AWS VPC UPDATED ACTUAL Questions
and CORRECT Answers
What is the difference between a public and private subnet? - CORRECT ANSWER✔✔- If a
subnet is associated with a route table that has a route to an internet gateway, it's known as a
public subnet. If a subnet is associated with a route table that does not have a route to an
internet gateway, it's known as a private subnet.
What is a VPC ? - CORRECT ANSWER✔✔- A virtual network dedicated to your AWS
account.
This lets you provision a logically isolated section of the AWS Cloud where you can launch
AWS resources in a virtual network that you define. You have complete control over your
virtual networking environment, including a selection of your own IP address range, creation
of subsets, and configuration of route tables and network gateways.
What does VPC stand for? - CORRECT ANSWER✔✔- Virtual Private Cloud
What are the different components of a VPC? - CORRECT ANSWER✔✔- VPC consist of
IGWS (virtual private gateways), Route Tables, Network Access Control Lists, Subnets, and
Security Groups
What's the ratio of subnets to availability zones - CORRECT ANSWER✔✔- It's one to one
1 subnet = 1 AZ
Are Security groups statful or stateless? - CORRECT ANSWER✔✔- Stateful, this means
you can only add allow rules (not deny)
Are Network Access Control Lists statful or stateless? - CORRECT ANSWER✔✔-
Stateless, this means you can add deny rules as well as allow rules.
Is peering transitive in VPCs? - CORRECT ANSWER✔✔- No, there is no transitive
peering. You must create a peering connection between VPCs if you want them to interact.
, When you create a VPC, what is created by default? - CORRECT ANSWER✔✔- A default
Route Table, Network Access Control List (NACL) and a default Security Group
When you create a VPC are subnets or internet gateways created? - CORRECT
ANSWER✔✔- No, when you create a VPC a default internet gateway and subnet is not
created
Are AZ's randomized by account? - CORRECT ANSWER✔✔- Yes, US-East-1A in your
AWS account can be a completely different availability zone to US-East-1A in another AWS
account
How many IP addresses does Amazon reserve by default within your subnet? - CORRECT
ANSWER✔✔- 5
How many internet gateways can you have per VPC? - CORRECT ANSWER✔✔- 1
Can security groups span VPCs? - CORRECT ANSWER✔✔- No, security groups cannot
span VPCs
What is a NAT Instance? - CORRECT ANSWER✔✔- A NAT instance is an EC2 instance
that allows private instances to access the internet. These are out of date and likely shouldn't
be used because they are a single source of failure and do not scale well.
NAT Instance Tips - CORRECT ANSWER✔✔- When creating a NAT instance, disable
source/destination check on the instance
NAT instances must be in a public subnet
There must be a route out of the private subnet to the NAT instance, in order for this to work
The amount of traffic that NAT instances can support depends on the instance size. If you are
bottle-necking, increase the instance size.
Must be behind a security group
You can create high availability using Autoscaling Groups, multiple subnets in different AZs,
and a script to automate failover...but it's not easy
and CORRECT Answers
What is the difference between a public and private subnet? - CORRECT ANSWER✔✔- If a
subnet is associated with a route table that has a route to an internet gateway, it's known as a
public subnet. If a subnet is associated with a route table that does not have a route to an
internet gateway, it's known as a private subnet.
What is a VPC ? - CORRECT ANSWER✔✔- A virtual network dedicated to your AWS
account.
This lets you provision a logically isolated section of the AWS Cloud where you can launch
AWS resources in a virtual network that you define. You have complete control over your
virtual networking environment, including a selection of your own IP address range, creation
of subsets, and configuration of route tables and network gateways.
What does VPC stand for? - CORRECT ANSWER✔✔- Virtual Private Cloud
What are the different components of a VPC? - CORRECT ANSWER✔✔- VPC consist of
IGWS (virtual private gateways), Route Tables, Network Access Control Lists, Subnets, and
Security Groups
What's the ratio of subnets to availability zones - CORRECT ANSWER✔✔- It's one to one
1 subnet = 1 AZ
Are Security groups statful or stateless? - CORRECT ANSWER✔✔- Stateful, this means
you can only add allow rules (not deny)
Are Network Access Control Lists statful or stateless? - CORRECT ANSWER✔✔-
Stateless, this means you can add deny rules as well as allow rules.
Is peering transitive in VPCs? - CORRECT ANSWER✔✔- No, there is no transitive
peering. You must create a peering connection between VPCs if you want them to interact.
, When you create a VPC, what is created by default? - CORRECT ANSWER✔✔- A default
Route Table, Network Access Control List (NACL) and a default Security Group
When you create a VPC are subnets or internet gateways created? - CORRECT
ANSWER✔✔- No, when you create a VPC a default internet gateway and subnet is not
created
Are AZ's randomized by account? - CORRECT ANSWER✔✔- Yes, US-East-1A in your
AWS account can be a completely different availability zone to US-East-1A in another AWS
account
How many IP addresses does Amazon reserve by default within your subnet? - CORRECT
ANSWER✔✔- 5
How many internet gateways can you have per VPC? - CORRECT ANSWER✔✔- 1
Can security groups span VPCs? - CORRECT ANSWER✔✔- No, security groups cannot
span VPCs
What is a NAT Instance? - CORRECT ANSWER✔✔- A NAT instance is an EC2 instance
that allows private instances to access the internet. These are out of date and likely shouldn't
be used because they are a single source of failure and do not scale well.
NAT Instance Tips - CORRECT ANSWER✔✔- When creating a NAT instance, disable
source/destination check on the instance
NAT instances must be in a public subnet
There must be a route out of the private subnet to the NAT instance, in order for this to work
The amount of traffic that NAT instances can support depends on the instance size. If you are
bottle-necking, increase the instance size.
Must be behind a security group
You can create high availability using Autoscaling Groups, multiple subnets in different AZs,
and a script to automate failover...but it's not easy
