Practice Test

True or False: VPC stands for Versatile Protocol Configuration.

  • True
  • False

Answer: False

Explanation: VPC stands for Virtual Private Cloud. It’s an isolated section of the AWS Cloud dedicated to your AWS resources.

Multiple select: Which of the following are components of the VPC configurations?

  • a) Subnets
  • b) Route tables
  • c) Network ACLs
  • d) Security groups
  • e) Storage classes

Answer: a, b, c, d

Explanation: Subnets, route tables, network ACLs and security groups are all components of VPC configurations. Storage classes are related to S3, not VPC.

Single select: ________ allows you to control inbound and outbound traffic for your instances.

  • a) Subnets
  • b) Route tables
  • c) Network ACLs
  • d) Security groups

Answer: d) Security groups

Explanation: Security groups in a VPC enable you to specify both inbound and outbound network traffic that is allowed to reach the instances that are associated with the security group.

True or False: You cannot create a subnet without a route table.

  • True
  • False

Answer: False

Explanation: Every subnet must be associated with a route table, which controls the traffic from and to the subnet. By default, a main route table is created and associated to the new subnet.

Multiple select: Which are the uses of Network ACLs in AWS?

  • a) To manage traffic to specific instances
  • b) To act as a stateful firewall
  • c) To control inbound and outbound traffic at subnet level
  • d) To separate one VPC from another VPC

Answer: c) To control inbound and outbound traffic at subnet level, d) To separate one VPC from another VPC

Explanation: Network ACLs in AWS are used for controlling both inbound and outbound traffic at the subnet level and to isolate traffic between VPCs. They do not manage traffic to specific instances or act as a stateful firewall.

Single select: Which of the following is a logical partition of an IP network in a VPC?

  • a) Route Table
  • b) Subnet
  • c) Security Group
  • d) Network ACL

Answer: b) Subnet

Explanation: A subnet is a logical partition of an IP network into multiple, smaller network segments in a VPC.

True or False: You can have multiple route tables in a VPC.

  • True
  • False

Answer: True

Explanation: VPCs can have multiple route tables which allow different subnets to direct traffic to different places; however, each subnet must be associated with a route table.

Multiple select: Which of the following statements are true about security groups in a VPC?

  • a) Security groups are stateless.
  • b) Security groups control inbound and outbound traffic for instances.
  • c) All rules are evaluated before deciding whether to allow traffic.
  • d) You can associate a security group with multiple instances.

Answer: b) Security groups control inbound and outbound traffic for instances, c) All rules are evaluated before deciding whether to allow traffic, d) You can associate a security group with multiple instances.

Explanation: Security groups are stateful, unlike network ACLs which are stateless.

Single select: In AWS, what is the highest level of isolation you can have within a single region?

  • a) A subnet
  • b) A VPC
  • c) A region
  • d) A security group

Answer: b) A VPC

Explanation: A VPC provides the highest level of isolation as it houses AWS resources in a virtual network that you define, inside a single region.

True or False: You can change the main route table to a custom route table in your VPC.

  • True
  • False

Answer: True

Explanation: You can replace the main route table with a custom table in your VPC, to control the traffic routing for all subnets that don’t have an explicit association with a route table.

Multiple select: Which of the following can you do with a subnet in a VPC?

  • a) You can create a subnet with CIDR block that is a subset of the VPC CIDR block.
  • b) You can increase the size of a subnet after it’s created.
  • c) You can add or remove CIDR blocks from a subnet after it’s created.
  • d) You can assign security groups to a subnet.

Answer: a) You can create a subnet with CIDR block that is a subset of the VPC CIDR block, d) You can assign security groups to a subnet.

Explanation: Once a subnet is created, its CIDR block can’t be modified, and you can’t increase its size. However, you can assign security groups to it.

Single select: Which of the following is a stateful firewall at the instance level in a VPC?

  • a) Network ACL
  • b) Security Group
  • c) AWS Shield
  • d) Route Table

Answer: b) Security Group

Explanation: A security group acts as a stateful firewall at the instance level, and it’s associated with EC2 instances to control traffic to the instances.

True or False: Network ACLs in a VPC operate at the subnet level.

  • True
  • False

Answer: True

Explanation: Network ACLs in a VPC operate at the subnet level providing another layer of security, whereas security groups operate at the instance level.

Multiple select: Which of the following rules can be added to a security group?

  • a) Allow inbound traffic from a specific IP address
  • b) Allow outbound traffic to a specific IP address
  • c) Block specific IP address
  • d) Limit the number of connections to an instance

Answer: a) Allow inbound traffic from a specific IP address, b) Allow outbound traffic to a specific IP address.

Explanation: Security groups are stateful and allow only ‘allow’ rules to enable inbound and outbound traffic. There are no ‘deny’ rules or rules to limit the number of connections in a security group.

Single select: Which of the following AWS services allows you to create and manage a virtual private network?

  • a) AWS Direct Connect
  • b) AWS Transit Gateway
  • c) Amazon VPC
  • d) AWS VPN

Answer: c) Amazon VPC

Explanation: Amazon VPC enables you to launch AWS resources into a virtual network that you’ve defined, providing complete control over your virtual networking environment.

Interview Questions

What is a subnet in Amazon VPC?

A subnet is a range of IP addresses in your VPC. You can launch Amazon Elastic Compute Cloud (Amazon EC2) instances into a selected subnet.

What is the primary function of a route table in AWS VPC?

The route table contains a set of rules (routes) that are used to determine where network traffic is directed. Each subnet in your VPC must be associated with a route table.

How do network ACLs operate in AWS VPC?

Network Access Control Lists (ACLs) provide a rule-based tool for controlling inbound and outbound traffic at the subnet level.

What is the main purpose of security groups in Amazon VPC?

A security group acts as a virtual firewall for your EC2 instances to control inbound and outbound traffic.

Can a subnet span across availability zones in AWS VPC?

No, a subnet resides entirely within one Availability Zone.

Can you associate multiple route tables with a single subnet?

No, you can only associate one route table with a subnet, but you can associate multiple subnets with a single route table.

How do network ACLs and Security Groups differ in Amazon VPC?

Security groups operate at the instance level while network ACLs operate at the subnet level. Also, security groups support allow rules only, while network ACLs support both allow and deny rules.

Can you modify the main route table in AWS VPC?

Yes, you can modify the main route table, but you typically use a custom route table for your traffic.

Are rules in Security Groups stateful or stateless?

Security Group rules are stateful. This means if you send a request from your instance, the response traffic for that request is automatically allowed to flow in regardless of inbound security group rules.

Can you block specific IP addresses from accessing your instances using Security Groups?

No, Security groups are stateful and can only allow traffic, you cannot deny traffic. To deny traffic, you need to use Network ACLs which are stateless and support both allow and deny rules.

Is it possible to change the VPC for an existing EC2 instance?

No, once an EC2 instance is launched in a VPC, its VPC can’t be changed.

What happens when a VPC is deleted?

When a VPC is deleted, all the resources inside it like instances, databases, and security groups are also deleted.

Can you filter traffic between instances in the same subnet using Network ACLs?

No, traffic between instances in the same subnet does not traverse the network ACLs.

Can a Network ACL rule deny all traffic by default?

Yes, by default a network ACL denies all inbound and outbound traffic until you add rules that allow traffic.

How many default VPCs can you have in each AWS region?

You can have one default VPC in each AWS region.

Leave a Reply

Your email address will not be published. Required fields are marked *