Questions & Answers

Practice Tests and Exam Preparation

Sample Exam Questions

Question 1: Public vs Private Subnets

What makes a subnet public in AWS VPC?

Answer: Route to Internet Gateway

A subnet is public when its route table has a route to an Internet Gateway (0.0.0.0/0 → IGW).

Question 2: Security Groups vs NACLs

What is the key difference between Security Groups and Network ACLs?

Answer: Stateful vs Stateless

Security Groups are stateful (return traffic automatically allowed), NACLs are stateless (must configure both directions).

Question 3: VPC Peering

Does VPC Peering support transitive routing?

Answer: No

VPC Peering is one-to-one connection with no transitive routing. Use Transit Gateway for hub-and-spoke connectivity.

VPC Exam Strategy

  • • Understand the difference between public and private subnets
  • • Know Security Groups are stateful, NACLs are stateless
  • • Remember VPC Peering has no transitive routing
  • • Understand NAT Gateway vs NAT Instance differences
  • • Know VPC service limits and when they can be increased
Previous: Service Limitations Review: VPC Fundamentals