AWS KMS)
D. AWS Identity and Access Management (IAM) Correct Answer: D
Rationale: IAM is used to manage user permissions and access to AWS resources. AWS Config
tracks configurations, CloudTrail logs API calls, and KMS manages encryption keys.
Question 7 Which AWS service automates infrastructure provisioning and administrative tasks
for an analytical data warehouse?
A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon ElastiCache
D. Amazon Aurora Correct Answer: A
Rationale: Amazon Redshift is a managed data warehouse service that automates provisioning
and administrative tasks. DynamoDB is a NoSQL database, ElastiCache is for caching, and
Aurora is a relational database.
Question 8 Which of the following is the responsibility of the AWS customer according to the
Shared Security Model?
A. Managing AWS Identity and Access Management (IAM)
B. Securing edge locations
C. Monitoring physical device security
D. Implementing service organization control (SOC) standards Correct Answer: A
Rationale: Customers are responsible for managing IAM, including user access and permissions.
AWS handles edge location security, physical device security, and SOC compliance.
Question 9 Where can a customer go to get more detail about Amazon EC2 billing activity that
took place 3 months ago?
A. Amazon EC2 dashboard
B. AWS Cost and Usage Reports
C. AWS Trusted Advisor dashboard
D. AWS CloudTrail logs stored in Amazon S3 Correct Answer: B
Rationale: AWS Cost and Usage Reports provide detailed billing information, including
historical EC2 activity. The EC2 dashboard, Trusted Advisor, and CloudTrail logs do not focus
on billing details.
