1. What is Amazon VPC?
Amazon Virtual Private Cloud (VPC) allows you to launch AWS resources in a logically isolated virtual network.
You have full control over IP ranges, subnets, route tables, and gateways.
2. Why do we need a VPC in AWS?
A VPC provides network isolation, security, and customization. It allows you to design your own network layout instead of using AWS’s default shared network.
3. What is a CIDR block in a VPC?
CIDR (Classless Inter-Domain Routing) defines the IP address range for a VPC. Example: 10.0.0.0/16 provides 65,536 private IP addresses.
4. What is the maximum CIDR block size for a VPC?
The largest allowed CIDR block is /16. The smallest allowed CIDR block is /28.
5. What is a subnet in AWS VPC?
A subnet is a smaller IP range within a VPC. Each subnet must belong to only one Availability Zone.
6. What is the difference between a public and private subnet?
A public subnet has a route to the Internet Gateway. A private subnet does not have direct internet access.
7. What is an Internet Gateway (IGW)?
An Internet Gateway allows communication between VPC resources and the internet. It must be attached to a VPC to enable public access.
8. What is a NAT Gateway?
A NAT Gateway allows instances in private subnets to access the internet. It prevents inbound traffic from the internet to those instances.
9. What is the difference between IGW and NAT Gateway?
IGW provides inbound and outbound internet access. NAT Gateway provides only outbound internet access for private instances.
10. What is a route table?
A route table contains rules that determine where network traffic is directed. Each subnet must be associated with a route table.
11. What is the default route table?
The default route table allows internal communication within the VPC. It does not include internet access unless configured.
12. What is a Security Group?
A security group acts as a virtual firewall for EC2 instances. It controls inbound and outbound traffic at the instance level.
13. What are the key features of Security Groups?
Security groups are stateful, meaning return traffic is automatically allowed. They only support allow rules, not deny rules.
14. What is a Network ACL (NACL)?
A Network ACL is a firewall that controls traffic at the subnet level. It applies to all resources within a subnet.
15. Difference between Security Group and NACL?
Security Groups are stateful and instance-level. NACLs are stateless and subnet-level.
16. What does “stateful” mean in Security Groups?
If inbound traffic is allowed, the outbound response is automatically allowed. You do not need to create separate outbound rules.
17. What does “stateless” mean in NACLs?
Inbound and outbound traffic must be explicitly allowed. Return traffic is not automatically permitted
18. What is a VPC Peering connection?
VPC Peering allows private communication between two VPCs. Traffic stays within the AWS network and does not use the internet.
19. Can we peer VPCs with overlapping CIDR blocks?
No, VPCs must have non-overlapping CIDR blocks. Overlapping IP ranges cause routing conflicts.
20. What is a VPC Endpoint?
A VPC Endpoint allows private access to AWS services without using the internet. It improves security and reduces latency.
21. What are the types of VPC Endpoints?
Gateway Endpoints (S3, DynamoDB). Interface Endpoints (most AWS services using ENI).
22. What is VPC Flow Logs?
VPC Flow Logs capture IP traffic information for network interfaces. They are mainly used for monitoring and troubleshooting.
23. Can a VPC span multiple Availability Zones?
Yes, a VPC can span multiple Availability Zones. This helps in designing highly available architectures
24. Can a subnet span multiple Availability Zones?
No, a subnet must be created in a single Availability Zone. This ensures fault isolation.
25. What is the default VPC?
A default VPC is automatically created by AWS in each region. It comes with public subnets and internet access by default.
26. What happens if you delete a VPC?
All associated resources such as subnets, route tables, and gateways are deleted. EC2 instances inside the VPC must be terminated first.
27. What is Elastic IP?
An Elastic IP is a static public IPv4 address provided by AWS. It can be attached to EC2 instances or NAT Gateways.
28. Why can’t EC2 in a private subnet access the internet?
It does not have a route to an Internet Gateway. A NAT Gateway is required for outbound internet access.
29. What is the purpose of DNS in a VPC?
DNS resolves domain names to IP addresses. AWS provides internal DNS for communication between resources.
30. What is the maximum number of VPCs per region?
By default, AWS allows 5 VPCs per region. This limit can be increased by requesting AWS support.
31. What is the main purpose of a route table?
A route table defines how traffic is routed within a VPC. It determines whether traffic stays inside the VPC or goes to gateways.
32. What is the local route in a VPC route table?
The local route allows communication between subnets within the same VPC. This route is automatically created and cannot be deleted.
33. What is an Elastic Network Interface (ENI)?
An ENI is a virtual network interface attached to an EC2 instance. It provides a private IP, MAC address, and security groups.
34. How does an EC2 instance get a public IP address?
An EC2 gets a public IP if launched in a public subnet with auto-assign enabled. The public IP is released when the instance is stopped.
35. What is the difference between Public IP and Elastic IP?
A Public IP is temporary and changes when the instance stops.
An Elastic IP is static and remains the same until released.
36. What is the purpose of a Bastion Host?
A Bastion Host is used to securely access private instances. It is usually placed in a public subnet with strict security rules.
37. What is AWS Transit Gateway?
Transit Gateway connects multiple VPCs and on-premises networks. It simplifies complex network architectures.
38. What happens if there is no route in a route table?
Traffic is dropped if no matching route is found. AWS does not forward packets without a defined route.
39. Can we change the CIDR block of a VPC?
You cannot change the primary CIDR block. However, you can add secondary CIDR blocks.
40. What is the purpose of multiple subnets in a VPC?
Multiple subnets help in isolating workloads. They also improve availability across Availability Zones.
Explore VPC basics here, then master it with Jeevi’s resources and our complete Cloud Computing training.
