You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from predefined customer IP addresses. Which two options meet this security requirement? (Choose 2)

Configure ELB security groups to allow traffic from your customers’ IPs and deny all outbound traffic

Configure web server VPC security groups to allow traffic from your customers’ IPs

Configure your web servers to filter traffic based on the ELB’s “X-forwarded-for” header

Configure a VPC NACL to allow web traffic from your customers’ IPs and deny all outbound traffic

A user has created a VPC with public and private subnets using the VPC Wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. Which of the below mentioned entries are required in the main route table to allow the instances in VPC to communicate with each other?

Destination : 20.0.0.0/16 and Target : Local

Destination : 20.0.0.0/24 and Target : VPC

Destination : 20.0.0.0/0 and Target : ALL

A user has created a VPC with two subnets: one public and one private. The user is planning to run the patch update for the instances in the private subnet. How can the instances in the private subnet connect to the internet?

Use the internet gateway with a private IP

Allow outbound traffic in the security group for port 80 to allow internet updates

The private subnet can never connect to the internet

A user has launched an EC2 instance and installed a website with the Apache web server. The webserver is running but the user is not able to access the website from the Internet. What can be the possible reason for this failure?

The security group of the instance is not configured properly.

The instance is not configured with the proper key-pairs.

The Apache website cannot be accessed from the Internet.

Instance is not configured with an elastic IP.

A user has created a VPC with public and private subnets. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.1.0/24 and the public subnet uses CIDR 20.0.0.0/24. The user is planning to host a web server in the public subnet (port 80) and a DB server in the private subnet (port 3306). The user is configuring a security group of the NAT instance. Which of the below mentioned entries is not required for the NAT security group?

For Inbound allow Source: 20.0.0.0/24 on port 80

For Inbound allow Source: 20.0.1.0/24 on port 80

For Outbound allow Destination: 0.0.0.0/0 on port 80

For Outbound allow Destination: 0.0.0.0/0 on port 443

A user has created a VPC with CIDR 20.0.0.0/24. The user has used all the IPs of CIDR and wants to increase the size of the VPC. The user has two subnets: public (20.0.0.0/25) and private (20.0.0.128/25). How can the user change the size of the VPC?

It is not possible to change the size of the VPC once it has been created

The user can delete all the instances of the subnet. Change the size of the subnets to 20.0.0.0/32 and 20.0.1.0/32, respectively. Then the user can increase the size of the VPC using CLI

User can add a subnet with a higher range so that it will automatically increase the size of the VPC

User can delete the subnets first and then modify the size of the VPC

You have deployed a three-tier web application in a VPC with a CIDR block of 10.0.0.0/28. You initially deploy two web servers, two application servers, two database servers and one NAT instance tor a total of seven EC2 instances The web. Application and database servers are deployed across two availability zones (AZs). You also deploy an ELB in front of the two web servers, and use Route53 for DNS Web (raffle gradually increases in the first few days following the deployment, so you attempt to double the number of instances in each tier of the application to handle the new load unfortunately some of these new instances fail to launch. Which of the following could the root caused? (Choose 2)

AWS reserves the first and the last private IP address in each subnet’s CIDR block so you do not have enough addresses left to launch all of the new EC2 instances.

The Internet Gateway (IGW) of your VPC has scaled-up adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches.

AWS reserves one IP address in each subnet’s CIDR block for Route53 so you do not have enough addresses left to launch all of the new EC2 instances.

AWS reserves the first and the last private IP address in each subnet’s CIDR block so you do not have enough addresses left to launch all of the new EC2 instances.

You have an Amazon VPC with one private subnet and one public subnet with a Network Address Translator (NAT) server. You are creating a group of Amazon Elastic Cloud Compute (EC2) instances that configure themselves at startup via downloading a bootstrapping script from Amazon Simple Storage Service (S3) that deploys an application via GIT. Which setup provides the highest level of security?

Amazon EC2 instances in private subnet, no EIPs, route outgoing traffic via the NAT

Amazon EC2 instances in public subnet, no EIPs, route outgoing traffic via the Internet Gateway (IGW)

Amazon EC2 instances in private subnet, assign EIPs, route outgoing traffic via the Internet Gateway (IGW)

Amazon EC2 instances in public subnet, assign EIPs, route outgoing traffic via the NAT

You have a load balancer configured for VPC, and all back-end Amazon EC2 instances are in service. However, your web browser times out when connecting to the load balancer's DNS name. Which options are probable causes of this behavior? (Choose 2)

The load balancer was not configured to use a public subnet with an Internet gateway configured

The security groups or network ACLs are not property configured for web traffic.

The Amazon EC2 instances do not have a dynamically allocated private IP address

The load balancer is not configured in a private subnet with a NAT instance.

The VPC does not have a VGW configured.

When will you incur costs with an Elastic IP address (EIP)?

When it is allocated and associated with a stopped instance.

When it is allocated and associated with a running instance.

Costs are incurred regardless of whether the EIP is associated with a running instance.

You are working as a Solutions Architect in a top software development company in Silicon Valley. The company has multiple applications hosted in their VPC. While you are monitoring the system, you noticed that multiple port scans are coming in from a specific IP address block which are trying to connect to several AWS resources inside your VPC. The internal security team has requested that all offending IP addresses be denied for the next 24 hours for security purposes. Which of the following is the best method to quickly and temporarily deny access from the specified IP addresses?

Modify the Network Access Control List associated with all public subnets in the VPC to deny access from the IP Address block.

Create a policy in IAM to deny access from the IP Address block.

Modify the Network Access Control List associated with all public subnets in the VPC to deny access from the IP Address block.

Configure the firewall in the operating system of the EC2 instances to deny access from the IP address block.

You are working for a FinTech startup as their AWS Solutions Architect. You deployed an application on different EC2 instances with Elastic IP addresses attached for easy DNS resolution and configuration. These servers are only accessed from 8 AM to 6 PM and can be stopped from 6 PM to 8 AM for cost efficiency using Lambda with the script that automates this based on tags. Which of the following will occur when an EC2-VPC instance with an associated Elastic IP is stopped and started? (Choose 2)

The underlying host for the instance is possibly changed.

All data on the attached instance-store devices will be lost.

The ENI (Elastic Network Interface) is detached.

The Elastic IP address is disassociated with the instance.

A company is using a custom shell script to automate the deployment and management of their EC2 instances. The script is using various AWS CLI commands such as revoke-security-group-ingress, revoke-security-group-egress, run-scheduled-instances and many others. In the shell script, what does the revoke-security-group-ingress command do?

Removes one or more ingress rules from a security group.

Removes one or more security groups from a rule.

Removes one or more egress rules from a security group.

AWS - VPC Quiz 1

Authored by Akshay Balagoni

Professional Development

Used 15+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE SELECT QUESTION

5 mins • 1 pt

Which of the following statements are true with respect to VPC? (choose 2)

A subnet can have multiple route tables associated with it.

A network ACL can be associated with multiple subnets.

A route with target “local” on the route table can be edited to restrict traffic within VPC.

Subnet’s IP CIDR block can be same as the VPC CIDR block.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

How many VPCs can an Internet Gateway be attached to at any given time?

By default 1. But it can be attached to any VPC peered with its belonging VPC.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

Your organization was planning to develop a web application on AWS EC2. Application admin was tasked to perform AWS setup required to spin EC2 instance inside an existing private VPC. He/she has created a subnet and wants to ensure no other subnets in the VPC can communicate with your subnet except for the specific IP address. So he/she created a new route table and associated with the new subnet. When he/she was trying to delete the route with the target as local, there is no option to delete the route. What could have caused this behavior?

Policy attached to IAM user does not have access to remove routes.

A route with the target as local cannot be deleted.

You cannot add/delete routes when associated with the subnet. Remove associated, add/delete routes and associate again with the subnet.

There must be at least one route on the route table. Add a new route to enable delete option on existing routes.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

Your organization has an existing VPC setup and has a requirement to route any traffic going from VPC to AWS S3 bucket through AWS internal network. So they have created VPC endpoint for S3 and configured to allow traffic for S3 buckets. The application you are developing involves sending traffic to AWS S3 bucket from VPC for which you planned to use a similar approach. You have created a new route table, added route to VPC endpoint and associated route table with your new subnet. However, when you are trying to send a request from EC2 to S3 bucket using AWS CLI, the request is getting failed with 403 access denied errors. What could be causing the failure?

AWS S3 bucket is in the different region than your VPC.

EC2 security group outbound rules not allowing traffic to S3 prefix list.

VPC endpoint might have a restrictive policy and does not contain the new S3 bucket.

S3 bucket CORS configuration does not have EC2 instance as the origin.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

Which of the following is an AWS component which consumes resources from your VPC?

Internet Gateway

Gateway VPC Endpoints

Elastic IP Addresses

NAT Gateway

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You have successfully set up a VPC peering connection in your account between two VPCs – VPC A and VPC B, each in a different region. When you are trying to make a request from VPC A to VPC B, request getting failed. Which of the following could be a reason?

Cross region peering is not supported in AWS

CIDR blocks of both VPCs might be overlapping.

Routes not configured in route tables for peering connections.

VPC A security group default outbound rules not allowing traffic to VPC B IP range.

MULTIPLE SELECT QUESTION

5 mins • 1 pt

VPC A security group default outbound rules not allowing traffic to VPC B IP range.

In a Network ACL, for a successful HTTPS connection, add an inbound rule with HTTPS type, IP range in source and ALLOW traffic.

In a Network ACL, for a successful HTTPS connection, you must add an inbound rule and outbound rule with HTTPS type, IP range in source and destination respectively and ALLOW traffic.

In a Security Group, for a successful HTTPS connection, add an inbound rule with HTTPS type and IP range in the source.

In a Security Group, for a successful HTTPS connection, you must add an inbound rule and outbound rule with HTTPS type, IP range in source and destination respectively.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

15 questions

BIOCATALYSIS

Quiz

•

10th Grade - Professi...

15 questions

Innovation and Creativity

Quiz

•

Professional Development

17 questions

Banking

Quiz

•

Professional Development

20 questions

MI3 Voc Test 2.2

Quiz

•

Professional Development

15 questions

Arquitetura interna de Micros

Quiz

•

Professional Development

15 questions

2PM Pub Quiz Sample Questions

Quiz

•

Professional Development

15 questions

Ancient civilizations

Quiz

•

KG - Professional Dev...

20 questions

Intro 7 Writing Exam

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

100 questions

Screening Test Customer Service

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

10 questions

Reading a ruler in Inches

Quiz

•

4th Grade - Professio...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development