- What the 4 Domains Actually Cover
- Domain 1: Cloud Concepts (24%)
- Domain 2: Security and Compliance (30%)
- Domain 3: Cloud Technology and Services (34%)
- Domain 4: Billing, Pricing, and Support (12%)
- How Compensatory Scoring Changes Your Strategy
- Question Format and What It Means in Practice
- Which Domains to Prioritize and When
- Frequently Asked Questions
- Cloud Technology and Services is the largest domain at 34%, making it the single most important area to master for the CLF-C02 exam.
- Security and Compliance carries 30% of the exam weight - together with Domain 3, these two domains account for 64% of your score.
- There is no per-domain minimum passing score; compensatory scoring means a weak domain can be offset by strength in another.
- The exam is 65 questions in 90 minutes, with 15 unscored questions you cannot identify - treat every question as scored.
What the 4 Domains Actually Cover
The AWS Certified Cloud Practitioner exam (CLF-C02) is organized into exactly four content domains. These aren't loose categories - they're the official framework AWS uses to write every question on the test. Understanding what each domain demands, and how much weight it carries, is the foundation of any intelligent study plan.
If you've been wondering what Cloud Practitioner certification actually tests, the answer lives in these four domains. The exam is not about hands-on labs, coding, or architecture design at a deep level. It tests conceptual fluency - can you identify the right AWS service for a business use case, apply the shared responsibility model, and explain how AWS pricing structures work?
Here's the domain breakdown at a glance:
| Domain | Name | Exam Weight | Approx. Scored Questions |
|---|---|---|---|
| Domain 1 | Cloud Concepts | 24% | ~12 |
| Domain 2 | Security and Compliance | 30% | ~15 |
| Domain 3 | Cloud Technology and Services | 34% | ~17 |
| Domain 4 | Billing, Pricing, and Support | 12% | ~6 |
The approximate scored question counts above are calculated from the 50 scored questions and the published domain percentages. The 15 unscored questions are embedded invisibly throughout the exam - you will never know which ones they are, so treat every question as if it counts.
Domain 1: Cloud Concepts (24%)
At 24%, Cloud Concepts is the third-largest domain by weight, but it's often the starting point for study because it establishes the vocabulary and mental models that the other domains build on. If you're new to AWS, you cannot meaningfully learn Security or Services without first understanding what cloud computing is and why organizations move to it.
Domain 1: Cloud Concepts - Core Topics
Candidates must be able to define the value proposition of cloud computing and compare deployment and service models.
- The six advantages of cloud computing (AWS's canonical list: trade upfront expense, stop spending money on data centers, stop guessing capacity, benefit from economies of scale, increase speed and agility, go global in minutes)
- Cloud deployment models: public cloud, private cloud, hybrid cloud
- Cloud service models: IaaS, PaaS, SaaS - with real AWS examples for each
- AWS Well-Architected Framework pillars: operational excellence, security, reliability, performance efficiency, cost optimization, sustainability
- AWS Cloud Adoption Framework (AWS CAF) perspectives
- Migration strategies (the 7 Rs: retire, retain, rehost, replatform, repurchase, refactor, relocate)
Questions in this domain often present a business scenario and ask you to identify which cloud benefit or framework concept applies. For example, you might be asked why a company can eliminate its data center capital expenditure by moving to AWS - the answer ties directly to the "trade upfront expense for variable expense" advantage.
For a thorough breakdown of every subtopic tested, see the dedicated Cloud Practitioner Domain 1: Cloud Concepts (24%) Complete Study Guide 2026.
Domain 2: Security and Compliance (30%)
Security and Compliance is the second-largest domain and, for many candidates, the most detail-intensive. At 30%, it accounts for roughly 15 of your 50 scored questions. AWS has structured the entire cloud around a security-first philosophy, and the exam reflects that emphasis heavily.
Domain 2: Security and Compliance - Core Topics
Candidates must understand AWS's shared responsibility model, identity and access controls, and compliance frameworks at a conceptual level.
- The AWS Shared Responsibility Model - what AWS manages (security OF the cloud) versus what customers manage (security IN the cloud)
- AWS Identity and Access Management (IAM): users, groups, roles, policies, least privilege principle
- Multi-factor authentication (MFA), root account best practices, and IAM credential reports
- AWS compliance programs and certifications: SOC, ISO, PCI DSS, HIPAA - and how AWS Artifact provides access to compliance reports
- AWS security services: AWS Shield, AWS WAF, Amazon GuardDuty, AWS Inspector, AWS Macie, AWS Security Hub
- Encryption at rest and in transit; AWS Key Management Service (KMS) and AWS CloudHSM at a conceptual level
- AWS Organizations and Service Control Policies (SCPs) for governance across multiple accounts
One of the most common exam mistakes is confusing which security tasks belong to AWS and which belong to the customer. A question might ask: "Who is responsible for patching the guest operating system on an Amazon EC2 instance?" The answer is the customer - EC2 is IaaS, and the guest OS is above AWS's responsibility boundary. Get this model wrong, and you'll miss multiple questions across both this domain and Domain 3.
See the full Cloud Practitioner Domain 2: Security and Compliance (30%) Complete Study Guide 2026 for service-by-service coverage.
Cloud Technology and Services (34%)
This is the largest domain on the exam and the one that demands the broadest knowledge base. At 34%, roughly 17 of your 50 scored questions come from here. The domain spans the core AWS service categories - compute, storage, networking, databases, and a growing list of managed and global infrastructure services.
Domain 3: Cloud Technology and Services - Core Topics
Candidates must be able to identify the right AWS service for a described use case and understand the basic characteristics that differentiate services within the same category.
- Compute: Amazon EC2 (instance types, purchasing options), AWS Lambda (serverless), Amazon ECS and EKS (containers), AWS Elastic Beanstalk (PaaS deployment)
- Storage: Amazon S3 (storage classes, lifecycle policies), Amazon EBS, Amazon EFS, AWS Storage Gateway, AWS Snow family
- Networking: Amazon VPC, subnets, security groups vs. NACLs, Amazon Route 53, Amazon CloudFront, AWS Direct Connect, AWS VPN
- Databases: Amazon RDS, Amazon Aurora, Amazon DynamoDB, Amazon Redshift, Amazon ElastiCache - and when to use each
- Application integration: Amazon SQS, Amazon SNS, Amazon EventBridge, AWS Step Functions
- Developer and deployment tools: AWS CloudFormation, AWS CodePipeline, AWS CodeDeploy, AWS CodeBuild
- Monitoring and management: Amazon CloudWatch, AWS CloudTrail, AWS Config, AWS Trusted Advisor
- AI/ML services at a conceptual level: Amazon SageMaker, Amazon Rekognition, Amazon Comprehend, Amazon Lex, Amazon Polly
- AWS Global Infrastructure: Regions, Availability Zones, Local Zones, Edge Locations, AWS Outposts
The breadth here is intentional. AWS is not testing deep technical knowledge of any single service - it's testing whether you understand the service landscape well enough to match a business requirement to the correct tool. Questions often use scenario framing: "A company needs a managed NoSQL database with single-digit millisecond latency at any scale. Which service should they use?" (Amazon DynamoDB.)
Practicing with realistic scenario-based questions is essential for this domain. Visit our AWS Cloud Practitioner practice tests to work through service-matching questions that mirror the CLF-C02 format.
The dedicated Cloud Practitioner Domain 3: Cloud Technology and Services (34%) Complete Study Guide 2026 maps every major service to its exam-relevant use cases.
Domain 4: Billing, Pricing, and Support (12%)
At 12%, this is the smallest domain by weight, but it's one of the most approachable for candidates who take time to learn it. The concepts are logical, the terminology is consistent, and the questions tend to be more direct than the scenario-heavy questions in Domains 2 and 3.
Domain 4: Billing, Pricing, and Support - Core Topics
Candidates must understand how AWS charges for services, what tools exist to manage spend, and what each support tier offers.
- AWS pricing models: On-Demand, Reserved Instances (Standard and Convertible), Savings Plans, Spot Instances, Dedicated Hosts
- The AWS Free Tier: always-free offers, 12-month free offers, and short-term trial offers
- AWS pricing tools: AWS Pricing Calculator, AWS Cost Explorer, AWS Budgets, AWS Cost and Usage Report
- Consolidated billing via AWS Organizations - how it enables volume discounts and simplifies multi-account billing
- AWS Support plans: Basic, Developer, Business, Enterprise On-Ramp, Enterprise - response times, TAM availability, and key differentiators
- AWS Marketplace: finding, purchasing, and deploying third-party software on AWS
A common question type asks you to choose the most cost-effective pricing option for a described workload. For example, a steady-state workload running 24/7 for three years maps to Reserved Instances or Savings Plans - not On-Demand. Understanding these trade-offs in plain English is what the exam tests.
For complete coverage, see the Cloud Practitioner Domain 4: Billing, Pricing, and Support (12%) Complete Study Guide 2026.
How Compensatory Scoring Changes Your Strategy
The CLF-C02 uses compensatory scoring. This means there is no minimum score requirement per domain - you only need to reach 700 on the overall 100-1000 scale. A candidate who scores very high on Domains 2 and 3 can offset a weaker performance on Domain 1 or Domain 4.
This scoring model also means there is no penalty for guessing. If you encounter a question where you've exhausted your reasoning, eliminate any obviously wrong answers and make your best guess. Leaving a question blank and guessing both result in zero points for that question - but a guess gives you a chance at a point.
If you're curious about how this translates to overall pass rates and difficulty, the How Hard Is the Cloud Practitioner Exam? Complete Difficulty Guide 2026 addresses candidate experience across all four domains.
Question Format and What It Means in Practice
Every question on the CLF-C02 is either multiple choice (one correct answer from four options) or multiple response (two or more correct answers from five options). There are no hands-on labs, no command-line tasks, and no coding exercises. This is a conceptual exam.
Multiple response questions are often harder because partial credit is not awarded - you must select all correct answers to receive credit for the question. These questions typically appear with instructions like "Select TWO" or "Select THREE." If you're unsure, apply process of elimination aggressively before selecting.
Key Takeaway
On multiple response questions, selecting one extra wrong answer is just as costly as selecting one fewer correct answer - you receive zero points either way. Practice identifying these questions quickly in your prep so the format doesn't slow you down on exam day.
The 90-minute time limit gives you roughly 83 seconds per question across all 65. Most candidates find the time sufficient, but Domain 3 scenario questions often require longer reading time. Flagging long questions for review and moving on preserves time for a second pass.
Which Domains to Prioritize and When
A structured study schedule built around the CLF-C02 domain weights looks different from generic exam advice. Here's a practical four-week framework tied specifically to domain weight and content complexity:
Domain 1: Cloud Concepts + Exam Mechanics
- Learn the six advantages of cloud and the Well-Architected Framework pillars
- Understand IaaS vs. PaaS vs. SaaS with AWS examples
- Review cloud deployment models; study the 7 Rs of migration
- Familiarize yourself with exam registration, the $100 fee, and Pearson VUE options
Domain 2: Security and Compliance
- Master the Shared Responsibility Model - draw it, quiz yourself on edge cases
- Learn IAM: users, groups, roles, policies, and least privilege
- Cover AWS security services (Shield, WAF, GuardDuty, Inspector, Macie)
- Review compliance programs and AWS Artifact
Domain 3: Cloud Technology and Services
- Systematically cover compute, storage, networking, and database services
- Build a service-to-use-case reference list for quick recall
- Study AWS Global Infrastructure: Regions, AZs, Edge Locations
- Begin scenario-based practice questions - this domain rewards repetition
Domain 4: Billing + Full Exam Practice
- Learn pricing models: On-Demand, Reserved, Savings Plans, Spot
- Study support plan tiers and their key differentiators
- Take two to three full-length timed practice exams
- Review every wrong answer by domain to identify remaining gaps
This schedule allocates more time to Domain 3 because it's both the largest domain and the most service-dense. Domain 4 gets compressed into week four not because it's unimportant, but because its concepts are more finite and easier to internalize quickly once you have the Domain 2 and 3 foundations in place.
For a more comprehensive study framework, the Cloud Practitioner Study Guide 2026: How to Pass on Your First Attempt expands on this schedule with resource recommendations and topic checklists.
Reinforce every week's content with domain-specific practice questions at cloudpractitionerexam.com. Filtering practice by domain lets you measure which areas need additional focus before exam day.
Frequently Asked Questions
No. The CLF-C02 uses compensatory scoring, meaning you only need to achieve a total score of 700 on the 100-1000 scale. There is no per-domain minimum. A strong performance in the larger domains - Security and Compliance (30%) and Cloud Technology and Services (34%) - can offset weaker performance in smaller domains.
Based on the 50 scored questions and the published domain weights, you can expect approximately 12 questions from Domain 1 (Cloud Concepts, 24%), 15 from Domain 2 (Security and Compliance, 30%), 17 from Domain 3 (Cloud Technology and Services, 34%), and 6 from Domain 4 (Billing, Pricing, and Support, 12%). The 15 unscored questions are distributed throughout the exam and cannot be identified.
Domain 3 (Cloud Technology and Services) is typically the most challenging because it requires familiarity with the largest number of individual AWS services. Domain 2 (Security and Compliance) is often reported as difficult for candidates without a security background, particularly the Shared Responsibility Model and IAM concepts. That said, difficulty is subjective - your professional background will significantly affect which domains feel hardest.
Yes. The exam has no prerequisites, and AWS states the target candidate may have up to six months of cloud exposure - but this is not required. Many candidates pass without hands-on AWS experience by studying the CLF-C02 exam guide, the official AWS documentation for each domain, and by practicing with realistic scenario-based questions.
You must wait 14 days before retaking the exam. There is no limit on the number of retake attempts after failed attempts, and each retake requires paying the $100 USD fee again. AWS provides a score report with domain-level performance feedback, which helps you identify exactly which areas to focus on before reattempting. If you pass, you cannot retake the same exam version for two years unless the exam version changes.
- Cloud Practitioner Domain 1: Cloud Concepts (24%) - Complete Study Guide 2026
- Cloud Practitioner Domain 2: Security and Compliance (30%) - Complete Study Guide 2026
- Cloud Practitioner Domain 3: Cloud Technology and Services (34%) - Complete Study Guide 2026
- Cloud Practitioner Domain 4: Billing, Pricing, and Support (12%) - Complete Study Guide 2026