MCQs on EC2 Networking and Security | AWS EC2 MCQs Questions
AWS EC2 is widely used for scalable cloud computing. This collection of AWS EC2 MCQ questions and answers focuses on EC2 networking and security. It covers key topics such as Virtual Private Cloud (VPC), Security Groups, Network ACLs, Elastic IPs, Load Balancing, and EC2 security best practices. Perfect for AWS enthusiasts and those preparing for AWS certifications.
1. Understanding VPCs and Subnets
- What is the primary purpose of a Virtual Private Cloud (VPC)?
a) To store data
b) To manage access to cloud services
c) To create a private network for resources in the cloud
d) To provide direct internet connectivity - What is a subnet in AWS?
a) A virtual firewall for EC2 instances
b) A range of IP addresses within a VPC
c) A container for AWS services
d) A group of EC2 instances - How many subnets can be created within a VPC?
a) 5
b) 20
c) Unlimited
d) 10 - What is the default CIDR block size for a VPC?
a) /16
b) /24
c) /8
d) /32 - Can subnets in a VPC span across multiple Availability Zones?
a) Yes, if configured properly
b) No, subnets are confined to a single AZ
c) Only in the default VPC
d) Only for IPv6 networks
2. Configuring Security Groups and Network ACLs
- What is the main difference between Security Groups and Network ACLs?
a) Security Groups are stateful, Network ACLs are stateless
b) Security Groups are for EC2 instances only, Network ACLs are for VPCs
c) Security Groups are used for routing, Network ACLs for load balancing
d) There is no difference - How do Security Groups handle inbound traffic by default?
a) Allow all traffic
b) Block all inbound traffic
c) Allow only traffic from specific IPs
d) Allow traffic from the internet only - Which of the following is true about Network ACLs?
a) They allow both inbound and outbound rules
b) They apply to individual EC2 instances
c) They are stateful
d) They can only control outbound traffic - Can an EC2 instance belong to multiple Security Groups?
a) Yes, an instance can be associated with up to 5 Security Groups
b) No, only one Security Group can be applied
c) Yes, but only with Network ACLs enabled
d) Yes, but only in a VPC - What does a default Security Group allow?
a) Only outbound traffic
b) Inbound traffic from the internet
c) All inbound and outbound traffic
d) No inbound traffic
3. Elastic IP Addresses
- What is the purpose of an Elastic IP address in AWS?
a) It helps increase the network speed
b) It provides a static public IP address for dynamic cloud computing
c) It is used to connect EC2 instances to the internet
d) It acts as a firewall for EC2 instances - Can Elastic IP addresses be used across different AWS accounts?
a) Yes, they can be shared among accounts
b) No, they are limited to one AWS account
c) Yes, but only within the same region
d) No, Elastic IP addresses are only for private use - What happens to an Elastic IP address when an EC2 instance is stopped and restarted?
a) It is automatically disassociated
b) It is preserved and remains associated with the instance
c) It is released
d) It becomes inactive for 30 minutes - How many Elastic IP addresses can be associated with a single EC2 instance?
a) One
b) Two
c) Three
d) Unlimited - What is the main cost associated with Elastic IP addresses?
a) There is no cost for Elastic IP addresses
b) Charges apply if they are associated with a stopped EC2 instance
c) Charges apply for each EC2 instance associated
d) Charges apply when they are in use during peak hours
4. Elastic Load Balancing (ELB) Basics
- What is the main function of Elastic Load Balancing (ELB)?
a) To scale EC2 instances
b) To distribute incoming traffic across multiple EC2 instances
c) To secure EC2 instances
d) To store web content - What is the difference between Application Load Balancer and Classic Load Balancer?
a) Application Load Balancer supports HTTP/2 and WebSocket
b) Classic Load Balancer supports only HTTPS
c) Application Load Balancer does not support path-based routing
d) Classic Load Balancer is best for microservices - Which load balancer type is best for handling complex routing for microservices?
a) Classic Load Balancer
b) Network Load Balancer
c) Application Load Balancer
d) None of the above - Can Elastic Load Balancers work across multiple Availability Zones?
a) Yes, they automatically distribute traffic across AZs
b) No, they only work in one Availability Zone
c) Only for Network Load Balancers
d) Yes, but manual intervention is required - What protocol does a Network Load Balancer (NLB) primarily support?
a) HTTP
b) HTTPS
c) TCP
d) WebSocket
5. EC2 Instance Security Best Practices
- What is the most important security best practice for EC2 instances?
a) Using the root account for instance management
b) Disabling firewalls for ease of access
c) Enabling multi-factor authentication (MFA) and using IAM roles
d) Using default Security Groups - What is the function of AWS IAM roles for EC2 instances?
a) To manage user access to EC2 instances
b) To securely manage instance permissions for accessing AWS resources
c) To prevent instances from accessing other AWS services
d) To manage instance metadata - Which of the following is a best practice for securing SSH access to EC2 instances?
a) Using a password-based login
b) Disabling key pair authentication
c) Enabling SSH key pairs for access
d) Allowing SSH from any IP address - How can you protect sensitive data in an EC2 instance?
a) Store it in the instance’s local disk
b) Encrypt the data using AWS Key Management Service (KMS)
c) Use unencrypted storage for easier access
d) Disable security groups for open access - Which security practice helps prevent EC2 instances from being accessed via unsecured ports?
a) Using IAM roles
b) Configuring strict Security Group rules
c) Using Elastic IP addresses
d) Enabling multi-zone backups - What should you use to automate EC2 security updates?
a) AWS Auto Scaling
b) EC2 Systems Manager Patch Manager
c) AWS Config
d) Elastic Load Balancer - How should sensitive data be transferred to EC2 instances?
a) Over HTTP
b) Using encrypted communication like HTTPS or SSH
c) Using unencrypted FTP
d) Over open network channels - What is the purpose of EC2 Instance Metadata Service (IMDS)?
a) To store user data
b) To provide information about the instance to applications running on it
c) To manage instance prices
d) To prevent unauthorized access to the instance - What is the role of Amazon CloudWatch in EC2 security?
a) Monitor resource usage and set alarms for abnormal activity
b) Encrypt data stored on EC2 instances
c) Assign IAM roles to EC2 instances
d) Backup EC2 instances - How can you ensure that only specific users have access to EC2 instances?
a) By using Security Groups and IAM policies
b) By disabling public access
c) By using Elastic IP addresses only
d) By using default Security Groups
Answer Table
| Qno | Answer (Option with the text) |
|---|---|
| 1 | c) To create a private network for resources in the cloud |
| 2 | b) A range of IP addresses within a VPC |
| 3 | c) Unlimited |
| 4 | a) /16 |
| 5 | b) No, subnets are confined to a single AZ |
| 6 | a) Security Groups are stateful, Network ACLs are stateless |
| 7 | b) Block all inbound traffic |
| 8 | a) They allow both inbound and outbound rules |
| 9 | a) Yes, an instance can be associated with up to 5 Security Groups |
| 10 | c) All inbound and outbound traffic |
| 11 | b) It provides a static public IP address for dynamic cloud computing |
| 12 | b) No, they are limited to one AWS account |
| 13 | b) It is preserved and remains associated with the instance |
| 14 | a) One |
| 15 | b) Charges apply if they are associated with a stopped EC2 instance |
| 16 | b) To distribute incoming traffic across multiple EC2 instances |
| 17 | a) Application Load Balancer supports HTTP/2 and WebSocket |
| 18 | c) Application Load Balancer |
| 19 | a) Yes, they automatically distribute traffic across AZs |
| 20 | c) TCP |
| 21 | c) Enabling multi-factor authentication (MFA) and using IAM roles |
| 22 | b) To securely manage instance permissions for accessing AWS resources |
| 23 | c) Enabling SSH key pairs for access |
| 24 | b) Encrypt the data using AWS Key Management Service (KMS) |
| 25 | b) Configuring strict Security Group rules |
| 26 | b) EC2 Systems Manager Patch Manager |
| 27 | b) Using encrypted communication like HTTPS or SSH |
| 28 | b) To provide information about the instance to applications running on it |
| 29 | a) Monitor resource usage and set alarms for abnormal activity |
| 30 | a) By using Security Groups and IAM policies |