Unit 2 - Practice Quiz

INT364 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 What is the maximum allowable CIDR block size for an Amazon VPC?

A. /8
B. /24
C. /16
D. /28

2 Which component is strictly required to make a subnet 'public' in an Amazon VPC?

A. VPC Peering Connection
B. NAT Gateway
C. Virtual Private Gateway
D. Internet Gateway (IGW)

3 In AWS networking, what is the scope of a VPC Security Group?

A. Instance (Network Interface) level
B. Region level
C. VPC level
D. Subnet level

4 Which of the following statements regarding Network Access Control Lists (NACLs) is TRUE?

A. They operate at the instance level.
B. They support allow rules only.
C. They represent a stateless firewall at the subnet level.
D. They are stateful.

5 You have a private subnet that needs to download software patches from the internet but should not accept incoming connection requests. Which component should you use?

A. Internet Gateway
B. NAT Gateway
C. Egress-Only Internet Gateway
D. Direct Connect

6 What is the primary constraint regarding VPC Peering and transitive routing?

A. Transitive routing is not supported.
B. Transitive routing works only with IPv6.
C. Transitive routing works only if both VPCs are in the same region.
D. Transitive routing is supported by default.

7 Which AWS service allows you to connect multiple VPCs and on-premises networks through a central hub, simplifying network topology?

A. VPC Peering
B. AWS Transit Gateway
C. AWS VPN CloudHub
D. AWS Direct Connect

8 Which type of VPC Endpoint uses AWS PrivateLink to connect securely to services like Amazon EC2 API, Kinesis, or ELB?

A. Gateway Endpoint
B. VPN Endpoint
C. Interface Endpoint
D. Routing Endpoint

9 Gateway Endpoints currently support which two specific AWS services?

A. Amazon EC2 and Amazon S3
B. Amazon SNS and Amazon SQS
C. Amazon RDS and Amazon DynamoDB
D. Amazon S3 and Amazon DynamoDB

10 What is the relationship between a Subnet and an Availability Zone (AZ)?

A. An AZ can only contain one subnet.
B. A subnet can span multiple AZs.
C. A subnet must reside entirely within one AZ.
D. Subnets are region-wide resources.

11 When configuring a Site-to-Site VPN, which component is deployed on the AWS side of the connection?

A. Customer Gateway
B. Internet Gateway
C. NAT Instance
D. Virtual Private Gateway (VGW)

12 What is a primary benefit of using AWS Direct Connect over a Site-to-Site VPN?

A. Direct Connect uses the public internet for transmission.
B. Direct Connect provides consistent network performance and low latency via a dedicated private connection.
C. Direct Connect is always cheaper for low data volumes.
D. Direct Connect does not require any physical infrastructure.

13 Which tool would you use to capture information about the IP traffic going to and from network interfaces in your VPC?

A. AWS Config
B. VPC Flow Logs
C. Amazon CloudWatch Metrics
D. AWS CloudTrail

14 You need to prevent a specific IP address from accessing your subnet. Which security layer should you use?

A. Route Table
B. Security Group
C. Network Access Control List (NACL)
D. Internet Gateway

15 If a Security Group has no outbound rules defined, what is the default behavior?

A. All outbound traffic is allowed.
B. Only SSH outbound traffic is allowed.
C. Only HTTP outbound traffic is allowed.
D. All outbound traffic is denied.

16 How does AWS ensure high availability for a NAT Gateway?

A. It automatically spans multiple AZs.
B. It must be manually configured in a cluster.
C. It uses a floating IP across regions.
D. It is created in a specific AZ; for high availability, you must create a NAT Gateway in each AZ.

17 Which VPC feature allows you to copy network traffic from an elastic network interface to a target for deep packet inspection?

A. VPC Peering
B. VPC Flow Logs
C. Traffic Mirroring
D. AWS Inspector

18 What happens if you attempt to peer two VPCs that have overlapping CIDR blocks?

A. The peering connection creation fails.
B. The peering connection automatically resolves the overlap using NAT.
C. Only the non-overlapping subnets can communicate.
D. One VPC effectively overwrites the other.

19 Which component represents the customer side of a Site-to-Site VPN connection in AWS configuration?

A. Internet Gateway
B. Customer Gateway
C. Virtual Private Gateway
D. Transit Gateway

20 In a default NACL, what is the default rule behavior?

A. Deny all inbound and outbound traffic.
B. Allow all inbound and outbound traffic.
C. Allow inbound, deny outbound.
D. Deny inbound, allow outbound.

21 How are rules evaluated in a Network ACL?

A. By rule number, from lowest to highest, stopping at the first match.
B. By rule number, from highest to lowest.
C. Alphabetically by rule description.
D. All rules are evaluated simultaneously.

22 What is required to allow instances in a private subnet to access S3 without traffic traversing the public internet?

A. Internet Gateway
B. VPC Endpoint (Gateway or Interface)
C. VPN Connection
D. NAT Gateway

23 Which of the following is a valid destination in a Route Table?

A. Specific Security Group ID
B. S3 Bucket Name
C. Peering Connection ID (pcx-xxxxx)
D. IAM Role ARN

24 When using AWS Direct Connect, what logical component allows you to access VPCs in multiple regions from a single Direct Connect connection?

A. Virtual Private Gateway
B. Public VIF
C. Direct Connect Gateway
D. Private VIF

25 Which Well-Architected Framework pillar emphasizes the use of multiple Availability Zones to withstand failures?

A. Performance Efficiency
B. Security
C. Cost Optimization
D. Reliability

26 How many IP addresses does AWS reserve in every subnet for internal networking purposes?

A. 5
B. 1
C. 2
D. 3

27 You have a stateful firewall requirement for your EC2 instances. Which feature provides this?

A. Security Groups
B. Route Tables
C. Network ACLs
D. Flow Logs

28 Can a single VPC Peering connection connect three VPCs (A, B, and C) simultaneously?

A. Yes, if they are in the same region.
B. Yes, if Transit Gateway is used.
C. No, peering is a one-to-one connection between two specific VPCs.
D. Yes, peering is a multi-party protocol.

29 Which networking feature enables IPv6 traffic from a private subnet to the internet but prevents internet initiation of connections?

A. Private Link
B. NAT Gateway
C. Egress-Only Internet Gateway
D. Internet Gateway

30 What is the primary function of a Route Table?

A. It acts as a firewall.
B. It contains a set of rules, called routes, that determine where network traffic is directed.
C. It assigns IP addresses to instances.
D. It encrypts traffic between subnets.

31 If you need to connect 100 VPCs in a full mesh topology, which solution offers the easiest management?

A. AWS Transit Gateway
B. VPN CloudHub
C. VPC Peering
D. Public Internet Routing

32 What is the default limit for the number of Security Groups per VPC?

A. 500
B. 50
C. 100
D. Unlimited

33 When configuring a security group rule, what can be specified as the source?

A. MAC Address
B. AMI ID
C. DNS Name
D. CIDR block or another Security Group ID

34 Which VPN option allows for a redundant connection using the BGP protocol for dynamic routing?

A. Dynamic Site-to-Site VPN
B. AWS Client VPN
C. Static Site-to-Site VPN
D. SSL VPN

35 To use a NAT Gateway, in which type of subnet must it be deployed?

A. VPN Subnet
B. Private Subnet
C. Isolated Subnet
D. Public Subnet

36 What happens to the Elastic IP (EIP) associated with a NAT Gateway if the gateway is deleted?

A. The EIP is transferred to the default VPC.
B. The EIP is blocked for 24 hours.
C. The EIP remains allocated to your account but disassociated.
D. The EIP is deleted automatically.

37 Which Direct Connect component is a logical interface used to access public AWS services (like S3) without using the internet?

A. Private Virtual Interface (VIF)
B. Cross Connect
C. Transit Virtual Interface (VIF)
D. Public Virtual Interface (VIF)

38 Which of the following creates a VPN connection between remote users (laptops/phones) and an AWS VPC?

A. AWS Site-to-Site VPN
B. AWS Client VPN
C. AWS Direct Connect
D. AWS Transit Gateway

39 In a VPC, does a custom Route Table come with any routes by default?

A. Yes, a route to the NAT Gateway.
B. Yes, a route to the Internet Gateway.
C. No, it is empty.
D. Yes, a local route for communication within the VPC.

40 Which tool in the AWS Network Manager helps you identify unintended network access to your resources?

A. Route Analyzer
B. VPC Reachability Analyzer
C. Network Access Analyzer
D. Traffic Mirroring

41 If you need to increase bandwidth for Direct Connect, what feature allows you to bundle multiple connections?

A. Elastic Network Adapter (ENA)
B. Link Aggregation Group (LAG)
C. Transit Gateway
D. VPC Peering

42 What is the 'Implicit Deny' rule in Security Groups?

A. If there is no rule explicitly allowing traffic, it is denied.
B. It blocks traffic from the root account.
C. It explicitly lists blocked IPs.
D. It blocks all internal VPC traffic.

43 Which DNS setting must be enabled in the VPC for Interface Endpoints to work via private DNS names?

A. ClassicLink DNS
B. DHCP Options Set
C. Route Propagation
D. DNS Resolution and DNS Hostnames

44 Can a subnet function as both Public and Private simultaneously?

A. No, but it can be in two Availability Zones.
B. Yes, if it has two route tables.
C. Yes, if it uses IPv6.
D. No, routing is determined by the single route table associated with the subnet.

45 Which architecture pattern involves a central VPC containing shared services (logging, security tools) that other VPCs peer with?

A. Full Mesh
B. Hub and Spoke
C. Isolated Model
D. Daisy Chain

46 When troubleshooting connectivity using VPC Flow Logs, what does a status of 'SKIPDATA' indicate?

A. Traffic was denied.
B. The log format is invalid.
C. Some flow log records were skipped during the capture window.
D. Traffic was allowed.

47 What is the maximum transmission unit (MTU) supported by Jumbo Frames within a VPC?

A. 9001 bytes
B. 65535 bytes
C. 1500 bytes
D. 4096 bytes

48 Which feature enables you to route traffic between your VPC and your on-premises network over a Direct Connect connection using private IP addresses?

A. Public VIF
B. NAT Gateway
C. Internet Gateway
D. Private VIF

49 For a Well-Architected network, how should you handle administrative access to EC2 instances?

A. Open port 22/3389 to 0.0.0.0/0.
B. Use unencrypted Telnet.
C. Connect via the physical console.
D. Use a Bastion Host or AWS Systems Manager Session Manager.

50 What allows a VPC to connect to services hosted by another AWS account (SaaS) securely within the AWS network?

A. VPN Peering
B. Internet Gateway
C. ClassicLink
D. AWS PrivateLink