- The CLF-C02 exam is 65 questions in 90 minutes; only 50 questions are scored, and 15 unscored questions are not identified.
- You need a 700 out of 1000 scaled score to pass - roughly 70% - with no per-domain minimum requirement.
- Cloud Technology and Services (34%) and Security and Compliance (30%) together account for nearly two-thirds of your score.
- There is no penalty for guessing, so every question should receive an answer before time expires.
The Real Difficulty Picture
The AWS Certified Cloud Practitioner sits at the foundation level of the AWS certification path, and that label leads many candidates to underestimate what the exam actually demands. It is not a deeply technical exam - there are no hands-on labs, no coding challenges, and no architecture deep-dives. But "not technical" does not mean "easy." The breadth of concepts tested across four distinct domains, combined with the precise AWS-specific vocabulary the questions use, catches a meaningful number of first-time candidates off guard.
To understand what you are facing, start with the numbers. The current version, CLF-C02, presents 65 questions across a 90-minute window. Of those, only 50 questions count toward your score; 15 are unscored experimental items that AWS uses for future exam development, and you will have no way of knowing which is which. You need a scaled score of 700 out of a possible 1000 to pass. AWS uses compensatory scoring, which means your performance is evaluated holistically - there is no minimum percentage required within any individual domain.
For a fuller picture of what this certification involves before diving into difficulty specifics, see our overview of What Is Cloud Practitioner Certification?
What Actually Makes the Exam Challenging
The difficulty of the Cloud Practitioner exam comes from three sources that have nothing to do with complex math or programming ability.
The Vocabulary Problem
AWS has built a proprietary ecosystem with hundreds of named services, each carrying a specific purpose and a set of related features. Questions on the CLF-C02 assume you know the difference between Amazon S3 and Amazon EBS, between AWS IAM and AWS Organizations, and between AWS Shield Standard and AWS Shield Advanced - not at an engineering depth, but at a recognition-and-purpose level. Candidates who have spent time in a general IT role without AWS exposure often know the underlying concepts but stumble on the AWS-specific naming.
The Scope Problem
Four domains sounds manageable until you map out what each one covers. Cloud Technology and Services alone - the largest domain at 34% of your score - spans compute, storage, networking, databases, analytics, machine learning, application integration, and developer tools. Security and Compliance, the second-largest domain at 30%, covers the shared responsibility model, identity management, data protection, compliance programs, and security service identification. Together these two domains represent 64% of your total scaled score. Skimming them is not an option.
The Distractor Quality Problem
AWS writes multiple-choice questions with plausible distractors - wrong answers that sound correct if you have a shallow understanding of a topic. A question about who is responsible for patching an EC2 operating system, for instance, will offer answers that all seem reasonable until you have genuinely internalized the shared responsibility model. This is where breadth of study, not just exposure to key terms, makes the difference.
Key Takeaway
The Cloud Practitioner exam tests recognition and conceptual understanding, not implementation skills. The challenge is breadth and AWS-specific precision, not technical depth. Treat every wrong practice question as a vocabulary and concept gap to close, not just a missed answer.
Difficulty by Domain
Understanding which domains carry the most weight - and which are conceptually trickier - lets you allocate study time strategically. For a complete breakdown of all four content areas, see the Cloud Practitioner Exam Domains 2026: Complete Guide to All 4 Content Areas.
Domain 1: Cloud Concepts (24%)
Covers the value proposition of cloud computing, the AWS Well-Architected Framework, cloud economics, and migration strategies.
- Most candidates find this the most approachable domain - concepts like scalability, elasticity, and pay-as-you-go pricing are intuitive.
- The AWS Well-Architected Framework's six pillars (Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability) are frequently tested and require memorization of names and core principles.
- Cloud migration strategies (the "7 Rs") appear in questions; knowing the difference between rehosting and replatforming is a common question type.
Domain 2: Security and Compliance (30%)
The second-largest domain and the one most candidates underestimate. Covers shared responsibility, IAM, data protection, compliance, and AWS security services.
- The shared responsibility model is tested repeatedly and in nuanced ways - know exactly what AWS manages versus what the customer manages for IaaS, PaaS, and SaaS service types.
- IAM concepts including users, groups, roles, policies, and the principle of least privilege are heavily weighted.
- Candidates must distinguish between AWS security services: GuardDuty, Macie, Inspector, Security Hub, Shield, WAF, and CloudTrail all appear in questions.
- Compliance programs (SOC, PCI DSS, HIPAA) are tested at a recognition level - know what AWS Artifact is and how compliance responsibility is shared.
Domain 3: Cloud Technology and Services (34%)
The largest domain and the one requiring the most raw memorization. Covers compute, storage, networking, databases, AI/ML, analytics, and more.
- Compute: EC2 instance types at a conceptual level, Lambda, Elastic Beanstalk, ECS, and EKS - know when to choose each.
- Storage: S3 storage classes, EBS, EFS, and Glacier - know the use cases and cost implications of each.
- Networking: VPC fundamentals, subnets, security groups vs. network ACLs, Route 53, CloudFront, and Direct Connect.
- Databases: RDS, DynamoDB, Redshift, ElastiCache - know the difference between relational and non-relational and the primary use case for each service.
- AI/ML and analytics services appear regularly; candidates do not need to understand how to build models, but must know what SageMaker, Rekognition, Comprehend, and Athena do.
Domain 4: Billing, Pricing, and Support (12%)
The smallest domain but very learnable. Covers pricing models, cost management tools, and AWS Support plan tiers.
- Know the four AWS Support plans: Basic, Developer, Business, and Enterprise - including response time SLAs and key features of each.
- Understand Reserved Instances, Savings Plans, Spot Instances, and On-Demand pricing at a conceptual level.
- AWS Cost Explorer, AWS Budgets, the AWS Pricing Calculator, and the Total Cost of Ownership (TCO) Calculator are all tested.
- This domain rewards focused study - the scope is limited and the questions are among the most predictable on the exam.
Question Format and What to Expect
The CLF-C02 uses two question formats: multiple choice (one correct answer from four options) and multiple response (two or more correct answers from five options). Multiple response questions are harder because partial credit is not awarded - you must select all correct answers to receive credit for the question.
Questions generally fall into three patterns:
- Service identification: "Which AWS service provides a fully managed NoSQL database?" - requires knowing what each service does.
- Scenario-based selection: "A company needs to store infrequently accessed data at the lowest possible cost. Which S3 storage class should they use?" - requires knowing use cases and trade-offs.
- Concept application: "Under the AWS shared responsibility model, who is responsible for patching the operating system of an Amazon EC2 instance?" - requires understanding foundational principles.
The 90-minute window for 65 questions gives you approximately 83 seconds per question. Most candidates have adequate time, but multiple response questions and scenario-based questions can slow you down. Practice under timed conditions using our Cloud Practitioner practice tests to calibrate your pace before exam day.
Exam Mechanics That Affect Your Score
| Mechanic | Detail | What It Means for You |
|---|---|---|
| Unscored questions | 15 of 65 questions are experimental and unscored | Treat every question equally - you cannot identify which ones count |
| No guessing penalty | Unanswered questions score the same as wrong answers | Always submit an answer, even if uncertain |
| Compensatory scoring | No per-domain minimum required | Strength in Domain 3 and Domain 2 can offset weakness in Domain 4 |
| Retake policy | 14-day wait after a failed attempt; no attempt limit | Plan your preparation to pass on the first attempt, but a retake is always available |
| Exam fee | $100 USD per attempt | Budget accordingly; see our Cloud Practitioner Certification Cost 2026 for a full breakdown |
| Passed candidate restriction | Cannot retake the same exam for two years after passing | Aim to pass with a comfortable margin, not just at the threshold |
Who Tends to Struggle (and Why)
The CLF-C02 has no prerequisites - AWS states the target candidate may have up to six months of AWS Cloud exposure, but this is a guideline, not a requirement. That openness is a strength of the certification, but it also means the exam population includes people with very different starting points, and difficulty is genuinely relative to background.
IT professionals with no AWS background often know the underlying concepts (virtualization, networking, databases) but struggle with AWS-specific service names and the shared responsibility model's nuances. Their study time is best focused on Domain 3 service mapping and Domain 2 security services.
Non-technical professionals (project managers, sales engineers, finance analysts pursuing cloud literacy) often find Domain 3 - Cloud Technology and Services - the steepest climb. The volume of named services with overlapping purposes requires systematic study rather than casual reading.
Developers with AWS experience tend to find the exam most approachable, though they sometimes overconfident on billing and support topics (Domain 4) because they have rarely engaged with Support plan SLAs or cost optimization tools in a hands-on role.
Regardless of background, the candidates who pass comfortably are those who have taken structured practice tests. Working through realistic questions - not just reading content - is the most reliable way to identify the specific vocabulary gaps that cost points on exam day. Start with our full-length Cloud Practitioner practice exams to establish a baseline score early in your preparation.
A Domain-Anchored Preparation Approach
Generic study schedules are not useful here. The four domains have very different weights and very different learning curves, so the most efficient preparation sequences study time to match both. The Cloud Practitioner Study Guide 2026 covers this in detail, but here is a domain-anchored framework:
Domain 1: Cloud Concepts + Domain 4: Billing and Support
- Study the Well-Architected Framework six pillars - name and core principle of each
- Map the three cloud deployment models (public, private, hybrid) and the three service models (IaaS, PaaS, SaaS)
- Learn the four AWS Support plan tiers and their key SLAs
- Master AWS pricing models: On-Demand, Reserved, Spot, Savings Plans
- Run a scored practice set focused on Domains 1 and 4 to establish a baseline
Domain 2: Security and Compliance
- Build a detailed shared responsibility model map - IaaS vs. PaaS vs. SaaS variations
- Study IAM: users, groups, roles, policies, MFA, and the principle of least privilege
- Learn the purpose of each security service: GuardDuty, Macie, Inspector, Shield Standard vs. Advanced, WAF, CloudTrail, Config
- Understand compliance programs at the recognition level and what AWS Artifact provides
Domain 3: Cloud Technology and Services
- Build service-to-use-case flashcards for compute, storage, database, and networking categories
- Focus on S3 storage class trade-offs (Standard, Standard-IA, Glacier, Glacier Deep Archive)
- Map networking: VPC, subnets, security groups vs. NACLs, Route 53, CloudFront, Direct Connect, VPN
- Review AI/ML and analytics services at a "what does it do" level: SageMaker, Rekognition, Athena, Kinesis
Full-Exam Practice and Gap Closure
- Take two or more full-length timed practice exams under realistic conditions
- Review every wrong answer - identify whether the error was a vocabulary gap, a service confusion, or a concept misunderstanding
- Revisit Domain 2 and Domain 3 weak spots; these two domains decide most exam outcomes
- Confirm your exam appointment logistics (Pearson VUE testing center or online proctored) and ID requirements
This schedule assumes roughly 8-12 hours of study per week. Candidates with existing cloud exposure can compress it; those starting with no IT background should extend Domain 3 by an additional week.
For detailed, topic-level study guidance on each domain individually, see the dedicated guides for Domain 2: Security and Compliance and Domain 3: Cloud Technology and Services - the two domains that carry the most weight on your score.
Frequently Asked Questions
AWS does not publish a direct raw-score equivalent for the 700/1000 passing threshold because of scaled scoring. A practical target is answering approximately 70% or more of scored questions correctly. Remember, only 50 of the 65 questions are scored - 15 are unscored and do not affect your result.
You must wait 14 days before retaking the exam. There is no limit on the number of retake attempts, and each retake requires paying the $100 USD exam fee again. AWS will provide a score report identifying your performance by domain, which helps you target your review before the next attempt.
Difficulty comparisons are subjective, but the CLF-C02 is broadly considered comparable in difficulty to other vendor-specific entry-level certifications. Its primary challenge is breadth - the number of AWS services and concepts covered across four domains - rather than technical depth. Candidates with prior cloud familiarity generally find it more approachable than those starting from scratch.
Most candidates report Domain 3 (Cloud Technology and Services, 34%) as the most demanding because of the sheer number of AWS services it covers. Domain 2 (Security and Compliance, 30%) is a close second, particularly for those unfamiliar with the shared responsibility model and AWS-specific security services. These two domains combined account for 64% of your score, making them the primary focus of any effective preparation plan.
Yes. AWS explicitly states that hands-on AWS experience is not required - the exam targets candidates who may have up to six months of AWS Cloud exposure, but this is not a prerequisite. Candidates without any cloud background consistently pass the exam with structured study. The key difference is that they typically need more dedicated preparation time to build familiarity with AWS service naming and cloud concepts from the ground up.