100% found this document useful (1 vote)

81 views

Aws VPC

Uploaded by

ravi_kishore21

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

81 views

Aws VPC

Uploaded by

ravi_kishore21

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 17

AWS VPC (Virtual

Private Cloud) interview

questions:
1. What is AWS VPC, and what are its main components?
- Answer: AWS VPC (Virtual Private Cloud) is a web service that allows you to create a logically
isolated section of the Amazon Web Services (AWS) cloud where you can launch resources in a virtual
network. It gives you control over your virtual networking environment, including IP address ranges,
subnet creation, route tables, and network gateways. The main components of AWS VPC are:

- Subnets: Subnets are segments of IP addresses within the VPC. You can divide your VPC's IP
address range into multiple subnets, each representing a different availability zone. Subnets help isolate
resources and provide high availability for your applications.

- Route Tables: Route tables are used to define the traffic flow between subnets in the VPC. Each
subnet is associated with a route table, and you can specify the destination of the traffic (e.g., internet
gateway or virtual private gateway) and the next hop for each destination.

- Internet Gateway (IGW): The internet gateway is a horizontally scaled, redundant, and highly
available component that provides internet access to instances in public subnets. It allows instances
with public IP addresses to communicate with the internet.

- Network Access Control Lists (NACLs): NACLs act as a firewall for controlling traffic at the
subnet level. They are stateless and contain a set of rules that explicitly allow or deny traffic based on
source and destination IP addresses, port numbers, and protocols.

- Security Groups: Security groups act as a virtual firewall for controlling traffic at the instance
level. They are stateful and control inbound and outbound traffic to instances based on security group
rules that you specify. Instances are automatically associated with security groups.

2. How is communication established between instances in different subnets within an AWS VPC?
- Answer: Instances in different subnets within the same VPC can communicate with each other
directly using their private IP addresses. AWS automatically routes traffic between subnets within the
same VPC, as long as the necessary routes are configured in the route tables. Instances can
communicate with each other using their private IP addresses as long as they are in the same VPC and
security group rules allow the communication.

3. Can you have multiple internet gateways in a single AWS VPC?

- Answer: No, an AWS VPC can have only one internet gateway. The internet gateway is associated
with the VPC and provides internet connectivity to instances in public subnets. It enables
communication between instances in public subnets and the internet. If you need to segment your
internet traffic, you can use Network Address Translation (NAT) gateways in private subnets to allow
outbound internet traffic while preventing inbound traffic.

4. How do you enable communication between an on-premises data center and an AWS VPC?
- Answer: To enable communication between an on-premises data center and an AWS VPC, you can
set up either a Virtual Private Network (VPN) connection or a Direct Connect (DX) connection.

- VPN Connection: A VPN connection provides a secure and encrypted connection over the public
internet between your on-premises network and your AWS VPC. You need to create a virtual private
gateway in the VPC and a customer gateway representing your on-premises VPN endpoint. Then, you
establish a VPN connection between the two gateways.

- Direct Connect (DX) Connection: A DX connection provides a dedicated and private connection
between your on-premises network and an AWS Direct Connect location. You need to work with a
Direct Connect provider to establish a physical connection from your on-premises network to the
Direct Connect location. From there, you create a virtual interface to connect the DX location to your
VPC.

5. What is a Network Address Translation (NAT) gateway in AWS VPC, and when is it used?
- Answer: A Network Address Translation (NAT) gateway is a managed AWS service that allows
instances in a private subnet to initiate outbound internet traffic while preventing inbound traffic from
reaching those instances. It provides internet access to instances in private subnets without exposing
their private IP addresses to the internet. NAT gateway is used in scenarios where instances in a private
subnet need to access the internet for tasks like downloading packages, software updates, or accessing
AWS services like S3, but should not be directly reachable from the internet.

6. What is a VPC peering connection in AWS, and what are the limitations of VPC peering?
- Answer: VPC peering is a networking connection between two VPCs that allows them to
communicate using private IP addresses. It enables instances in one VPC to communicate directly with
instances in another VPC as if they are within the same network. The main features of VPC peering
are:

- Transitive Connectivity: VPC peering is not transitive. If VPC A is peered with VPC B and VPC B
is peered with VPC C, then VPC A and VPC C are not directly peered. Separate peering connections
are required between VPC A and VPC C to enable communication.

- Non-overlapping IP Address Ranges: The IP address ranges (CIDR blocks) of the VPCs being
peered must not overlap. Overlapping IP addresses would cause routing conflicts and prevent proper
communication.

- Same AWS Region: VPC peering must be established within the same AWS region. It is not
possible to peer VPCs located in different regions.
- No Transit Gateway: VPC peering does not support communication through an AWS Transit
Gateway. Communication between VPCs and on-premises networks through a Transit Gateway
requires Direct Connect (DX) or VPN connections.

7. Can you change the IP address range of an existing VPC in AWS?

- Answer: No, you cannot change the IP address range (CIDR block) of an existing VPC once it is
created. The CIDR block is associated with the VPC at its creation and cannot be modified. If you need
to change the IP address range, you would need to create a new VPC with the desired CIDR block and
then migrate your resources from the old VPC to the new one.

8. How do you control traffic between instances in different security groups within an AWS VPC?
- Answer: Traffic between instances in different security groups is controlled by the security group
rules. Security groups act as virtual firewalls at the instance level, and you can specify inbound
(ingress) and outbound (egress) rules to allow or deny traffic based on IP address, protocol, and port
number. By default, no inbound traffic is allowed, and all outbound traffic is allowed for security
groups. You need to define security group rules to allow specific types of traffic between instances.

9. Can you connect multiple VPCs in different AWS regions?

- Answer: Yes, you can connect multiple VPCs in different AWS regions. There are a couple of ways
to achieve this:

- VPC Peering: You can set up VPC peering connections between VPCs in different AWS regions.
Each VPC peering connection should be established within the same region, but you can create
multiple peering connections to connect VPCs across different regions.

- AWS Transit Gateway: AWS Transit Gateway is

a hub-and-spoke networking solution that enables you to connect multiple VPCs and on-premises
networks in the same or different AWS accounts and regions. Transit Gateway simplifies network
connectivity by allowing you to attach VPCs and VPN connections to the same gateway.

10. What is the purpose of a Network ACL (NACL) in AWS VPC?

- Answer: A Network Access Control List (NACL) is an optional layer of security for controlling
inbound and outbound traffic at the subnet level. It acts as a stateless firewall and is associated with one
or more subnets in a VPC. NACLs contain a set of rules that explicitly allow or deny traffic based on
source and destination IP addresses, port numbers, and protocols.

- Each subnet in a VPC is associated with a default NACL, which allows all inbound and outbound
traffic by default. You can create custom NACLs to restrict or control the traffic flow for specific
subnets. NACLs provide an added layer of security for your VPC by controlling traffic before it
reaches the security groups associated with the instances.
11. What is the difference between a public subnet and a private subnet in AWS VPC?
- Answer: In AWS VPC, a public subnet is a subnet that has a route to the internet gateway, allowing
instances in the subnet to have public IP addresses and direct access to the internet. On the other hand,
a private subnet does not have a direct route to the internet gateway, and instances in the private subnet
can only access the internet through a NAT gateway or an instance acting as a NAT.

12. How do you secure communication between instances in different VPCs connected using VPC
peering?
- Answer: By default, VPC peering connections allow all communication between instances in the
peered VPCs. To secure communication, you can use security groups and network access control lists
(NACLs) to control inbound and outbound traffic between the peered VPCs.

13. Can you connect multiple VPCs using VPC peering if they have overlapping IP address ranges
(CIDR blocks)?
- Answer: No, VPC peering requires non-overlapping IP address ranges. If the VPCs have
overlapping CIDR blocks, the peering request will be rejected.

14. How do you share resources (e.g., subnets, security groups) between AWS accounts in the same
VPC?
- Answer: You can share resources between AWS accounts in the same VPC using AWS Resource
Access Manager (RAM). With RAM, you can share subnets, security groups, route tables, and internet
gateways across multiple accounts.

15. Can you enable DNS resolution for instances in a VPC without creating a custom DHCP option
set?
- Answer: Yes, DNS resolution is enabled by default for instances in a VPC. AWS provides a default
DHCP option set that includes DNS settings.

16. What is the purpose of a Bastion Host (Jump Box) in an AWS VPC, and why is it placed in a
public subnet?
- Answer: A Bastion Host, also known as a Jump Box, is a special-purpose instance placed in a public
subnet that acts as a secure gateway to access instances in private subnets. It is used to provide secure
remote access to instances in private subnets for administrative purposes. Placing the Bastion Host in a
public subnet allows it to have a public IP address and direct internet access, enabling administrators to
connect to it from their local machines.

17. Can you change the security group of a running EC2 instance in an AWS VPC?
- Answer: Yes, you can modify the security group associated with a running EC2 instance. You can
add or remove rules to allow or deny inbound and outbound traffic to the instance.
18. What is a Network ACL (NACL) rule number, and how is it different from security group rules?
- Answer: In a Network ACL (NACL), the rule number determines the evaluation order of rules.
Lower rule numbers are evaluated first. NACLs are stateless, meaning that if you allow inbound traffic
for a specific port, you must also allow outbound traffic on the same port for the response to return. In
contrast, security group rules are stateful, and if you allow inbound traffic, the response traffic is
automatically allowed.

19. Can you use security groups to control traffic between instances in different VPCs connected using
VPC peering?
- Answer: No, security groups can only control traffic between instances within the same VPC. To
control traffic between instances in different VPCs connected via VPC peering, you need to use
NACLs or firewall rules on the instances themselves.

20. What is the purpose of an Elastic IP (EIP) address in AWS VPC?

- Answer: An Elastic IP (EIP) address is a static public IP address that you can allocate to your AWS
resources, such as EC2 instances, NAT gateways, or load balancers. EIPs are used to ensure that the IP
address remains constant even if the associated resource is stopped and restarted.

21. How do you connect an Elastic Load Balancer (ELB) to instances in a private subnet?
- Answer: To connect an Elastic Load Balancer (ELB) to instances in a private subnet, you can use an
internal ELB. Internal ELBs are designed to load balance traffic between instances within a VPC but
are not publicly accessible. Instances in the private subnet can communicate with the internal ELB
through private IP addresses.

22. What is the difference between a public IP address and an Elastic IP address in AWS VPC?
- Answer: A public IP address is automatically assigned to an EC2 instance when it is launched in a
public subnet. It can change if the instance is stopped and restarted. On the other hand, an Elastic IP
address is a static IP address that you can allocate to your resources and retain even if the resource is
stopped and restarted.

23. How do you create a custom route table in an AWS VPC?

- Answer: To create a custom route table in an AWS VPC, you need to go to the VPC management
console, select "Route Tables," and click "Create Route Table." Then, associate the subnets with the
custom route table by selecting the subnet and choosing "Edit Subnet Associations."

24. What is an AWS Direct Connect (DX) connection, and how does it differ from VPN connectivity
to VPC?
- Answer: AWS Direct Connect (DX) is a dedicated network connection between your on-premises
data center and AWS. It provides a more reliable and consistent connection compared to VPN
connectivity over the internet. DX offers higher throughput, lower latency, and a more predictable
network experience.
25. How do you set up communication between multiple VPCs in different AWS accounts without
using VPC peering?
- Answer: To set up communication between multiple VPCs in different AWS accounts without using
VPC peering, you can use AWS Transit Gateway. Transit Gateway allows you to connect multiple
VPCs, VPN connections, and Direct Connect connections across multiple accounts and regions through
a central hub.

26. What is a default VPC, and how is it different from a custom VPC?
- Answer: A default VPC is automatically created for each AWS account in every AWS region. It
comes pre-configured with a default subnet in each availability zone and a default security group. A
custom VPC, on the other hand, is created by the user and provides more control over the network
architecture, including defining the IP address range, subnets, and security groups.

27. How can you ensure high availability for resources in an AWS VPC?
- Answer: To ensure high availability for resources in an AWS VPC, you can distribute instances
across multiple availability zones (AZs) within the same region. By deploying instances in different
AZs, you can protect your applications from a single point of failure. Additionally, you can use load
balancers to distribute traffic across multiple instances, ensuring that your application remains available
even if one instance becomes unavailable.

28. How do you monitor network traffic in an AWS VPC?

- Answer: You can monitor network traffic in an AWS VPC using Amazon VPC Flow Logs. VPC
Flow Logs capture information about the IP traffic going to and

from network interfaces in the VPC. The logs can be sent to Amazon CloudWatch Logs or Amazon S3
for analysis and monitoring.

29. What is an AWS Site-to-Site VPN, and when is it used?

- Answer: An AWS Site-to-Site VPN is a type of VPN connection that allows you to securely connect
your on-premises data center to your AWS VPC. It provides an encrypted tunnel over the internet,
enabling communication between your on-premises network and your VPC. Site-to-Site VPN is used
when you need to extend your on-premises data center to the AWS cloud and require a secure and
private connection.

30. How do you control traffic between an on-premises data center and an AWS VPC when using AWS
Site-to-Site VPN?
- Answer: Traffic between an on-premises data center and an AWS VPC when using AWS Site-to-Site
VPN is controlled through the VPN security policies and routing. You can configure the VPN to allow
or deny specific traffic between the on-premises network and the VPC based on security rules and
routing configurations.
31. What is the purpose of an Amazon Virtual Private Gateway (VGW) in AWS VPC?
- Answer: An Amazon Virtual Private Gateway (VGW) is a component that represents a VPN
endpoint in the AWS cloud. It is used to create a hardware VPN connection between your on-premises
network and your VPC.

32. How do you enable DNS resolution for private hosted zones within an AWS VPC?
- Answer: To enable DNS resolution for private hosted zones within an AWS VPC, you need to
associate the VPC with the private hosted zone. This allows DNS queries from instances within the
VPC to resolve the domain names defined in the private hosted zone.

33. What is a Default Network ACL, and what are its default rules?
- Answer: A Default Network ACL is automatically created when you create a new VPC. By default,
it allows all inbound and outbound traffic. You can modify the default rules to restrict traffic if needed.

34. Can you modify the default security group in an AWS VPC?
- Answer: No, the default security group cannot be modified or deleted. However, you can add
additional rules to allow or deny specific traffic.

35. What is an AWS PrivateLink, and how does it enable private connectivity to AWS services?
- Answer: AWS PrivateLink allows you to access AWS services privately from your VPC without
going over the internet. It enables you to connect to supported AWS services directly using private IP
addresses. This provides enhanced security, as the traffic between your VPC and the AWS service
remains within the AWS network.

36. How do you encrypt data between instances in different VPCs connected using VPC peering?
- Answer: By default, VPC peering connections do not encrypt the traffic between instances. To
encrypt the traffic between instances in different VPCs connected via VPC peering, you can use
technologies such as IPSec VPN or AWS Direct Connect (DX) to create an encrypted connection
between the VPCs.

37. Can you use an internet gateway to enable communication between instances in different VPCs
connected using VPC peering?
- Answer: No, an internet gateway cannot be used to enable communication between instances in
different VPCs connected via VPC peering. VPC peering connections are private connections, and
traffic between peered VPCs remains within the AWS network.
38. What is the significance of the tenancy option (default vs. dedicated) when creating a VPC?
- Answer: The tenancy option refers to the underlying hardware that is used for the instances in the
VPC. The default tenancy option means that instances run on shared hardware, while the dedicated
tenancy option means that instances run on dedicated hardware, providing additional isolation.
Dedicated tenancy is used for compliance requirements or when you need to have full control over the
underlying hardware.

39. How do you associate a Network ACL (NACL) with a subnet in an AWS VPC?
- Answer: To associate a Network ACL (NACL) with a subnet in an AWS VPC, you need to go to the
VPC management console, select "Network ACLs," and click "Edit subnet associations." From there,
you can select the desired NACL and associate it with the subnet.

40. What is the maximum number of VPCs you can create per AWS region per AWS account?
- Answer: By default, you can create up to five VPCs per AWS region per AWS account. However,
this limit can be increased by submitting a request to AWS support.

41. Can you create a VPC in one AWS region and attach it to an EC2 instance running in another AWS
region?
- Answer: No, VPCs are region-specific and cannot be attached to instances running in a different
AWS region. You must create a new VPC in the desired region and launch instances within that region.

42. What is the purpose of a Site-to-Site VPN tunnel in AWS VPC?

- Answer: A Site-to-Site VPN tunnel is a secure and encrypted connection established over the
internet between your on-premises data center and your AWS VPC. It allows you to extend your on-
premises network to the AWS cloud securely.

43. How do you restrict access to an EC2 instance in a public subnet so that it is only accessible from
your on-premises network and not from the internet?
- Answer: To restrict access to an EC2 instance in a public subnet so that it is only accessible from
your on-premises network, you can configure the instance's security group to allow inbound traffic only
from the IP address range of your on-premises network.

44. What is the significance of the "default" route in a route table in AWS VPC?
- Answer: The "default" route in a route table is used as the catch-all route when no specific route
matches the destination of the traffic. It is commonly used to route traffic to the internet gateway when
the destination is not explicitly defined in the route table.
45. How do you achieve high availability for a VPN connection in AWS VPC?
- Answer: To achieve high availability for a VPN connection in AWS VPC, you can establish multiple
VPN connections from your on-premises network to different virtual private gateways in the VPC. By
setting up redundant connections, you ensure that if one VPN connection fails, traffic can automatically
failover to the redundant connection.

46. How do you enable DNS resolution for instances in a private subnet in AWS VPC?
- Answer: To enable DNS resolution for instances in a private subnet, you need to configure the
DHCP options set for the VPC. The DHCP options set includes domain name settings that allow
instances to resolve domain names using the Amazon-provided DNS servers.

47. What is the purpose of the "main" route table in AWS VPC?
- Answer: The "main" route table is automatically created when you create a VPC. It is the default
route table for all subnets in the VPC, unless you explicitly associate a custom route table with a
subnet. If a subnet is not explicitly associated with a custom route table, it uses

the "main" route table.

48. How do you enable communication between VPCs in different AWS accounts in the same region
using AWS Transit Gateway?
- Answer: To enable communication between VPCs in different AWS accounts in the same region
using AWS Transit Gateway, you need to share the Transit Gateway with the other AWS accounts and
accept the invitation to attach their VPCs to the Transit Gateway. This allows the VPCs from different
accounts to communicate through the Transit Gateway.

49. How do you enable internet access for instances in a private subnet in AWS VPC?
- Answer: To enable internet access for instances in a private subnet, you need to set up a NAT
gateway or use a NAT instance in a public subnet. The NAT gateway or instance acts as a bridge
between the private subnet and the internet, allowing instances in the private subnet to access the
internet for tasks like software updates.

50. Can you peer VPCs with overlapping IP address ranges in different AWS accounts?
- Answer: No, VPC peering requires non-overlapping IP address ranges. If the VPCs have
overlapping CIDR blocks, the peering request will be rejected. The IP address ranges of the peered
VPCs must not conflict to establish a successful VPC peering connection.
Of course! Here are some scenario-based AWS VPC interview questions:
1. Scenario: You have two VPCs (VPC-A and VPC-B) in different AWS accounts, and you need to
allow communication between instances in both VPCs. How would you achieve this securely?
- Answer: To achieve secure communication between instances in VPC-A and VPC-B, you can use
VPC peering. First, you need to set up a VPC peering connection between VPC-A and VPC-B. Once
the peering connection is established, you need to update the route tables of each VPC to allow traffic
destined for the other VPC's CIDR block to be routed through the peering connection. Additionally,
you can use security groups and network access control lists (NACLs) to control the inbound and
outbound traffic between the instances in both VPCs.

2. Scenario: You have launched an EC2 instance in a private subnet of your AWS VPC. However, you
need to install software updates on the instance. How can you provide internet access to the instance
temporarily without exposing it to the internet permanently?
- Answer: To provide temporary internet access to the instance in the private subnet, you can set up a
NAT gateway in a public subnet. The NAT gateway allows instances in the private subnet to initiate
outbound internet traffic while preventing inbound traffic from reaching them. Next, update the route
table of the private subnet to direct all internet-bound traffic to the NAT gateway. By doing this, the
instance can access the internet for downloading software updates while still maintaining its private IP
address and not being directly reachable from the internet.

3. Scenario: You have a multi-tier application running in your AWS VPC, with web servers in a public
subnet and application servers in a private subnet. The web servers need to communicate with the
application servers securely. How can you achieve this?
- Answer: To achieve secure communication between the web servers in the public subnet and the
application servers in the private subnet, you can set up an internal Elastic Load Balancer (ELB). Place
the ELB in the public subnet, and then configure it to distribute traffic to the application servers in the
private subnet. The ELB acts as an intermediary, handling the SSL termination and encryption for the
communication between the web servers and application servers. This way, traffic between the web
servers and application servers remains within the VPC and is not exposed to the internet.

4. Scenario: You have a VPC with multiple subnets across different availability zones. You want to
ensure high availability for your application by distributing instances across these subnets. What AWS
service can you use to automatically distribute traffic across instances in different subnets?
- Answer: To automatically distribute traffic across instances in different subnets within the same
VPC, you can use an Elastic Load Balancer (ELB). ELB automatically distributes incoming traffic
across instances in multiple availability zones, providing high availability for your application. You can
choose from three types of ELBs: Classic Load Balancer (CLB), Application Load Balancer (ALB),
and Network Load Balancer (NLB), depending on your application's needs.

5. Scenario: You have a VPC with multiple subnets, some of which are public subnets and others
private subnets. Instances in the public subnets can communicate with the internet using their public IP
addresses. However, instances in the private subnets need internet access for software updates. How
can you provide internet access to the instances in the private subnets while maintaining security?
- Answer: To provide internet access to instances in the private subnets, you can set up a NAT
gateway in a public subnet. Update the route tables of the private subnets to direct internet-bound
traffic to the NAT gateway. This allows instances in the private subnets to access the internet for
software updates or other necessary tasks while still preventing inbound traffic from reaching them
directly. The instances in the private subnets will use the NAT gateway's public IP address for internet
access.
Certainly! Here are more scenario-based AWS VPC interview questions:

6. Scenario: You have a VPC with multiple subnets in different availability zones. You need to set up a
highly available VPN connection between your on-premises data center and the VPC. How can you
achieve this?
- Answer: To set up a highly available VPN connection between your on-premises data center and the
VPC, you can establish two VPN connections from your on-premises VPN device to two different
Amazon Virtual Private Gateways (VGWs), each in a separate availability zone. By doing this, you
create redundant connections, ensuring that if one VPN connection or VGW becomes unavailable,
traffic can failover to the other connection and VGW. You should also use Border Gateway Protocol
(BGP) for dynamic routing to automatically detect and reroute traffic in case of a failure.

7. Scenario: You have a VPC with public and private subnets. Instances in the public subnet have
internet access, while instances in the private subnet need to access services in the public subnet. How
can you enable communication between instances in the public and private subnets?
- Answer: To enable communication between instances in the public and private subnets, you can set
up a VPC peering connection. Establish a VPC peering connection between the VPC with the public
subnet (let's call it VPC-A) and the VPC with the private subnet (let's call it VPC-B). Once the peering
connection is established, update the route table of the private subnet in VPC-B to include a route to the
CIDR block of VPC-A, with the VPC peering connection as the target. Similarly, update the route table
of the public subnet in VPC-A to include a route to the CIDR block of VPC-B, with the VPC peering
connection as the target. This allows instances in both VPCs to communicate with each other.

8. Scenario: You have multiple AWS accounts, each with its own VPC. You want to establish
connectivity between the VPCs in different accounts for data exchange. How can you achieve this
securely?
- Answer: To establish secure connectivity between VPCs in different AWS accounts, you can use
AWS Transit Gateway. Create a Transit Gateway in a central AWS account and then share the Transit
Gateway with the other AWS accounts. Accept the invitation to attach the VPCs from the other
accounts to the Transit Gateway. Once attached, the VPCs can communicate with each other through
the central Transit Gateway. Additionally, you can control the traffic between the VPCs using security
groups and network access control lists (NACLs) to ensure secure data exchange.

9. Scenario: You have a multi-tier application in your VPC, with web servers in a public subnet and
database servers in a private subnet. You want to restrict direct access to the database servers from the
internet and allow only the web servers to communicate with them. How can you achieve this?
- Answer: To restrict direct access to the database servers from the internet and allow only the web
servers to communicate with them, you can use security groups and network access control lists
(NACLs). In the security group associated with the database servers, create a rule that allows inbound
traffic only from the security group associated with the web servers. This allows instances within the
web server security group to communicate with the database servers. Additionally, configure the
NACLs of the database subnet to allow inbound traffic only from the IP address range of the web
servers, and deny all other inbound traffic. This provides an additional layer of security to ensure that
only the web servers can access the database servers.
10. Scenario: You have a VPC with multiple subnets, and you want to prevent instances in a specific
subnet from accessing the internet while allowing them to communicate with instances in other
subnets. How can you achieve this?
- Answer: To prevent instances in a specific subnet from accessing the internet, you can update the
subnet's route table to remove the route to the internet gateway. This will stop internet-bound traffic
from leaving the subnet. However, instances in the subnet will still be able to communicate with
instances in other subnets within the same VPC using their private IP addresses. Additionally, you can
use security groups and NACLs to control the inbound and outbound traffic for further restriction.

11. Scenario: You have a VPC with multiple subnets across different availability zones. Your
application is experiencing high traffic and requires scalable and fault-tolerant architecture. What AWS
service can you use to achieve this?
- Answer: To achieve a scalable and fault-tolerant architecture for high traffic applications in a VPC,
you can use an Application Load Balancer (ALB) or Network Load Balancer (NLB). ALB operates at
the application layer (Layer 7) and is best suited for HTTP and HTTPS traffic. NLB operates at the
transport layer (Layer 4) and is ideal for handling TCP, UDP, and TLS traffic. Both load balancers
automatically distribute incoming traffic across multiple instances in different availability zones,
ensuring high availability and load distribution for the application.

12. Scenario: You have a VPC with public and private subnets. Instances in the public subnet can
access the internet, while instances in the private subnet need to access AWS services such as S3
without going over the internet. How can you enable this access securely?
- Answer: To enable instances in the private subnet to access AWS services like S3 without going
over the internet, you can use VPC endpoints. Set up a VPC endpoint for the required AWS service
(e.g., S3) in the VPC with the private subnet. This creates a private connection between the VPC and
the AWS service, allowing instances in the private subnet to securely access the service without
needing internet access. This helps improve security by keeping the traffic within the AWS network and
not exposing it to the internet.

Certainly! Here are more scenario-based AWS VPC interview questions:

13. Scenario: You have a VPC with multiple subnets, some public and some private. Instances in the
public subnets can reach the internet, but instances in the private subnets need to access external
resources on-premises. How can you enable communication from the private subnets to on-premises
resources securely?
- Answer: To enable communication from the private subnets to on-premises resources securely, you
can set up a Site-to-Site VPN connection. Configure your on-premises VPN device as the customer
gateway and create a Virtual Private Gateway (VGW) in the VPC. Then, establish the VPN connection
between the VGW and the customer gateway. Update the route tables of the private subnets to direct
traffic destined for on-premises resources to the VPN connection. This allows instances in the private
subnets to securely access on-premises resources over the VPN connection.

14. Scenario: You have a VPC with multiple subnets, and you want to ensure that only specific IP
addresses are allowed to access instances in a particular subnet. How can you achieve this access
control?
- Answer: To achieve access control for instances in a subnet, you can use a combination of security
groups and NACLs. Create a custom security group for the instances in the subnet and specify the
allowed inbound and outbound rules based on the desired IP addresses. Additionally, configure the
NACLs for the subnet to allow or deny traffic based on source and destination IP addresses. By using
both security groups and NACLs, you can implement fine-grained access control for the instances in
the subnet.

15. Scenario: You have a VPC with multiple subnets and a requirement to monitor network traffic
between instances for security analysis and compliance. How can you accomplish this monitoring in
AWS VPC?
- Answer: To monitor network traffic between instances in an AWS VPC, you can use Amazon VPC
Flow Logs. Flow Logs capture information about the IP traffic flowing in and out of network interfaces
in the VPC. You can configure Flow Logs to send log data to Amazon CloudWatch Logs or Amazon S3
for analysis and monitoring. Flow Logs help you monitor and troubleshoot network connectivity issues,
as well as provide data for security analysis and compliance monitoring.

16. Scenario: You have an application running in an AWS VPC, and you want to ensure that the
application remains available even if an entire availability zone becomes unavailable. How can you
design the VPC for high availability?
- Answer: To design the VPC for high availability, distribute your instances across multiple
availability zones (AZs) within the same region. This ensures that if one AZ becomes unavailable, your
application can continue to operate in other AZs. To distribute traffic across instances in different AZs,
use an Elastic Load Balancer (ELB). ELB automatically routes traffic to healthy instances in available
AZs, providing high availability and fault tolerance for your application.

17. Scenario: You have a VPC with multiple subnets, and you want to allow instances in a specific
subnet to access the internet using a dedicated Elastic IP address. How can you achieve this?
- Answer: To allow instances in a specific subnet to access the internet using a dedicated Elastic IP
(EIP) address, you can create a NAT gateway in a public subnet. Then, update the route table of the
private subnet to direct all internet-bound traffic (0.0.0.0/0) to the NAT gateway. The NAT gateway will
handle the translation of private IP addresses of the instances in the private subnet to the EIP, allowing
them to access the internet while using the EIP as their public IP address.

18. Scenario: You have multiple VPCs in different AWS accounts, and you want to enable
communication between instances in these VPCs securely. How can you achieve this cross-account
communication?
- Answer: To achieve secure cross-account communication between instances in different VPCs, you
can use VPC peering. First, establish a VPC peering connection between the VPCs in the different
AWS accounts. Then, update the route tables of each VPC to allow traffic destined for the CIDR block
of the peered VPC to be routed through the peering connection. Additionally, use security groups and
NACLs to control the inbound and outbound traffic between the instances in both VPCs.

19. Scenario: You have a VPC with multiple subnets and instances. You want to monitor the network
traffic at the packet level for detailed analysis and troubleshooting. How can you accomplish this
monitoring in AWS VPC?
- Answer: To monitor the network traffic at the packet level in an AWS VPC, you can use VPC
Traffic Mirroring. Traffic Mirroring allows you to capture and mirror the network packets from the
network interfaces of source instances to a destination for analysis. The mirrored traffic can be sent to
an Amazon EC2 instance or a Network Load Balancer for packet-level analysis and troubleshooting.

20. Scenario: You have a VPC with multiple subnets and instances running in different subnets. You
want to restrict instances in one subnet from establishing TCP connections with instances in another
subnet. How can you enforce this restriction?
- Answer: To enforce restrictions on TCP connections between instances in different subnets, you can
use network access control lists (NACLs). Create custom NACLs for the source and destination
subnets and define the desired inbound and outbound rules. For the subnet where you want to restrict
TCP connections, add an outbound rule that denies TCP traffic to the destination subnet's CIDR block.
This prevents instances in the source subnet from establishing TCP connections with instances in the
restricted destination subnet.
Certainly! Here are more scenario-based AWS VPC interview questions:

21. Scenario: You have an application deployed in your VPC that requires internet access for software
updates and licensing checks. However, you want to ensure that instances in the VPC cannot be
accessed directly from the internet. How can you achieve this setup?
- Answer: To allow instances in the VPC to access the internet for software updates and licensing
checks while preventing direct access from the internet, you can set up a NAT gateway in a public
subnet. Update the route table of the private subnet to direct all internet-bound traffic to the NAT
gateway. This allows instances in the private subnet to access the internet indirectly through the NAT
gateway. The instances in the private subnet will use the public IP address of the NAT gateway for
internet access, while their private IP addresses remain hidden from the internet.

22. Scenario: You have multiple VPCs in different AWS regions, and you need to enable
communication between instances in these VPCs for data replication. How can you establish secure
communication between the VPCs across different regions?
- Answer: To enable secure communication between instances in different VPCs across different
AWS regions, you can use AWS Global Accelerator. AWS Global Accelerator provides a fully managed
service that uses the AWS global network to direct traffic to applications in multiple AWS regions
securely and with low latency. By setting up an accelerator, you can configure endpoints in each VPC
and then direct traffic to the respective instances securely over the AWS global network.

23. Scenario: You have a VPC with multiple subnets, and you want to ensure that instances in a
specific subnet can only communicate with instances in another specific subnet and not with instances
in any other subnets. How can you enforce this communication restriction?
- Answer: To enforce communication restrictions between specific subnets, you can use network
access control lists (NACLs) and security groups. In the NACL for the source subnet, create outbound
rules that allow traffic only to the CIDR block of the destination subnet and deny all other outbound
traffic. Similarly, create inbound rules in the NACL of the destination subnet to allow traffic only from
the CIDR block of the source subnet and deny all other inbound traffic. Additionally, configure the
security groups of instances in both subnets to allow traffic only from the security group associated
with the other subnet. This setup ensures that instances in the specified subnets can communicate with
each other while restricting communication with instances in other subnets.
24. Scenario: You have launched an EC2 instance in a public subnet, and you want to enable Secure
Shell (SSH) access to it from your on-premises network. How can you achieve this securely?
- Answer: To enable secure SSH access to the EC2 instance from your on-premises network, you can
modify the security group associated with the instance. Add an inbound rule to the security group that
allows SSH traffic (port 22) from your on-premises IP address or IP address range. This way, only your
on-premises network can access the instance via SSH, ensuring secure remote access.

25. Scenario: You have a VPC with public and private subnets. Instances in the public subnet require
access to the internet, while instances in the private subnet need to access S3. How can you enable this
communication without using a NAT gateway?
- Answer: To enable instances in the private subnet to access S3 without using a NAT gateway, you
can set up an S3 VPC endpoint. A VPC endpoint allows you to access S3 privately from within your
VPC without requiring internet access. Create an S3 VPC endpoint in the VPC with the private subnet,
and update the route table of the private subnet to direct S3 traffic to the VPC endpoint. This enables
instances in the private subnet to securely access S3 without going over the internet.

26. Scenario: You have an application running in a VPC that requires low-latency communication
between instances. How can you ensure that the instances communicate with each other efficiently
within the VPC?
- Answer: To ensure low-latency communication between instances within the VPC, deploy the
instances in the same availability zone or, if possible, in adjacent availability zones. This reduces the
network distance between the instances and minimizes latency. Additionally, use an Application Load
Balancer (ALB) or Network Load Balancer (NLB) to distribute traffic efficiently among instances,
ensuring optimal performance and response times.

27. Scenario: You have a multi-tier application in your VPC, with web servers in a public subnet and
database servers in a private subnet. You want to allow external users to access the web servers while
keeping the database servers inaccessible from the internet. How can you achieve this security setup?
- Answer: To allow external users to access the web servers while preventing direct access to the
database servers from the internet, you can set up an Elastic Load Balancer (ELB) in the public subnet.
The ELB acts as the entry point for external traffic and distributes it among the web servers in the
private subnet. In the security group associated with the database servers, create an inbound rule that
allows traffic only from the security group associated with the ELB. This ensures that only traffic
coming through the ELB can reach the database servers, providing an additional layer of security.

28. Scenario: You have a VPC with multiple subnets across different availability zones. You want to
ensure high availability and fault tolerance for your instances. How can you design your VPC to
achieve this?
- Answer: To achieve high availability and fault tolerance in your VPC, deploy your instances across
multiple availability zones (AZs). Use an Elastic Load Balancer (ELB) to distribute traffic across
instances in different AZs, ensuring that your application remains available even if an entire AZ
becomes unavailable. Additionally, you can use Amazon RDS Multi-AZ deployment for your database
instances to achieve automatic failover in case of an AZ failure. By distributing

your resources across multiple AZs and using load balancers and Multi-AZ deployments, you can
achieve a highly available and fault-tolerant architecture.
Certainly! Here are more scenario-based AWS VPC interview questions:
29. Scenario: You have a VPC with multiple subnets and instances running in different subnets. You
want to ensure that instances in one subnet can communicate with instances in another subnet using
their private IP addresses. How can you achieve this communication setup?
- Answer: To enable communication between instances in different subnets within the same VPC
using their private IP addresses, you don't need to make any additional configurations. Instances within
the same VPC can communicate with each other using their private IP addresses by default. The route
tables within the VPC are automatically set up to allow communication between subnets, as long as the
security groups and network access control lists (NACLs) allow the necessary inbound and outbound
traffic.

30. Scenario: You have a VPC with multiple subnets, some public and some private. You need to set up
a Bastion host to allow SSH access to instances in the private subnets from your on-premises network.
How can you achieve this securely?
- Answer: To provide secure SSH access to instances in the private subnets, you can set up a Bastion
host (also known as a Jump host) in a public subnet. The Bastion host acts as an intermediary between
your on-premises network and the private instances. To ensure security, place the Bastion host in a
security group that only allows SSH traffic from your on-premises IP address or IP address range.
Then, configure the security groups of the private instances to allow SSH traffic only from the Bastion
host's security group. This way, you can establish an SSH connection to the Bastion host from your on-
premises network and then use it to access the private instances securely.

31. Scenario: You have a VPC with multiple subnets and instances running in different subnets. You
want to allow the instances in one subnet to access the internet directly for software updates. How can
you enable internet access for instances in the subnet securely?
- Answer: To enable internet access for instances in a subnet securely, you can create a NAT gateway
in a public subnet. Update the route table of the private subnet to direct internet-bound traffic
(0.0.0.0/0) to the NAT gateway. This allows instances in the private subnet to access the internet
indirectly through the NAT gateway, without exposing their private IP addresses to the internet. The
instances in the private subnet will use the public IP address of the NAT gateway for internet access.

32. Scenario: You have multiple VPCs in different AWS accounts, and you need to enable secure
communication between instances in these VPCs. However, you don't want to set up VPC peering
between them. How can you achieve secure communication between VPCs?
- Answer: To enable secure communication between VPCs in different AWS accounts without using
VPC peering, you can use AWS Transit Gateway. Create a Transit Gateway in a central AWS account
and then attach the VPCs from different accounts to the Transit Gateway. This allows instances in the
attached VPCs to communicate with each other through the central Transit Gateway, providing a secure
and scalable solution for inter-VPC communication.

33. Scenario: You have a VPC with multiple subnets, some public and some private. Instances in the
public subnets can access the internet, but instances in the private subnets need to access AWS services
such as S3 and DynamoDB securely. How can you enable this access without going over the internet?
- Answer: To enable instances in the private subnets to access AWS services like S3 and DynamoDB
without going over the internet, you can use VPC endpoints. Set up VPC endpoints for the required
AWS services in the VPC with the private subnets. This creates a private connection between the VPC
and the AWS services, allowing instances in the private subnets to securely access the services without
needing internet access. By using VPC endpoints, you can keep the traffic within the AWS network and
improve security.
34. Scenario: You have a VPC with multiple subnets, and you want to ensure that instances in a
specific subnet can only communicate with specific IP addresses on the internet for security reasons.
How can you enforce this communication restriction?
- Answer: To enforce communication restrictions for instances in a specific subnet, you can use
network access control lists (NACLs) and security groups. In the NACL for the subnet, create outbound
rules that allow traffic only to the specific IP addresses on the internet that you want to permit. Then,
configure the security groups of the instances in the subnet to allow outbound traffic only to the CIDR
blocks associated with the specific IP addresses. By using both NACLs and security groups, you can
enforce fine-grained communication restrictions for instances in the subnet.

35. Scenario: You have a VPC with multiple subnets and instances running in different subnets. You
need to ensure that instances in one subnet cannot access instances in another subnet, but they should
still be able to access AWS services like S3 and DynamoDB. How can you achieve this isolation
securely?
- Answer: To achieve isolation between instances in different subnets while allowing access to AWS
services, you can use network access control lists (NACLs) and security groups. Configure the NACLs
for each subnet to deny all inbound and outbound traffic from the CIDR blocks of the other subnets.
Then, configure the security groups of the instances in each subnet to allow outbound traffic to the
CIDR blocks associated with the AWS services you want to access, such as S3 and DynamoDB. This
setup ensures that instances in one subnet cannot directly communicate with instances in another
subnet, but they can still access the required AWS services.

For More Interview Q&A

https://t.me/+swMXV5-lEsIwMTJl
join Telegram Where I uploaded Documents
ping me in whatsapp: wa.me/919440118066

Case Study Amazon Ec2
No ratings yet
Case Study Amazon Ec2
4 pages
AWS CloudNotes
100% (1)
AWS CloudNotes
8 pages
AWS Part1
No ratings yet
AWS Part1
78 pages
AWS Production
No ratings yet
AWS Production
9 pages
Unilever Case Study - Aws
No ratings yet
Unilever Case Study - Aws
17 pages
RDS Aws
No ratings yet
RDS Aws
33 pages
Aws EC2
No ratings yet
Aws EC2
25 pages
saa3_wk7
No ratings yet
saa3_wk7
117 pages
### AWS DevOps - Continuous Docker Deployment To AWS Fargate From GitHub Using Terraform - by Antoine Cichowicz - Sep, 2023 - AWS in Plain English
No ratings yet
### AWS DevOps - Continuous Docker Deployment To AWS Fargate From GitHub Using Terraform - by Antoine Cichowicz - Sep, 2023 - AWS in Plain English
22 pages
30 Terraform Q&A
No ratings yet
30 Terraform Q&A
11 pages
Advanced Identity in AWS
100% (1)
Advanced Identity in AWS
28 pages
AWS Solutions Architect Project 1 Solution
No ratings yet
AWS Solutions Architect Project 1 Solution
8 pages
Create A Web Server and An Amazon RDS Database
No ratings yet
Create A Web Server and An Amazon RDS Database
22 pages
Ec2 Instances
No ratings yet
Ec2 Instances
38 pages
Exam Question AWS (Test)
No ratings yet
Exam Question AWS (Test)
285 pages
Amazon - Pass4sure - Aws Certified Solutions Architect - Associate 2018.v2019-02-12.by - Mia.84q PDF
100% (1)
Amazon - Pass4sure - Aws Certified Solutions Architect - Associate 2018.v2019-02-12.by - Mia.84q PDF
3 pages
Aws Lab
No ratings yet
Aws Lab
16 pages
Top 100
No ratings yet
Top 100
59 pages
Maaven Interview Q&A
No ratings yet
Maaven Interview Q&A
10 pages
AWS IAM Notes
No ratings yet
AWS IAM Notes
12 pages
Setting Up An S3 Static Website Using AWS CLI: Description
100% (1)
Setting Up An S3 Static Website Using AWS CLI: Description
3 pages
Terraform Basic Commands & Fundamentals: # Configure The AWS Provider
No ratings yet
Terraform Basic Commands & Fundamentals: # Configure The AWS Provider
7 pages
AWS Material S New
No ratings yet
AWS Material S New
113 pages
Aws Interview Questions 1734772145
No ratings yet
Aws Interview Questions 1734772145
45 pages
Aws Project Used in Production PDF
No ratings yet
Aws Project Used in Production PDF
21 pages
AWS CP - Sruya Kiran Sir Notes
No ratings yet
AWS CP - Sruya Kiran Sir Notes
8 pages
Advance AWS Interviewquestions
No ratings yet
Advance AWS Interviewquestions
39 pages
Virtual Private Cloud
100% (1)
Virtual Private Cloud
17 pages
AWS-Solution-Architect-Associate Dumps - 100% Valid Amazon AWS-Solution-Architect-Associate Practice Exam Questions
No ratings yet
AWS-Solution-Architect-Associate Dumps - 100% Valid Amazon AWS-Solution-Architect-Associate Practice Exam Questions
2 pages
5 AWS Database Services 19-08-2024
No ratings yet
5 AWS Database Services 19-08-2024
21 pages
Machine Learning Foundations
No ratings yet
Machine Learning Foundations
20 pages
AWS Labs - Advanced
No ratings yet
AWS Labs - Advanced
2 pages
Module 02
No ratings yet
Module 02
29 pages
AWS SME Questions
No ratings yet
AWS SME Questions
8 pages
22) Route53
100% (1)
22) Route53
38 pages
6 AWS VPC Peering Limitations
No ratings yet
6 AWS VPC Peering Limitations
8 pages
How To Use Terraform
No ratings yet
How To Use Terraform
14 pages
Aws CJ Saa en Kickoff 2023 Nov
No ratings yet
Aws CJ Saa en Kickoff 2023 Nov
43 pages
AWS Solution Project - 1
No ratings yet
AWS Solution Project - 1
4 pages
Ann Afamefuna-59
No ratings yet
Ann Afamefuna-59
42 pages
AWS CP StudySlides
No ratings yet
AWS CP StudySlides
102 pages
Inspection Deployment Models With AWS Network Firewall Ra
No ratings yet
Inspection Deployment Models With AWS Network Firewall Ra
7 pages
Team Members:: Sahilpreet Singh Rohil Bansal Navleen Kaur Vedant Taak
No ratings yet
Team Members:: Sahilpreet Singh Rohil Bansal Navleen Kaur Vedant Taak
48 pages
System Operations On AWS
No ratings yet
System Operations On AWS
4 pages
AWS Stephane Maarek Practice Test2 From Udemy June
No ratings yet
AWS Stephane Maarek Practice Test2 From Udemy June
153 pages
Simple AWS Project
No ratings yet
Simple AWS Project
5 pages
DevOps Cheat Sheet
No ratings yet
DevOps Cheat Sheet
297 pages
We Will Be Using
No ratings yet
We Will Be Using
21 pages
Using Terraform in The Context of AWS Multi-Account Setups
No ratings yet
Using Terraform in The Context of AWS Multi-Account Setups
25 pages
AWS Solution Architect Associate Dump4
No ratings yet
AWS Solution Architect Associate Dump4
13 pages
AWS Lab Practice Guide by WWW - Server-Computer - Com - v1
100% (1)
AWS Lab Practice Guide by WWW - Server-Computer - Com - v1
86 pages
Aws 1713927989
No ratings yet
Aws 1713927989
31 pages
Aws.certified.solutions.architect.associate.study.guide.B08L1BC3QR
No ratings yet
Aws.certified.solutions.architect.associate.study.guide.B08L1BC3QR
91 pages
Aws RDS-2
No ratings yet
Aws RDS-2
8 pages
Ec2 Ug
No ratings yet
Ec2 Ug
1,044 pages
3 Tierproject
No ratings yet
3 Tierproject
32 pages
Mastering Kafka Streams: From Basics to Expert Proficiency
From Everand
Mastering Kafka Streams: From Basics to Expert Proficiency
William Smith
No ratings yet
Learning Ansible
From Everand
Learning Ansible
Wayne Taylor
No ratings yet
Oracle SOA BPEL Process Manager 11gR1 A Hands-on Tutorial
From Everand
Oracle SOA BPEL Process Manager 11gR1 A Hands-on Tutorial
Ravi Saraswathi
5/5 (1)
About Kubernetes and Security Practices - Short Edition: First Edition, #1
From Everand
About Kubernetes and Security Practices - Short Edition: First Edition, #1
Ami Adi
No ratings yet
Linux Interview Question - Answers
No ratings yet
Linux Interview Question - Answers
39 pages
Interview Questions Related To Scripting and Programming For A Devops
No ratings yet
Interview Questions Related To Scripting and Programming For A Devops
50 pages
AWS Materials
No ratings yet
AWS Materials
228 pages
Aws Inteview
No ratings yet
Aws Inteview
55 pages
Basic Operators in Shell Scripting
No ratings yet
Basic Operators in Shell Scripting
14 pages
K21-CKA Exam Questions Guide
No ratings yet
K21-CKA Exam Questions Guide
14 pages
Git Branching Startegy
No ratings yet
Git Branching Startegy
3 pages
HP StoreOnce 2620, 4210 - 4220 and 4320 - 4430 Backup System Installation and Configuration Guide
No ratings yet
HP StoreOnce 2620, 4210 - 4220 and 4320 - 4430 Backup System Installation and Configuration Guide
57 pages
Jatayu Company Profile
No ratings yet
Jatayu Company Profile
29 pages
Aws Amazon Web Services
No ratings yet
Aws Amazon Web Services
128 pages
Configure DAG in 2013 For High Availability
No ratings yet
Configure DAG in 2013 For High Availability
13 pages
Wlserver 61 Adminguide
No ratings yet
Wlserver 61 Adminguide
531 pages
Ultima Forte v5 0 Release Notes
No ratings yet
Ultima Forte v5 0 Release Notes
32 pages
Smppcube Enterprise Architecture
No ratings yet
Smppcube Enterprise Architecture
4 pages
Sayan Adhikary PT2
No ratings yet
Sayan Adhikary PT2
34 pages
Node - Js Sizing Recommendations For Sage X3 Web Server - 2018-03 Update
No ratings yet
Node - Js Sizing Recommendations For Sage X3 Web Server - 2018-03 Update
6 pages
Vrealize Automation Load Balancing
No ratings yet
Vrealize Automation Load Balancing
24 pages
H13-811_V3.5-ENU Updated Dumps - HCIA-Cloud Service V3.5
100% (1)
H13-811_V3.5-ENU Updated Dumps - HCIA-Cloud Service V3.5
14 pages
BW6 FT
No ratings yet
BW6 FT
2 pages
Fortios Handbook 54 PDF
No ratings yet
Fortios Handbook 54 PDF
3,124 pages
Oracle DBA Code Examples
No ratings yet
Oracle DBA Code Examples
567 pages
Pega 7.4 High Availability Administration Guide
100% (1)
Pega 7.4 High Availability Administration Guide
30 pages
DevOps Patterns To Scale Web Applications Using Cloud Services
No ratings yet
DevOps Patterns To Scale Web Applications Using Cloud Services
10 pages
Test 000-253: Ibm Websphere Application Server Network Deployment V6.1, Core Administration
No ratings yet
Test 000-253: Ibm Websphere Application Server Network Deployment V6.1, Core Administration
6 pages
499 Project Topics For Computer Science and Engineering (CSE) List 1 - Collegelib
No ratings yet
499 Project Topics For Computer Science and Engineering (CSE) List 1 - Collegelib
11 pages
TL-R470T V1 User Guide
No ratings yet
TL-R470T V1 User Guide
92 pages
Vikas Kumar Report Final
No ratings yet
Vikas Kumar Report Final
46 pages
OpenShift Container Platform-4.4-Installing On Bare metal-en-US
No ratings yet
OpenShift Container Platform-4.4-Installing On Bare metal-en-US
87 pages
Document Um 6.5 System Sizing
No ratings yet
Document Um 6.5 System Sizing
19 pages
CTM Admin 9.0.00
No ratings yet
CTM Admin 9.0.00
355 pages
Huawei AirEngine 5761 21 Access Point Datasheet
No ratings yet
Huawei AirEngine 5761 21 Access Point Datasheet
17 pages
Load Balancing With LVS-NAT, Keepalived, and Iptables
No ratings yet
Load Balancing With LVS-NAT, Keepalived, and Iptables
22 pages
IBM WebSphere Exam #252 Study Guide WebSphere Application Server ...
100% (1)
IBM WebSphere Exam #252 Study Guide WebSphere Application Server ...
57 pages
Big-Ip DNS Concepts
No ratings yet
Big-Ip DNS Concepts
54 pages
Genesys
100% (1)
Genesys
10 pages
Scale From Zero To Millions of Users
No ratings yet
Scale From Zero To Millions of Users
40 pages
Technical Brochure 126 - APV x850 Datasheet
No ratings yet
Technical Brochure 126 - APV x850 Datasheet
14 pages

Aws VPC

Uploaded by

Aws VPC

Uploaded by

AWS VPC (Virtual

Private Cloud) interview

3. Can you have multiple internet gateways in a single AWS VPC?

7. Can you change the IP address range of an existing VPC in AWS?

9. Can you connect multiple VPCs in different AWS regions?

- AWS Transit Gateway: AWS Transit Gateway is

10. What is the purpose of a Network ACL (NACL) in AWS VPC?

20. What is the purpose of an Elastic IP (EIP) address in AWS VPC?

23. How do you create a custom route table in an AWS VPC?

28. How do you monitor network traffic in an AWS VPC?

29. What is an AWS Site-to-Site VPN, and when is it used?

42. What is the purpose of a Site-to-Site VPN tunnel in AWS VPC?

the "main" route table.

Certainly! Here are more scenario-based AWS VPC interview questions:

For More Interview Q&A

You might also like