Domain 2 · 30% of Exam

Security and Compliance

Domain 2 covers shared responsibility, AWS security and compliance concepts, identity and access management, and common security services.

What You'll Be Tested On

  • AWS shared responsibility model and how it changes by service type
  • IAM users, groups, roles, policies, MFA, root account protection, and least privilege
  • Security and compliance services such as AWS Artifact, KMS, Shield, WAF, GuardDuty, Inspector, Macie, and Security Hub
  • Account governance with AWS Organizations, service control policies, and identity federation
  • Audit and monitoring concepts with CloudTrail, CloudWatch, and AWS Config

Key AWS Services in This Domain

🤝Shared Responsibility🔐IAM🛡️Security & Compliance🔍CloudTrail🏢Organizations

Exam Tips for Domain 2

💡

For foundational security questions, first decide whether the responsibility belongs to AWS or the customer.

💡

Root user security is a favorite exam theme: enable MFA and avoid daily use.

💡

Remember that IAM is global and security groups are stateful.

💡

AWS Artifact is for compliance reports and agreements, not runtime threat detection.

Practice Domain 2 Questions

Test your knowledge of Security and Compliance with practice questions from our CLF-C02 question bank.

Start Practice Quiz →

Other CLF-C02 Domains

Domain 1Cloud Concepts24%Domain 3Cloud Technology and Services34%Domain 4Billing, Pricing, and Support12%
← CLF-C02 Study HubFree Mock Exam30-Day Study Plan