Explore core concepts of Lambda networking with a focus on VPC connectivity, subnets, and integration patterns. This quiz helps you strengthen your understanding of how compute functions connect securely to private and public resources within virtual networks.
Which best describes a Virtual Private Cloud (VPC) in cloud networking environments?
Explanation: A VPC is a private, isolated segment of the cloud where resources can be launched securely. It is not a physical server (distractor B), nor simply a virtual machine (C). Option D, a public network open to everyone, does not describe the controlled isolation provided by a VPC.
When a Lambda function is configured to run inside a VPC, what is required for it to access private resources, such as a database in a private subnet?
Explanation: To access private resources, the Lambda must be launched within specific subnets and associated with the correct security group for permissions. Giving a public IP (B) or publishing it (D) does not grant access to private resources. Disabling network controls (C) is insecure and not required.
What is the main distinguishing factor between a public and a private subnet in cloud networking?
Explanation: Public subnets have a route to the internet gateway, making resources accessible from the internet. The other options—storage size (B), resource type (C), and resource quantity (D)—do not determine whether a subnet is public or private.
If a Lambda function inside a private subnet needs to connect to the internet, what is commonly required?
Explanation: A NAT device lets private subnet resources access the internet while staying inaccessible from the outside. Assigning a MAC address (B) or decreasing CIDR (D) doesn’t provide internet access. Deploying the Lambda outside the VPC (C) would remove VPC-level controls.
What is the default network behavior for a Lambda function that is NOT connected to a VPC?
Explanation: By default, Lambda can access the internet but cannot reach resources inside private VPCs. It is not limited to one subnet (C), cannot launch databases on its own (D), and does have internet access, unlike answer B.
In Lambda networking within a VPC, what is the primary role of a security group assigned to the function?
Explanation: Security groups control allowed network traffic to and from the resources. They do not handle storage (B), scaling (C), or billing (D), which are managed by other components or services.
Why might you assign multiple subnets to a Lambda function running in a VPC?
Explanation: Assigning multiple subnets, often in different zones, raises reliability if an Availability Zone fails. Extra subnets do not impact RAM (B), Lambda timeouts (C), or directly affect costs (D).
What happens if you assign your Lambda function to only private subnets with no NAT configuration and it tries to call an external API?
Explanation: Without NAT or public access, private subnets prevent outgoing internet connections. Lambdas do not get public access automatically (B), do not fail all execution (C), and do not gain access by restarting (D).
Which Lambda network configuration method allows only outgoing connections from a private subnet to the internet, blocking incoming connections?
Explanation: A NAT gateway enables resources in private subnets to access the internet outbound, while incoming traffic is blocked. Elastic IPs cannot be directly attached to Lambda (B). Assigning to a public subnet (C) exposes Lambda to the internet, and removing routes (D) cuts all connectivity.
A Lambda function needs to connect securely to a database inside a private subnet. Which configuration is necessary?
Explanation: To connect, the Lambda must be in the same VPC with the right subnet and security group permissions. Assigning a public IP (B) or same function name (D) is not sufficient or relevant. Disabling security groups (C) is insecure and unnecessary.