CLF-C02: Exam Tips & Strategy
Strategic guidance for exam preparation and taking the CLF-C02 AWS Certified Cloud Practitioner exam.
← Back to Overview | ← Objectives | ← Study Notes
⚠️ Exam Traps & Gotchas
Common mistakes and tricky areas that often appear on the exam.
Trap 1: Confusing Security Groups and NACLs
What it looks like: "Which provides stateful filtering at the instance level?"
Why it's tricky:
- Security Groups are stateful (return traffic automatically allowed)
- NACLs are stateless (must explicitly allow return traffic)
Remember:
- Security Groups = Instance level, stateful, allow rules only
- NACLs = Subnet level, stateless, allow + deny rules
Trap 2: Shared Responsibility Model Confusion
What it looks like: "Who is responsible for patching the guest OS on EC2?"
Why it's wrong: Many assume AWS handles all patching
Remember:
- EC2: Customer patches the OS
- RDS: AWS patches the OS
- Lambda: No OS to patch (AWS manages everything)
Trap 3: S3 Storage Class Selection
What it looks like: "A company needs to store data accessed once per quarter. Which S3 class is most cost-effective?"
Why it's tricky:
- S3 Standard-IA has retrieval fees
- Glacier has longer retrieval times
- Need to balance cost vs. access requirements
Remember:
- Frequently accessed → S3 Standard
- Infrequent (monthly) → S3 Standard-IA
- Rarely accessed (quarterly/yearly) → S3 Glacier
- Archival (7-10 years) → S3 Glacier Deep Archive
Trap 4: Multi-AZ vs. Read Replicas
What it looks like: "A company wants to improve RDS read performance. What should they use?"
Why it's wrong: Multi-AZ is for availability, not performance
Remember:
- High availability/disaster recovery → Multi-AZ
- Read scalability/performance → Read Replicas
Trap 5: Reserved Instance vs. Savings Plans
What it looks like: "Which offers the most flexibility with the same discount level?"
Why it's tricky: Both offer similar discounts but different flexibility
Remember:
- Reserved Instances: Tied to specific instance type, region
- Savings Plans: Flexible across instance families, regions
- Savings Plans are generally more flexible
Trap 6: Lambda Limitations
What it looks like: "Can Lambda be used for a process that takes 30 minutes?"
Why it's wrong: Lambda has a 15-minute maximum execution time
Remember:
- Lambda max: 15 minutes, 10 GB memory
- For longer processes → Use ECS, Fargate, or EC2
Trap 7: Spot Instance Interruptions
What it looks like: "Use Spot Instances for a critical database server to save costs"
Why it's wrong: Spot Instances can be terminated with only 2 minutes notice
Remember:
- Spot Instances: Only for fault-tolerant, interruptible workloads
- Never use for: Databases, critical apps, stateful workloads
- Good for: Batch jobs, data analysis, CI/CD testing
📚 Study Strategy
What to Focus On
High-Priority Topics (Appear Most Often)
IAM (Users, Groups, Roles, Policies)
- Understand the difference between users and roles
- Know when to use MFA
- Principle of least privilege
EC2 (Instance types, pricing models)
- Know the purchasing options (On-Demand, Reserved, Spot)
- Understand instance families (C, M, R, T)
S3 (Storage classes, use cases)
- Know all storage classes and when to use each
- Understand durability vs. availability
AWS Support Plans
- Know what comes with each plan
- Response times matter
Shared Responsibility Model
- Very frequently tested
- Know who's responsible for what
VPC Basics (Subnets, Security Groups, NACLs)
- Public vs. private subnets
- Security Groups vs. NACLs differences
Cost Optimization
- Reserved Instances
- Spot Instances
- Rightsizing
- Trusted Advisor
What NOT to Over-Study
Don't Waste Time On
- Deep technical implementation - This is a foundational exam
- Memorizing pricing - You need to know models, not exact prices
- Hands-on configuration steps - Focus on concepts, not CLI commands
- All 200+ AWS services - Focus on the in-scope services (see objectives)
- Advanced networking - Basic VPC concepts are enough
⏱️ Time Management
Exam Format
- 90 minutes for 65 questions
- About 1.4 minutes per question
- Mix of multiple choice and multiple response
Time Strategy
First Pass (60 minutes)
- Answer questions you know immediately
- Flag difficult questions for review
- Don't spend more than 2 minutes on any question
Review Pass (25 minutes)
- Return to flagged questions
- Eliminate obviously wrong answers
- Make educated guesses
Final Check (5 minutes)
- Ensure all questions are answered
- There's no penalty for guessing!
Critical: No Negative Marking
Always answer every question. There's no penalty for wrong answers. If you're running out of time, guess on remaining questions rather than leaving them blank.
🎯 Decision Tables & Quick Reference
When to Use Which Compute Service?
| Requirement | Service |
|---|---|
| Need full control of OS | EC2 |
| Don't want to manage servers | Lambda |
| Deploy app without managing infrastructure | Elastic Beanstalk |
| Run containers, manage orchestration | ECS / EKS |
| Run containers, no server management | Fargate |
| Event-driven, short tasks | Lambda |
When to Use Which Database?
| Requirement | Service |
|---|---|
| Traditional SQL (MySQL, PostgreSQL) | RDS |
| NoSQL, key-value, millisecond latency | DynamoDB |
| In-memory cache | ElastiCache |
| Data warehouse, analytics | Redshift |
| MongoDB-compatible | DocumentDB |
| Graph database | Neptune |
When to Use Which Storage?
| Requirement | Service |
|---|---|
| Object storage, static websites | S3 |
| Long-term archival | S3 Glacier |
| Block storage for EC2 | EBS |
| Shared file storage (Linux) | EFS |
| Shared file storage (Windows) | FSx |
Security Services Quick Reference
| What You Need | Service |
|---|---|
| DDoS protection | AWS Shield |
| Web application firewall | AWS WAF |
| Threat detection | Amazon GuardDuty |
| Encryption key management | AWS KMS |
| Central security view | AWS Security Hub |
| Compliance reports | AWS Artifact |
| Discover sensitive data in S3 | Amazon Macie |
📝 Exam Day Tips
Before the Exam
- Get good sleep - Don't cram the night before
- Arrive early - 15-30 minutes before start time
- Bring ID - Government-issued photo ID required
- No materials allowed - No phones, notes, watches
During the Exam
Read questions carefully - Keywords matter
- "Most cost-effective" → Choose cheapest option
- "High availability" → Multi-AZ, multi-region
- "Best practice" → AWS recommended approach
Eliminate wrong answers first
- Usually 2 answers are clearly wrong
- Choose between remaining 2
Watch for keywords:
- "Immediate access" → Not Glacier
- "Fault-tolerant" → OK for Spot Instances
- "Mission-critical" → Not Spot Instances
- "Lowest latency" → Edge locations, CloudFront
- "Serverless" → Lambda, Fargate, Aurora Serverless
Flag and move on - Don't get stuck
🧠 Memory Techniques
Remember the 6 Pillars (CROPSS)
- Cost Optimization
- Reliability
- Operational Excellence
- Performance Efficiency
- Security
- Sustainability
Remember the 7 Rs of Migration (R²RRRR²)
- Retire
- Retain
- Rehost
- Relocate
- Repurchase
- Replatform
- Refactor
Remember EC2 Instance Families (CMRST-PGI)
- Compute optimized
- Memory balanced (general purpose)
- RAM optimized (memory)
- Storage optimized
- Tiny/burstable (general purpose)
- Powerful GPU
- Graphics
- IO optimized
Remember Support Plans (DBBE)
- Developer ($29+)
- Business ($100+)
- Business Enterprise On-Ramp ($5,500+)
- Enterprise ($15,000+)
🎓 Final Study Checklist
One week before exam:
- [ ] Review all 4 domains thoroughly
- [ ] Understand Shared Responsibility Model completely
- [ ] Know all S3 storage classes
- [ ] Know EC2 pricing models
- [ ] Know AWS Support plan differences
- [ ] Understand IAM components (users, groups, roles, policies)
- [ ] Know key services for each category (compute, storage, database, network)
- [ ] Review AWS Well-Architected Framework pillars
- [ ] Take practice exam (AWS provides sample questions)
- [ ] Review incorrect answers from practice exams
Day before exam:
- [ ] Light review of notes
- [ ] Review decision tables and quick references
- [ ] Get good sleep
- [ ] Prepare ID and exam details
💡 Common Question Patterns
Pattern 1: "Most Cost-Effective"
Always consider:
- Spot Instances (if workload is fault-tolerant)
- Reserved Instances (if steady-state)
- S3 Glacier (if archival)
- Rightsizing (not over-provisioning)
Pattern 2: "High Availability"
Look for:
- Multi-AZ deployments
- Multiple Regions
- ELB (Load Balancer)
- Auto Scaling
Pattern 3: "Lowest Latency"
Consider:
- CloudFront (edge locations)
- Route 53 latency-based routing
- Deploy in Region closest to users
- ElastiCache for database queries
Pattern 4: "Secure"
Think:
- Enable MFA
- Use IAM roles (not access keys)
- Encrypt data (KMS)
- Security groups + NACLs
- Principle of least privilege
Pattern 5: "Compliance"
Remember:
- AWS Artifact for compliance reports
- Specific Region for data residency
- AWS Config for compliance monitoring
- CloudTrail for audit logs
🚀 You're Ready When...
- ✅ You can explain the Shared Responsibility Model
- ✅ You know the difference between Security Groups and NACLs
- ✅ You can choose the right S3 storage class for any scenario
- ✅ You understand when to use EC2, Lambda, or Elastic Beanstalk
- ✅ You know all 4 AWS Support plans and their differences
- ✅ You can identify which service to use for compute, storage, database, and network scenarios
- ✅ You understand the 6 pillars of the Well-Architected Framework
- ✅ You know AWS pricing models (On-Demand, Reserved, Spot, Savings Plans)
- ✅ You can score 80%+ on practice exams consistently
Good luck with your exam! 🎯