1. What does VPC stand for?
A. Virtual Private Cloud
B. Virtual Public Cloud
C. Verified Private Cloud
D. Virtual Protected Cloud
✅ Answer: A
2. A VPC is logically isolated from:
A. Other AWS accounts only
B. Other VPCs by default
C. The internet always
D. On-premises networks
✅ Answer: B
3. What is the default CIDR block size of a new default VPC?
A. /8
B. /12
C. /16
D. /24
✅ Answer: C
4. Which CIDR block range is valid for a VPC?
A. 10.0.0.0/8
B. 192.169.0.0/16
C. 172.32.0.0/16
D. 11.0.0.0/8
✅ Answer: A
5. What is the maximum CIDR size allowed for a VPC?
A. /8
B. /12
C. /16
D. /24
✅ Answer: A
6. A subnet must exist in:
A. Multiple Availability Zones
B. One Availability Zone only
C. All regions
D. Multiple regions
✅ Answer: B
7. What defines whether a subnet is public or private?
A. CIDR block size
B. Availability Zone
C. Route to an Internet Gateway
D. Security group rules
✅ Answer: C
8. Which component allows internet access for public subnets?
A. NAT Gateway
B. Internet Gateway
C. Route Table
D. Elastic IP
✅ Answer: B
9. Which AWS service allows private subnets to access the internet?
A. Internet Gateway
B. VPC Peering
C. NAT Gateway
D. VPN Gateway
✅ Answer: C
10. NAT Gateways must be placed in:
A. Private subnets
B. Public subnets
C. Any subnet
D. Default VPC only
✅ Answer: B
11. What does a route table control?
A. Inbound traffic only
B. Outbound traffic only
C. Network traffic routing
D. Security rules
✅ Answer: C
12. Every subnet must be associated with:
A. A security group
B. A NACL
C. A route table
D. An Internet Gateway
✅ Answer: C
13. If a subnet has no explicit route table association, which one is used?
A. Main route table
B. Default route table
C. Internet route table
D. Public route table
✅ Answer: A
14. Security Groups operate at which level?
A. Subnet
B. VPC
C. EC2 instance
D. Availability Zone
✅ Answer: C
15. Network ACLs operate at which level?
A. Instance
B. Subnet
C. VPC
D. Region
✅ Answer: B
16. Security Groups are:
A. Stateless
B. Stateful
C. Stateless only inbound
D. Deprecated
✅ Answer: B
17. Network ACLs are:
A. Stateful
B. Stateful outbound only
C. Stateless
D. Deprecated
✅ Answer: C
18. Which rule type is required in a security group?
A. Deny rules
B. Allow rules
C. Both allow and deny
D. No rules
✅ Answer: B
19. Which rule type is supported by NACLs?
A. Allow only
B. Deny only
C. Allow and deny
D. Implicit allow
✅ Answer: C
20. What happens if no inbound rule exists in a security group?
A. Traffic is allowed
B. Traffic is denied
C. Traffic is logged
D. Traffic is redirected
✅ Answer: B
21. How many Internet Gateways can a VPC have?
A. Unlimited
B. Two
C. One
D. Zero
✅ Answer: C
22. Can a VPC span multiple Availability Zones?
A. No
B. Yes
C. Only default VPCs
D. Only with peering
✅ Answer: B
23. What AWS service connects a VPC to on-premises networks?
A. Internet Gateway
B. NAT Gateway
C. Virtual Private Gateway
D. Elastic Load Balancer
✅ Answer: C
24. Which service provides private connectivity to AWS services without internet?
A. VPC Peering
B. VPC Endpoint
C. NAT Gateway
D. Direct Connect
✅ Answer: B
25. Which VPC endpoint type is used for S3?
A. Interface
B. Gateway
C. Transit
D. Peering
✅ Answer: B
26. What is the default tenancy of a VPC?
A. Dedicated
B. Host
C. Shared
D. Reserved
✅ Answer: C
27. Elastic IPs are:
A. Private IP addresses
B. Temporary IPs
C. Static public IPv4 addresses
D. IPv6 addresses
✅ Answer: C
28. Can a private subnet have outbound internet access?
A. No
B. Yes, via Internet Gateway
C. Yes, via NAT Gateway
D. Yes, via VPC Peering
✅ Answer: C
29. What is required to make an EC2 instance publicly accessible?
A. Public subnet only
B. Public IP + Internet Gateway route
C. NAT Gateway
D. VPC Endpoint
✅ Answer: B
30. Which IP is used for internal communication within a VPC?
A. Elastic IP
B. Public IP
C. Private IP
D. IPv6 only
✅ Answer: C
31. What is the smallest subnet size allowed in AWS?
A. /26
B. /27
C. /28
D. /29
✅ Answer: C
32. How many IP addresses are reserved by AWS in each subnet?
A. 3
B. 4
C. 5
D. 6
✅ Answer: C
33. Which AWS service helps isolate traffic between VPCs?
A. Security Groups
B. Route Tables
C. VPC Peering
D. Subnets
✅ Answer: D
34. Can two subnets in different AZs share the same CIDR?
A. Yes
B. No
C. Only in default VPC
D. Only with peering
✅ Answer: B
35. What is the main purpose of a default VPC?
A. High security
B. Simplified setup
C. Cost optimization
D. Multi-region access
✅ Answer: B
36. Which component is required for outbound IPv6 traffic?
A. NAT Gateway
B. Egress-only Internet Gateway
C. Internet Gateway
D. VPN Gateway
✅ Answer: B
37. Which service allows monitoring VPC traffic?
A. CloudTrail
B. VPC Flow Logs
C. CloudWatch Logs
D. AWS Config
✅ Answer: B
38. VPC Flow Logs capture:
A. Packet payloads
B. DNS queries
C. IP traffic metadata
D. Application logs
✅ Answer: C
39. Can a VPC be deleted if it has subnets?
A. Yes
B. No
C. Only default VPC
D. Only via CLI
✅ Answer: B
40. What is the first step in designing a simple VPC network?
A. Create subnets
B. Choose CIDR block
C. Attach Internet Gateway
D. Launch EC2
✅ Answer: B
