MCQs on Networking and Connectivity | AWS Amazon VPC Virtual Private Cloud
AWS Amazon Virtual Private Cloud (VPC) offers a secure and customizable network environment for deploying AWS resources. This chapter explores key concepts in networking and connectivity, including Network Access Control Lists (NACLs), Security Groups, inbound/outbound rules, VPNs, and AWS Direct Connect. These topics are essential for mastering secure and efficient AWS VPC configurations.
AWS Amazon VPC MCQs – Networking and Connectivity
Section 1: Network Access Control Lists (NACLs)
- What is the primary function of a Network Access Control List (NACL) in Amazon VPC?
a) Encrypt data in transit
b) Control inbound and outbound traffic at the subnet level
c) Manage DNS records for a VPC
d) Route traffic between availability zones - NACL rules are evaluated in what order?
a) Random order
b) Based on priority numbers
c) In the order they are created
d) Alphabetically - Which rule is automatically included in a newly created NACL?
a) Explicit deny for all traffic
b) Explicit allow for all traffic
c) Deny all inbound and outbound traffic
d) Allow all inbound and outbound traffic - How many NACLs can be associated with a subnet?
a) One
b) Two
c) Three
d) Unlimited - If a rule is not explicitly defined in a NACL, what happens?
a) The traffic is automatically allowed
b) The traffic is automatically denied
c) The rule is inherited from the default NACL
d) The rule is inherited from the security group
Section 2: Security Groups and Inbound/Outbound Rules
- What is the scope of a security group in AWS VPC?
a) Subnet
b) Instance
c) Availability Zone
d) Region - Which statement is true about AWS security groups?
a) They allow stateful filtering of traffic
b) They deny all traffic by default
c) They control traffic at the VPC level
d) They must be assigned to multiple subnets - How are inbound rules in a security group applied?
a) They apply to all traffic within a region
b) They allow specified traffic to reach associated instances
c) They deny all traffic by default
d) They restrict traffic between subnets - What happens if you remove all inbound rules from a security group?
a) All inbound traffic is denied
b) All inbound traffic is allowed
c) Traffic is routed to the NACL for evaluation
d) Traffic is mirrored to another security group - Security groups in AWS VPC are:
a) Stateless
b) Stateful
c) Immutable
d) Ephemeral
Section 3: VPNs and Direct Connect
- What is the purpose of an AWS Virtual Private Network (VPN)?
a) To host instances securely
b) To establish a secure connection between on-premises networks and AWS
c) To store data in encrypted format
d) To balance network traffic across regions - What components are required for an AWS Site-to-Site VPN connection?
a) Internet Gateway and Route Table
b) Virtual Private Gateway and Customer Gateway
c) Elastic IP and NAT Gateway
d) Direct Connect Gateway and Peering Connection - AWS Direct Connect provides a dedicated network connection between:
a) Two VPCs in different regions
b) An on-premises data center and AWS
c) AWS Global Accelerator and CloudFront
d) Subnets within a single VPC - What is the maximum bandwidth supported by AWS Direct Connect?
a) 1 Gbps
b) 5 Gbps
c) 10 Gbps
d) 100 Gbps - Which AWS service allows seamless integration with Direct Connect for hybrid architectures?
a) AWS Transit Gateway
b) Amazon Route 53
c) AWS CloudTrail
d) AWS Shield - How does AWS Direct Connect differ from a Site-to-Site VPN?
a) Direct Connect is faster and more reliable for high bandwidth connections
b) VPN supports only HTTP traffic, while Direct Connect supports HTTPS
c) Direct Connect operates on Layer 7, while VPN operates on Layer 3
d) VPN is region-specific, while Direct Connect is global - AWS VPN connections use which protocol to secure data?
a) HTTPS
b) IPsec
c) SSL/TLS
d) SFTP - What is the role of the Virtual Private Gateway in a Site-to-Site VPN?
a) Acts as a NAT gateway for the VPC
b) Terminates the VPN connection on the AWS side
c) Provides DNS resolution for the VPN
d) Hosts the NACL for the VPN - Direct Connect can integrate with which AWS networking service to connect multiple VPCs?
a) AWS Elastic Load Balancer
b) AWS Transit Gateway
c) Amazon CloudFront
d) AWS Firewall Manager - Which AWS feature improves the performance of a VPN connection?
a) Elastic IPs
b) Accelerated VPN
c) VPC Peering
d) Global Accelerator
Answers
| Q No. | Answer (Option with Text) |
|---|---|
| 1 | b) Control inbound and outbound traffic at the subnet level |
| 2 | b) Based on priority numbers |
| 3 | c) Deny all inbound and outbound traffic |
| 4 | a) One |
| 5 | b) The traffic is automatically denied |
| 6 | b) Instance |
| 7 | a) They allow stateful filtering of traffic |
| 8 | b) They allow specified traffic to reach associated instances |
| 9 | a) All inbound traffic is denied |
| 10 | b) Stateful |
| 11 | b) To establish a secure connection between on-premises networks and AWS |
| 12 | b) Virtual Private Gateway and Customer Gateway |
| 13 | b) An on-premises data center and AWS |
| 14 | d) 100 Gbps |
| 15 | a) AWS Transit Gateway |
| 16 | a) Direct Connect is faster and more reliable for high bandwidth connections |
| 17 | b) IPsec |
| 18 | b) Terminates the VPN connection on the AWS side |
| 19 | b) AWS Transit Gateway |
| 20 | b) Accelerated VPN |