Evaluate your understanding of cloud networking fundamentals with this quiz focusing on Virtual Private Clouds (VPCs) and peering connections. Identify key features, best practices, and security considerations for VPC architecture and seamless network integration in cloud environments.
Which statement best describes a Virtual Private Cloud (VPC) in cloud networking?
Explanation: A VPC is a logically isolated section within a cloud environment that enables users to customize network settings such as IP ranges and subnets. It is not a physical switch, hence the second option is incorrect. The third option describes a VPN, not a VPC. The fourth option confuses a VPC with a network appliance.
If two VPCs in the same cloud region need to communicate privately without using the internet, which solution should be used?
Explanation: A VPC peering connection allows private traffic between VPCs without traversing the internet. Public subnet routing exposes resources to the internet, which is less secure. DNS forwarding handles name resolution, not private communication. Direct internet access increases exposure and is not private.
Which limitation applies to a VPC peering connection?
Explanation: VPC peering is non-transitive, so a VPC cannot route traffic to another VPC via a peer. Sharing security groups directly is not a default capability; this is a distractor. Peering does not require public internet routing. Route tables must be manually configured, not automatically merged by peering.
When creating a VPC, what is the primary function of defining subnets within it?
Explanation: Subnets are used to divide the VPC’s IP address range into logical sections for resource placement and management. While subnets help with security, actual border control is handled by firewalls or security lists, not subnets alone. Public IP assignment and DDoS mitigation are separate processes.
When configuring a VPC, why is careful selection of the CIDR block important?
Explanation: Choosing a unique CIDR block avoids IP conflicts, especially when connecting with other networks or peering. CIDR itself does not encrypt data. Route table propagation is not controlled by the CIDR, and bandwidth is managed separately, not by the CIDR block range.
After setting up a VPC peering connection, what must you update to enable network communication between peered VPCs?
Explanation: Route tables need to be updated to direct traffic between peered VPCs. Changing server operating systems or virtual machine types does not affect peering connectivity. DNS records alone do not establish network routing for traffic flow.
Which practice enhances security when using VPC peering?
Explanation: Applying network access control lists (ACLs) allows granular control of what traffic can pass between VPCs, strengthening security. Placing all resources in public subnets or allowing unrestricted rules weakens security. Overlapping CIDR blocks prevents proper routing and is a poor practice.
A company needs to securely connect two VPCs across different cloud network regions. Which peering type is required?
Explanation: Inter-region peering is designed for VPCs in separate regions, supporting secure connectivity across geographic locations. Local peering only works within the same region. Intra-subnet peering is not a valid term. An external VPN connects external sites, not VPCs within the same provider.
After establishing a VPC peering connection, what determines which resources are accessible across VPCs?
Explanation: Resource accessibility depends on correctly configured route tables and access policies in both VPCs. Disk storage size is unrelated to network access. Resource tags and automatic discovery do not grant network connectivity by default.
Which statement is true about traffic between two VPCs using a peering connection?
Explanation: VPC peering ensures that traffic remains within the provider's private infrastructure and is not exposed to the internet. Encryption must be configured separately; it is not always default. Load balancers are not a requirement for peering. External antivirus inspection is not automatically included.