Unit 2 - Practice Quiz

INT364 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 What is the maximum allowable CIDR block size for an Amazon VPC?

A. /16
B. /8
C. /24
D. /28

2 Which component is strictly required to make a subnet 'public' in an Amazon VPC?

A. Virtual Private Gateway
B. VPC Peering Connection
C. Internet Gateway (IGW)
D. NAT Gateway

3 In AWS networking, what is the scope of a VPC Security Group?

A. Subnet level
B. VPC level
C. Region level
D. Instance (Network Interface) level

4 Which of the following statements regarding Network Access Control Lists (NACLs) is TRUE?

A. They operate at the instance level.
B. They represent a stateless firewall at the subnet level.
C. They are stateful.
D. They support allow rules only.

5 You have a private subnet that needs to download software patches from the internet but should not accept incoming connection requests. Which component should you use?

A. Internet Gateway
B. Egress-Only Internet Gateway
C. NAT Gateway
D. Direct Connect

6 What is the primary constraint regarding VPC Peering and transitive routing?

A. Transitive routing is not supported.
B. Transitive routing works only if both VPCs are in the same region.
C. Transitive routing is supported by default.
D. Transitive routing works only with IPv6.

7 Which AWS service allows you to connect multiple VPCs and on-premises networks through a central hub, simplifying network topology?

A. VPC Peering
B. AWS VPN CloudHub
C. AWS Transit Gateway
D. AWS Direct Connect

8 Which type of VPC Endpoint uses AWS PrivateLink to connect securely to services like Amazon EC2 API, Kinesis, or ELB?

A. Gateway Endpoint
B. Routing Endpoint
C. Interface Endpoint
D. VPN Endpoint

9 Gateway Endpoints currently support which two specific AWS services?

A. Amazon RDS and Amazon DynamoDB
B. Amazon SNS and Amazon SQS
C. Amazon S3 and Amazon DynamoDB
D. Amazon EC2 and Amazon S3

10 What is the relationship between a Subnet and an Availability Zone (AZ)?

A. Subnets are region-wide resources.
B. An AZ can only contain one subnet.
C. A subnet must reside entirely within one AZ.
D. A subnet can span multiple AZs.

11 When configuring a Site-to-Site VPN, which component is deployed on the AWS side of the connection?

A. Virtual Private Gateway (VGW)
B. NAT Instance
C. Customer Gateway
D. Internet Gateway

12 What is a primary benefit of using AWS Direct Connect over a Site-to-Site VPN?

A. Direct Connect does not require any physical infrastructure.
B. Direct Connect uses the public internet for transmission.
C. Direct Connect provides consistent network performance and low latency via a dedicated private connection.
D. Direct Connect is always cheaper for low data volumes.

13 Which tool would you use to capture information about the IP traffic going to and from network interfaces in your VPC?

A. AWS Config
B. Amazon CloudWatch Metrics
C. AWS CloudTrail
D. VPC Flow Logs

14 You need to prevent a specific IP address from accessing your subnet. Which security layer should you use?

A. Security Group
B. Route Table
C. Network Access Control List (NACL)
D. Internet Gateway

15 If a Security Group has no outbound rules defined, what is the default behavior?

A. All outbound traffic is allowed.
B. Only HTTP outbound traffic is allowed.
C. Only SSH outbound traffic is allowed.
D. All outbound traffic is denied.

16 How does AWS ensure high availability for a NAT Gateway?

A. It automatically spans multiple AZs.
B. It must be manually configured in a cluster.
C. It uses a floating IP across regions.
D. It is created in a specific AZ; for high availability, you must create a NAT Gateway in each AZ.

17 Which VPC feature allows you to copy network traffic from an elastic network interface to a target for deep packet inspection?

A. VPC Flow Logs
B. VPC Peering
C. AWS Inspector
D. Traffic Mirroring

18 What happens if you attempt to peer two VPCs that have overlapping CIDR blocks?

A. Only the non-overlapping subnets can communicate.
B. The peering connection creation fails.
C. One VPC effectively overwrites the other.
D. The peering connection automatically resolves the overlap using NAT.

19 Which component represents the customer side of a Site-to-Site VPN connection in AWS configuration?

A. Internet Gateway
B. Customer Gateway
C. Virtual Private Gateway
D. Transit Gateway

20 In a default NACL, what is the default rule behavior?

A. Deny inbound, allow outbound.
B. Deny all inbound and outbound traffic.
C. Allow inbound, deny outbound.
D. Allow all inbound and outbound traffic.

21 How are rules evaluated in a Network ACL?

A. Alphabetically by rule description.
B. By rule number, from highest to lowest.
C. All rules are evaluated simultaneously.
D. By rule number, from lowest to highest, stopping at the first match.

22 What is required to allow instances in a private subnet to access S3 without traffic traversing the public internet?

A. NAT Gateway
B. VPN Connection
C. VPC Endpoint (Gateway or Interface)
D. Internet Gateway

23 Which of the following is a valid destination in a Route Table?

A. Peering Connection ID (pcx-xxxxx)
B. S3 Bucket Name
C. IAM Role ARN
D. Specific Security Group ID

24 When using AWS Direct Connect, what logical component allows you to access VPCs in multiple regions from a single Direct Connect connection?

A. Public VIF
B. Private VIF
C. Virtual Private Gateway
D. Direct Connect Gateway

25 Which Well-Architected Framework pillar emphasizes the use of multiple Availability Zones to withstand failures?

A. Cost Optimization
B. Performance Efficiency
C. Reliability
D. Security

26 How many IP addresses does AWS reserve in every subnet for internal networking purposes?

A. 2
B. 1
C. 3
D. 5

27 You have a stateful firewall requirement for your EC2 instances. Which feature provides this?

A. Security Groups
B. Network ACLs
C. Flow Logs
D. Route Tables

28 Can a single VPC Peering connection connect three VPCs (A, B, and C) simultaneously?

A. Yes, if Transit Gateway is used.
B. No, peering is a one-to-one connection between two specific VPCs.
C. Yes, if they are in the same region.
D. Yes, peering is a multi-party protocol.

29 Which networking feature enables IPv6 traffic from a private subnet to the internet but prevents internet initiation of connections?

A. Private Link
B. Internet Gateway
C. NAT Gateway
D. Egress-Only Internet Gateway

30 What is the primary function of a Route Table?

A. It contains a set of rules, called routes, that determine where network traffic is directed.
B. It encrypts traffic between subnets.
C. It acts as a firewall.
D. It assigns IP addresses to instances.

31 If you need to connect 100 VPCs in a full mesh topology, which solution offers the easiest management?

A. Public Internet Routing
B. VPC Peering
C. VPN CloudHub
D. AWS Transit Gateway

32 What is the default limit for the number of Security Groups per VPC?

A. Unlimited
B. 50
C. 500
D. 100

33 When configuring a security group rule, what can be specified as the source?

A. DNS Name
B. AMI ID
C. CIDR block or another Security Group ID
D. MAC Address

34 Which VPN option allows for a redundant connection using the BGP protocol for dynamic routing?

A. Static Site-to-Site VPN
B. AWS Client VPN
C. Dynamic Site-to-Site VPN
D. SSL VPN

35 To use a NAT Gateway, in which type of subnet must it be deployed?

A. Public Subnet
B. Private Subnet
C. VPN Subnet
D. Isolated Subnet

36 What happens to the Elastic IP (EIP) associated with a NAT Gateway if the gateway is deleted?

A. The EIP is deleted automatically.
B. The EIP remains allocated to your account but disassociated.
C. The EIP is transferred to the default VPC.
D. The EIP is blocked for 24 hours.

37 Which Direct Connect component is a logical interface used to access public AWS services (like S3) without using the internet?

A. Private Virtual Interface (VIF)
B. Cross Connect
C. Public Virtual Interface (VIF)
D. Transit Virtual Interface (VIF)

38 Which of the following creates a VPN connection between remote users (laptops/phones) and an AWS VPC?

A. AWS Direct Connect
B. AWS Client VPN
C. AWS Site-to-Site VPN
D. AWS Transit Gateway

39 In a VPC, does a custom Route Table come with any routes by default?

A. Yes, a route to the Internet Gateway.
B. No, it is empty.
C. Yes, a route to the NAT Gateway.
D. Yes, a local route for communication within the VPC.

40 Which tool in the AWS Network Manager helps you identify unintended network access to your resources?

A. VPC Reachability Analyzer
B. Traffic Mirroring
C. Route Analyzer
D. Network Access Analyzer

41 If you need to increase bandwidth for Direct Connect, what feature allows you to bundle multiple connections?

A. Transit Gateway
B. VPC Peering
C. Link Aggregation Group (LAG)
D. Elastic Network Adapter (ENA)

42 What is the 'Implicit Deny' rule in Security Groups?

A. It explicitly lists blocked IPs.
B. It blocks traffic from the root account.
C. It blocks all internal VPC traffic.
D. If there is no rule explicitly allowing traffic, it is denied.

43 Which DNS setting must be enabled in the VPC for Interface Endpoints to work via private DNS names?

A. Route Propagation
B. DNS Resolution and DNS Hostnames
C. DHCP Options Set
D. ClassicLink DNS

44 Can a subnet function as both Public and Private simultaneously?

A. Yes, if it has two route tables.
B. No, routing is determined by the single route table associated with the subnet.
C. No, but it can be in two Availability Zones.
D. Yes, if it uses IPv6.

45 Which architecture pattern involves a central VPC containing shared services (logging, security tools) that other VPCs peer with?

A. Full Mesh
B. Isolated Model
C. Daisy Chain
D. Hub and Spoke

46 When troubleshooting connectivity using VPC Flow Logs, what does a status of 'SKIPDATA' indicate?

A. Traffic was denied.
B. The log format is invalid.
C. Traffic was allowed.
D. Some flow log records were skipped during the capture window.

47 What is the maximum transmission unit (MTU) supported by Jumbo Frames within a VPC?

A. 9001 bytes
B. 4096 bytes
C. 1500 bytes
D. 65535 bytes

48 Which feature enables you to route traffic between your VPC and your on-premises network over a Direct Connect connection using private IP addresses?

A. NAT Gateway
B. Internet Gateway
C. Private VIF
D. Public VIF

49 For a Well-Architected network, how should you handle administrative access to EC2 instances?

A. Connect via the physical console.
B. Use unencrypted Telnet.
C. Use a Bastion Host or AWS Systems Manager Session Manager.
D. Open port 22/3389 to 0.0.0.0/0.

50 What allows a VPC to connect to services hosted by another AWS account (SaaS) securely within the AWS network?

A. AWS PrivateLink
B. VPN Peering
C. Internet Gateway
D. ClassicLink