This free AWS Cloud Practitioner Security and Compliance practice test covers AWS security and compliance — the shared responsibility model, IAM (users, groups, roles, policies, MFA), security services (Shield, WAF, GuardDuty, Inspector, Macie, KMS), compliance programs and AWS Artifact, and encryption at rest and in transit. Each question includes a detailed explanation with AWS service context — perfect for CLF-C02 exam prep.
Which AWS service is primarily used to manage user access and permissions securely?
Correct answer: B
Explanation: AWS Identity and Access Management (IAM) is the service used to securely manage user access and permissions to AWS services and resources. It allows you to create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
What is the shared responsibility model in AWS?
Correct answer: C
Explanation: In the AWS shared responsibility model, AWS is responsible for the security 'of' the cloud, meaning the infrastructure that runs all of the services offered in the AWS Cloud. The customer is responsible for security 'in' the cloud, which includes managing data, classifying assets, and using IAM tools to apply permissions.
Which AWS service provides a virtual firewall to control inbound and outbound traffic to your instances?
Correct answer: D
Explanation: Security Groups act as a virtual firewall for your EC2 instances to control inbound and outbound traffic. They are used to specify the protocols, ports, and source/destination IP ranges that are allowed to reach your instances.
What is the primary purpose of AWS Key Management Service (KMS)?
Correct answer: B
Explanation: AWS Key Management Service (KMS) is a managed service that makes it easy to create and control the encryption keys used to encrypt your data. KMS is integrated with other AWS services to help you protect the data you store in these services.
Which AWS service can be used to automatically assess applications for vulnerabilities?
Correct answer: A
Explanation: Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It automatically assesses applications for vulnerabilities or deviations from best practices.
Which AWS service helps you manage compliance by providing a dashboard of your AWS resources' compliance status?
Correct answer: B
Explanation: AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
Which of the following is a best practice for securing your AWS root account?
Correct answer: B
Explanation: Enabling multi-factor authentication (MFA) on the root account adds an extra layer of security by requiring a second form of verification, which helps protect against unauthorized access.
Which AWS service provides a global content delivery network (CDN) to improve the performance of your web applications?
Correct answer: A
Explanation: AWS CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds.
What is AWS Artifact used for?
Correct answer: B
Explanation: AWS Artifact provides on-demand access to AWS’s security and compliance reports and select online agreements. It is a central resource for compliance-related information.
Which AWS service provides DDoS protection for your applications?
Correct answer: A
Explanation: AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides always-on detection and automatic inline mitigations that minimize application downtime and latency.
CLF-C02 Security and Compliance covers AWS security and compliance — the shared responsibility model, IAM (users, groups, roles, policies, MFA), security services (Shield, WAF, GuardDuty, Inspector, Macie, KMS), compliance programs and AWS Artifact, and encryption at rest and in transit. Expect scenario-based multiple-choice and multiple-response questions covering AWS Shared Responsibility Model, IAM (Users, Groups, Roles, Policies, MFA), Security Services (Shield, WAF, GuardDuty, Inspector, Macie, KMS), Compliance Programs & AWS Artifact, Encryption at Rest & in Transit, Data Protection.
This free practice set includes 10 CLF-C02 Security and Compliance questions with detailed explanations. Premium members get unlimited access to the full AWS Cloud Practitioner question bank with 600+ questions across all 4 domains.
Security and Compliance accounts for approximately 30% of the AWS Certified Cloud Practitioner exam content.
The AWS Certified Cloud Practitioner (CLF-C02) exam has 65 questions (50 scored plus 15 unscored), with a 90-minute time limit and a passing score of 700 out of 1000.
Most candidates pass CLF-C02 in 2 to 4 weeks of focused study. Use these free Security and Compliance questions alongside the other domain tests and the AWS Skill Builder Cloud Practitioner Essentials course.
Yes. The practice test is completely free with no signup required. You get instant scoring and detailed explanations for every question.
Start the free AWS Cloud Practitioner Security and Compliance practice test now | 10-question quick start | All AWS CCP domains | AWS Cloud Practitioner Cheat Sheet