Cloud Practitioner Exam Prep Free practice test →

Free Cloud Practitioner Practice Questions

10 free, exam-style AWS Certified Cloud Practitioner (Cloud Practitioner) practice questions with answers and explanations. No signup required. Work through them below, then take the full free Cloud Practitioner practice test to study every exam domain.

The Cloud Practitioner exam has 65 questions and runs 1 hour 30 minutes.

These 10 free Cloud Practitioner questions are organized by exam domain, so you can see how each part of the AWS Certified Cloud Practitioner blueprint is tested. Reveal the answer and explanation under each question.

Domain 1: Cloud Concepts 24% of exam

Question 1

A company is moving from its own data center to AWS and wants to stop paying large up-front costs for servers it may not fully use. Which benefit of cloud computing does this BEST describe?

  1. Going global in minutes
  2. Trading capital expense for variable expense
  3. Eliminating the need for data backups
  4. Removing all responsibility for security
Show answer & explanation

Correct answer: B - Trading capital expense for variable expense

Question 2

An application's traffic rises sharply during the day and drops to almost nothing overnight. The company wants its compute capacity to automatically grow and shrink to match this demand. Which cloud characteristic does this describe?

  1. High availability
  2. Fault tolerance
  3. Elasticity
  4. Agility
Show answer & explanation

Correct answer: C - Elasticity

Question 3

Which pillar of the AWS Well-Architected Framework focuses on the ability of a workload to recover from infrastructure or service disruptions and meet demand?

  1. Operational Excellence
  2. Performance Efficiency
  3. Cost Optimization
  4. Reliability
Show answer & explanation

Correct answer: D - Reliability

Question 4

A company plans to move an application to AWS by lifting and shifting it with no changes to the application code or architecture. Which migration strategy (one of the "7 Rs") does this represent?

  1. Replatforming
  2. Refactoring
  3. Repurchasing
  4. Rehosting
Show answer & explanation

Correct answer: D - Rehosting

Question 5

Which perspective of the AWS Cloud Adoption Framework (AWS CAF) is MOST concerned with staffing, training, organizational culture, and change management?

  1. People
  2. Platform
  3. Operations
  4. Governance
Show answer & explanation

Correct answer: A - People

Domain 2: Security and Compliance 30% of exam

Question 6

Under the AWS Shared Responsibility Model, which of the following is ALWAYS the customer's responsibility, regardless of which AWS service is used?

  1. Maintaining the physical security of data centers
  2. Patching the hypervisor on the underlying hosts
  3. Managing customer data and who has access to it
  4. Repairing failed hardware in the AWS Region
Show answer & explanation

Correct answer: C - Managing customer data and who has access to it

Question 7

An application running on an Amazon EC2 instance needs to read files from an Amazon S3 bucket. What is the MOST secure way to grant this access?

  1. Store the AWS account root user credentials on the instance
  2. Hard-code an IAM user's access keys into the application
  3. Make the S3 bucket publicly accessible to everyone
  4. Attach an IAM role with S3 read permissions to the instance
Show answer & explanation

Correct answer: D - Attach an IAM role with S3 read permissions to the instance

Question 8

A security team needs to know exactly which user made the API call that terminated an Amazon EC2 instance, and when it happened. Which AWS service provides this record of account activity?

  1. Amazon CloudWatch
  2. AWS CloudTrail
  3. AWS Config
  4. Amazon GuardDuty
Show answer & explanation

Correct answer: B - AWS CloudTrail

Question 9

A company wants a service that uses machine learning to automatically discover, classify, and protect sensitive data such as personally identifiable information (PII) stored in Amazon S3. Which service should it use?

  1. Amazon Inspector
  2. Amazon Macie
  3. Amazon GuardDuty
  4. AWS Shield
Show answer & explanation

Correct answer: B - Amazon Macie

Question 10

Which statement correctly describes a difference between a security group and a network ACL in an Amazon VPC?

  1. A security group is stateful, while a network ACL is stateless
  2. A security group operates at the subnet level, while a network ACL operates at the instance level
  3. A security group supports both allow and deny rules, while a network ACL supports only allow rules
  4. A security group is free, while a network ACL incurs an additional hourly charge
Show answer & explanation

Correct answer: A - A security group is stateful, while a network ACL is stateless

The rest of the Cloud Practitioner blueprint

The Cloud Practitioner exam also covers these domains. Drill them in the full free practice test:

Ready for the real thing?

Practice hundreds more Cloud Practitioner questions with instant scoring, weak-area drills, and full exam simulations.

Start the free practice test See pricing