Explore key concepts of AWS Virtual Private Cloud networking, including subnets, CIDR blocks, and routing table basics. Assess your understanding of network segmentation, IP addressing, and secure routing best practices within a cloud environment.
Which statement correctly describes the role of a subnet within a VPC?
Explanation: The correct answer describes the fundamental purpose of a subnet: breaking a VPC’s overall IP range into smaller, distinct networks for segmentation and organization. Subnets do not automatically encrypt traffic (Option B), do not replace routing tables (Option C), and are not exclusive to on-premises connectivity (Option D). The distractors either misrepresent or overstate the function of a subnet.
Which of the following is a valid example of a CIDR block assigned to a subnet?
Explanation: The answer shows correct CIDR notation, with an IP address followed by a forward slash and a prefix length. The second option mistakenly uses a subnet mask in the wrong format, the third does not follow CIDR syntax, and the fourth contains dashes instead of dots as separators. Only the correct option accurately represents a CIDR block.
What distinguishes a public subnet from a private subnet in a cloud environment?
Explanation: A public subnet is defined by its route table containing a route that directs traffic to an internet gateway, allowing public internet access. Subnet size (Option B) and encryption (Option D) are not defining features, and all subnets require route tables (Option C). These misconceptions are addressed by the alternatives.
What is the main purpose of a routing table in a VPC?
Explanation: Routing tables decide how packets are forwarded between subnets or to other networks. Encrypting data (Option B) is handled separately, assigning IPs (Option C) is usually done by DHCP, and security groups (Option D) are for access control, not routing. The distractors either mix up functions or confuse networking concepts.
What is the smallest IPv4 CIDR block size you can assign to a VPC?
Explanation: A /28 CIDR block provides 16 IP addresses, and is the smallest allowed for a VPC. A /30 would provide too few addresses and is not permitted, while /16 and /8 represent much larger subnets. The distractor options represent valid CIDR notations but not all are allowed sizes for a VPC.
In a new VPC, what does the main route table do by default?
Explanation: By default, the main routing table allows network communication between all subnets in the VPC. It does not block all traffic (Option B), nor does it automatically provide internet access to subnets (Option C). Assigning IP addresses (Option D) is performed by a different component. The incorrect options confuse routing with other functionalities.
How does increasing the subnet mask length in a CIDR block (such as from /24 to /26) affect the number of available IP addresses in the subnet?
Explanation: A longer subnet mask results in smaller subnets, and thus, fewer available IP addresses. Public access (Option B) depends on routing, not mask length. Option C is the opposite of reality, and Option D is incorrect since /26 is a valid CIDR block. The distractors reflect common misunderstandings of CIDR behavior.
Which action must you perform when creating a new VPC to allow future subnet creation?
Explanation: A VPC must be assigned a CIDR block upon creation, as this defines the range available for subnets. Attaching an internet gateway (Option B) is optional based on needs. Assigning elastic IPs (Option C) and creating all security groups upfront (Option D) are not mandatory steps for VPC creation. The incorrect answers confuse other setup tasks with the foundational requirement.
Why should subnets in a VPC be created in different availability zones?
Explanation: Distributing subnets across multiple zones protects applications from zone-specific failures and improves overall availability. Subnetting does not reduce IPs (Option B), routing tables remain necessary (Option C), and subnet size is determined by CIDR blocks, not zone placement (Option D). The distractors misunderstand subnet and zone relationships.
What happens if you try to create two subnets in a VPC with overlapping CIDR blocks, such as 10.0.1.0/24 and 10.0.1.128/25?
Explanation: Subnets within a VPC cannot have overlapping IP ranges; attempting to create them will result in an error. Subnets cannot be merged automatically (Option B), and automated correction (Option C) does not occur. Public status (Option D) depends on routes, not IP overlap. The alternatives reflect misconceptions about subnet configuration.