Networking and Content Delivery | AWS Certified Solutions Architect – Associate MCQs
AWS Networking and Content Delivery: Practice MCQs for Certification
Mastering Amazon VPC, CloudFront, Route 53, and other key AWS networking services is essential for the AWS Certified Solutions Architect – Associate exam. These multiple-choice questions focus on real-world scenarios to help you understand subnets, route tables, security groups, CDN caching, and more. Test your knowledge and get ready to excel!
Amazon VPC: Subnets, Route Tables, and NAT Gateways
1. A company needs to launch instances in a private subnet that requires internet access for software updates. What should you do to ensure the instances have access to the internet?
a) Create a NAT gateway in a public subnet and update the route table for the private subnet
b) Launch the instances in a public subnet and associate an Elastic IP
c) Configure a VPN connection to provide access to the internet
d) Create an S3 VPC endpoint for internet access
e) Attach a security group to allow internet traffic
2. You want to route traffic from a VPC to a peered VPC in a different region. Which configuration is required for this to work?
a) Enable cross-region VPC peering
b) Update the route table of both VPCs
c) Configure an Internet Gateway for the destination VPC
d) Use a Direct Connect connection for the peering
e) Set up a NAT Gateway in the peered VPC
3. A company needs to ensure that their VPC subnets are isolated and not routable from the internet. Which option should they select to achieve this?
a) Configure a NAT gateway in the subnet
b) Disable the route to the Internet Gateway in the route table
c) Use a default route for the subnet
d) Enable public IP addressing on the instances
e) Create a peering connection with another VPC
Elastic IPs and ENIs
4. You need to assign a static IP to an EC2 instance for external access. Which of the following should you use?
a) Elastic IP (EIP)
b) Public IP
c) Private IP
d) ENI
e) Elastic Load Balancer
5. A company is using multiple ENIs to manage network traffic in a multi-tier architecture. How do ENIs work in terms of communication with EC2 instances?
a) Each ENI must be associated with a different VPC
b) An ENI can be associated with multiple instances in the same VPC
c) ENIs allow network traffic to flow between instances in the same VPC
d) ENIs provide routing between different AWS regions
e) ENIs can only be used for load balancing
6. You want to prevent an EC2 instance from changing its public IP on restart. Which option should you use?
a) Elastic IP
b) ENI
c) Public IP
d) Private IP
e) Security Group
Security Groups vs. NACLs
7. A company needs to control inbound and outbound traffic to their EC2 instances. Which service should they use to achieve this?
a) Security Groups
b) Network Access Control Lists (NACLs)
c) VPC Peering
d) VPN Gateway
e) Internet Gateway
8. You need to allow all inbound HTTP and HTTPS traffic to an EC2 instance in a VPC while blocking SSH access. Which option should you configure?
a) Modify the Security Group to allow HTTP and HTTPS, but deny SSH
b) Modify the NACL to allow HTTP and HTTPS, but deny SSH
c) Use a route table to block SSH access
d) Create an outbound rule to deny SSH access
e) Disable the Security Group for SSH
9. What is the key difference between Security Groups and NACLs in terms of traffic filtering?
a) Security Groups operate at the instance level, NACLs operate at the subnet level
b) NACLs allow for stateful filtering, Security Groups are stateless
c) Security Groups apply to both inbound and outbound traffic, but NACLs apply only to outbound traffic
d) NACLs can only be used with private subnets
e) Security Groups only apply to EC2 instances, not VPC resources
Amazon CloudFront: CDN Overview and Caching
10. A company wants to improve the performance of its web application by reducing latency and delivering content to users globally. Which AWS service should they use?
a) Amazon CloudFront
b) Amazon S3
c) Amazon EBS
d) Amazon Route 53
e) Elastic Load Balancing
11. You need to configure caching behavior for CloudFront to cache static assets. What should you consider when setting up the CloudFront distribution?
a) The cache duration for each object
b) The geographical location of the content’s origin
c) The number of distribution points
d) The security group settings of the origin server
e) The maximum file size for caching
12. A company wants to use CloudFront for their website and needs to ensure that only HTTPS requests can access their content. What configuration should you apply?
a) Enable SSL/TLS on the CloudFront distribution
b) Use HTTP-only content for CloudFront distribution
c) Disable HTTPS on the origin server
d) Configure a security policy for HTTP access
e) Use an HTTP redirect in the CloudFront settings
Route 53: DNS Management, Routing Policies, and Failover
13. A company wants to ensure that traffic to their website is distributed evenly across multiple AWS regions. Which of the following options should they use?
a) Route 53 latency-based routing
b) Route 53 weighted routing
c) Route 53 failover routing
d) Route 53 geolocation routing
e) Route 53 multi-value answer routing
14. You are configuring DNS failover in Route 53. What is the minimum requirement to enable failover for your domain?
a) Set up a secondary health check
b) Enable multiple A records with different IP addresses
c) Create a Route 53 health check for the primary record
d) Configure weighted routing to prioritize failover
e) Assign multiple domain names to the same IP address
15. You want to route DNS traffic based on the geographic location of the user. Which Route 53 routing policy should you choose?
a) Geolocation routing
b) Latency-based routing
c) Weighted routing
d) Simple routing
e) Failover routing
Direct Connect and VPN
16. You want to set up a private, dedicated network connection between your on-premises data center and AWS. Which service should you use?
a) AWS Direct Connect
b) AWS VPN
c) AWS Transit Gateway
d) VPC Peering
e) VPN Gateway
17. A company is establishing a secure connection between its on-premises network and AWS. Which options should they consider to meet the requirements of a hybrid cloud architecture? (Select all that apply)
a) AWS Direct Connect
b) AWS VPN
c) VPC Peering
d) Transit Gateway
e) PrivateLink
18. Which of the following is true about AWS Site-to-Site VPN? (Select all that apply)
a) It uses a public IP address for the connection
b) It requires AWS Direct Connect
c) It supports both static and dynamic routing
d) It can be used with multiple VPCs
e) It is designed for high-throughput connections
Mixed Scenario Questions
19. A company wants to distribute web traffic across multiple availability zones while ensuring low latency. Which AWS service would best meet their needs?
a) AWS CloudFront
b) Elastic Load Balancer
c) Amazon Route 53
d) AWS VPN
e) Amazon VPC Peering
20. You need to secure your VPC network by allowing only specific IP ranges from the internet to access an EC2 instance. Which configuration should you use?
a) Security Groups
b) NACLs
c) Route Tables
d) VPC Peering
e) VPN Gateway
Answer Key
| Qno | Answer (Option with text) |
|---|---|
| 1 | a) Create a NAT gateway in a public subnet and update the route table for the private subnet |
| 2 | a) Enable cross-region VPC peering, b) Update the route table of both VPCs |
| 3 | b) Disable the route to the Internet Gateway in the route table |
| 4 | a) Elastic IP (EIP) |
| 5 | c) ENIs allow network traffic to flow between instances in the same VPC |
| 6 | a) Elastic IP |
| 7 | a) Security Groups |
| 8 | a) Modify the Security Group to allow HTTP and HTTPS, but deny SSH |
| 9 | a) Security Groups operate at the instance level, NACLs operate at the subnet level |
| 10 | a) Amazon CloudFront |
| 11 | a) The cache duration for each object |
| 12 | a) Enable SSL/TLS on the CloudFront distribution |
| 13 | a) Route 53 latency-based routing |
| 14 | c) Create a Route 53 health check for the primary record |
| 15 | a) Geolocation routing |
| 16 | a) AWS Direct Connect |
| 17 | a) AWS Direct Connect, b) AWS VPN |
| 18 | a) It uses a public IP address for the connection, c) It supports both static and dynamic routing |
| 19 | b) Elastic Load Balancer |
| 20 | b) NACLs |