Lesson 25

Quiz: Networking

15 questions covering VPC, Security Groups, NACLs, Route 53, CloudFront, VPN, and Direct Connect

Instructions: Click one option per question. You will see immediate feedback. The score bar updates live. Target: 85% (13/15 correct) to proceed.

Networking Quiz

Select one answer per question. You will receive immediate feedback.

1. A company needs a logically isolated network in AWS where they control IP address ranges, subnets, and route tables. Which service provides this?

AWS Direct ConnectAmazon Route 53Amazon VPCAWS Transit Gateway

2. A subnet has CIDR block 10.0.1.0/24. How many IP addresses are available for use by AWS resources after accounting for reserved addresses?

256253251255

3. A web server in a public subnet needs to be reachable from the internet. Which component must be attached to the VPC and added as a route target?

NAT GatewayInternet GatewayVirtual Private GatewayVPC Endpoint

4. A database server in a private subnet must download patches from the internet but must not be reachable from the internet. Which component enables this?

Internet GatewayNAT GatewayVPC EndpointVirtual Private Gateway

5. Which type of VPC endpoint enables private connectivity to Amazon S3 and DynamoDB with no additional charge?

Interface endpointGateway endpointNAT endpointPeering endpoint

6. VPC A is peered with VPC B. VPC B is peered with VPC C. Can instances in VPC A communicate directly with instances in VPC C through these peering connections?

Yes, peering is automatically transitive.No, transitive peering is not supported.Yes, but only within the same Region.No, unless they belong to the same AWS account.

7. A company manages hundreds of VPCs and wants a hub-and-spoke model to simplify network connectivity. Which service should they use?

VPC PeeringAWS Transit GatewayInternet GatewayVPC Endpoint

8. Which firewall operates at the instance level, is stateful, and supports allow rules only?

Network ACLSecurity GroupRoute TableNAT Gateway

9. An administrator opens inbound port 443 on a custom network ACL but forgets to add a corresponding outbound rule. What happens to HTTPS responses?

Responses are allowed because NACLs are stateful.Responses are blocked because custom NACLs deny all traffic by default and are stateless.Responses use the default outbound allow-all rule.The NACL automatically creates a matching outbound rule.

10. An administrator allows inbound traffic on port 80 in a security group. Does the outbound response traffic need a separate security group rule?

Yes, an outbound rule for port 80 must be added.No, security groups are stateful so return traffic is automatically allowed.Yes, but only if the response goes to a different port.No, but only for HTTP; HTTPS requires a separate rule.

11. A company wants to block traffic from a specific IP address range at the subnet level. Which VPC feature must they use?

Security GroupNetwork ACLRoute TableInternet Gateway

12. A global application needs to route users to the AWS Region with the lowest latency. Which Route 53 routing policy meets this requirement?

Simple routingGeolocation routingLatency routingWeighted routing

13. A company wants to deliver cached video content to global users with low latency. Which AWS service should they use?

Amazon Route 53Amazon CloudFrontAWS Direct ConnectElastic Load Balancing

14. A company needs a dedicated, private, high-bandwidth connection to AWS to transfer large volumes of data daily. Internet performance is inconsistent. Which service should they use?

AWS Site-to-Site VPNAWS Direct ConnectInternet GatewayVPC Peering

15. A company needs a quick and cost-effective encrypted connection to link their on-premises network to their VPC within hours. Which service should they use?

AWS Direct ConnectAWS Site-to-Site VPNVPC PeeringTransit Gateway

Progress: 0/15 correct (0%). Answer all questions to see the final recommendation.

Ask your teacher: Scoring: 13/15 (87%) or higher = proceed to Analytics & App Integration. 11-12/15 (73-80%) = review missed questions. 10/15 or below = revisit the relevant networking lessons before continuing.

Primary Source: AWS Academy Module 5: Networking and Content Delivery (module-5.txt), Module 4: AWS Cloud Security (module-4.txt).