Explore and assess your understanding of advanced AWS networking concepts focusing on VPC peering and transit gateways. This quiz covers core principles and typical scenarios encountered with these networking services, helping cloud professionals reinforce their knowledge for secure and scalable cloud architectures.
Which of the following best describes the primary purpose of VPC peering in a cloud environment?
Explanation: VPC peering allows direct private connectivity between two virtual private clouds, making it possible for resources in each VPC to communicate. It does not encrypt all data within a subnet, which is handled by other security services. Replicating data across regions and providing domain name resolution are not primary functions of VPC peering, making those options less accurate.
A company needs transitive routing between three VPCs for application connectivity. Why is VPC peering not a suitable solution for this requirement?
Explanation: VPC peering establishes a direct link between two VPCs and does not allow traffic to route transitively between more than two VPCs. Connections to private subnets are supported if permitted by routing and security settings. The number of CIDR blocks and the requirement for public IP addresses are unrelated to the transitive routing limitation, making them incorrect.
What is the main function of a transit gateway in a cloud network architecture?
Explanation: A transit gateway facilitates scalable connectivity by serving as a central hub that links multiple VPCs and on-premises networks. Providing internet access and managing DNS names are not its primary functions, and it does not restrict traffic to only one VPC, making the other options incorrect.
A cloud architect needs to establish a secure connection between VPCs in different geographic regions. Which feature should be used?
Explanation: Cross-region VPC peering is specifically designed to connect VPCs residing in different geographic locations. Subnet broadcast is not used for VPC communication, Elastic Load Balancers handle application traffic balancing, and classic networking is a legacy term and not relevant to inter-region connectivity.
When integrating multiple VPCs using a transit gateway, what should be updated to ensure proper flow of traffic among them?
Explanation: For proper traffic flow between VPCs attached to a transit gateway, you must update the route tables associated with those attachments. While security groups and bucket policies are important, they do not control the routing of network traffic. Public key infrastructure also does not manage route propagation in this context.
Which feature allows domain name resolution across VPCs connected via peering, enabling resources in one VPC to look up private DNS names in another VPC?
Explanation: DNS Resolution Support enables private DNS resolution between peered VPCs, facilitating hostname lookups across VPC boundaries. The instance metadata service is used for VM details, Pop3 is an email protocol irrelevant to DNS, and NTP synchronizes clocks but does not handle DNS resolution.
What is a key bandwidth-related advantage of using a transit gateway over traditional VPC peering for connecting many VPCs?
Explanation: Transit gateways are designed to handle traffic between multiple VPCs with higher overall bandwidth, resolving scalability concerns of VPC peering links. They do not throttle all traffic or mandate public IP addresses, and they permit traffic on all allowed ports, not just port 80.
Which statement is true regarding IP address ranges when configuring VPC peering connections?
Explanation: VPC peering does not support connecting VPCs with overlapping IP address ranges, as this would create routing conflicts. Overlaps are not required; IPv6 support is available, but IPv4 is supported as well. Static NAT is not mandatory for peering, making the other options incorrect.
In which situation would using an inter-region transit gateway attachment be preferable to setting up multiple VPC peerings?
Explanation: An inter-region transit gateway attachment streamlines complex connectivity among many VPCs spread across regions, offering centralized control. Connecting just two VPCs in one region does not require a transit gateway. Communication with storage buckets and encrypting data within instances are unrelated to transit gateways.
How does using a transit gateway typically impact network cost compared to numerous individual VPC peering connections?
Explanation: A transit gateway centralizes connections, potentially lowering management complexity and improving cost tracking, though data transfer costs still apply. It does not always guarantee the lowest data transfer costs, nor does it eliminate all network charges. Ongoing data charges exist, not just creation costs.