Domain 2 · 30% of Exam

Security and Compliance

Domain 2 covers shared responsibility, AWS security and compliance concepts, identity and access management, and common security services.

About This Domain

Domain 2 — Security and Compliance — accounts for 30% of the CLF-C02 certification exam. This domain evaluates your understanding of aws shared responsibility model and how it changes by service type, iam users, groups, roles, policies, mfa, root account protection, and least privilege, security and compliance services such as aws artifact, kms, shield, waf, guardduty, inspector, macie, and security hub, and related concepts. Domain 2 covers shared responsibility, AWS security and compliance concepts, identity and access management, and common security services. To pass this section you need practical knowledge of how these services and patterns work together in real-world architectures.

What You'll Be Tested On

  • AWS shared responsibility model and how it changes by service type
  • IAM users, groups, roles, policies, MFA, root account protection, and least privilege
  • Security and compliance services such as AWS Artifact, KMS, Shield, WAF, GuardDuty, Inspector, Macie, and Security Hub
  • Account governance with AWS Organizations, service control policies, and identity federation
  • Audit and monitoring concepts with CloudTrail, CloudWatch, and AWS Config

Key AWS Services in This Domain

🤝Shared Responsibility🔐IAM🛡️Security & Compliance🔍CloudTrail🏢Organizations

Study Strategy for Domain 2

At 30% of the exam, this is the highest-weighted domain — invest proportionally more study time here. Focus on hands-on labs and scenario-based questions. Aim to answer at least 80% of Domain 2 questions correctly in practice tests before sitting the real exam.

Exam Tips for Domain 2

💡

For foundational security questions, first decide whether the responsibility belongs to AWS or the customer.

💡

Root user security is a favorite exam theme: enable MFA and avoid daily use.

💡

Remember that IAM is global and security groups are stateful.

💡

AWS Artifact is for compliance reports and agreements, not runtime threat detection.

Frequently Asked Questions

How many questions on the CLF-C02 exam come from Domain 2?

Domain 2 (Security and Compliance) makes up 30% of the CLF-C02 exam. The exam has 65 scored questions, so approximately 20 questions will come from this domain.

What services should I focus on for Domain 2?

The key services for this domain include Shared Responsibility, IAM, Security & Compliance, CloudTrail, Organizations. Make sure you understand how each service works, its use cases, and how they integrate with one another.

How should I prepare for Security and Compliance questions?

Start by reviewing the key topics listed above, then practice with domain-specific questions. Focus on understanding real-world scenarios rather than memorizing facts. Use our practice quizzes to test your knowledge and review explanations for any questions you get wrong.

What's the best order to study the CLF-C02 domains?

Many candidates start with the highest-weighted domains first. For the CLF-C02 exam, the domains in order of weight are: Cloud Concepts (24%), Security and Compliance (30%), Cloud Technology and Services (34%), Billing, Pricing, and Support (12%). However, start with whichever domain aligns best with your existing experience.

Practice Domain 2 Questions

Test your knowledge of Security and Compliance with practice questions from our CLF-C02 question bank.

Start Practice Quiz →

Other CLF-C02 Domains

Domain 1Cloud Concepts24%Domain 3Cloud Technology and Services34%Domain 4Billing, Pricing, and Support12%
← CLF-C02 Study HubFree Mock Exam30-Day Study Plan