Top 30 AWS VPC Interview Questions and Answers Pdf

AWS Certified Solutions Architect Begins the 30 Top Funding IT Certifications. Surely, AWS Architect situation is the whole of the familiar sought subsequent amongst IT projects. We at SVR are dedicated to accommodating you enhance your business in sync with enterprise specifications. That’s why we have designed a table of AWS Architect Interview questions and answers that will several apparently notice requested through your interview. If you’ve visited an Amazon Web Services Training interview or have further questions exceeding whatever we have included, you can maximize the Cloud computing profession possibilities that are sure to get your form by practicing AWS Certified Solutions Architect Training with SVR. You can communicate the AWS Architect certification exam later the course at SVR Technologies.

AWS VPC Interview Questions

Here are the best 30 objective type sample AWS Interview questions and their answers are presented simply following them. Certain example questions are composed of professionals from SVR technologies who leads for Amazon Web Services Job Support Online to give you an idea of a type of questions which may be claimed in an interview. We have acquired to provide accurate answers to all the questions.

1. What is ClassicLink?
Answer: Amazon Virtual Private Cloud (VPC) ClassicLink allows EC2 instances in the EC2-Classic platform to communicate with instances in a VPC using private IP addresses. To use ClassicLink, enable it for a VPC in your account, and associate a Security Group from that VPC with an instance in EC2-Classic. All the rules of your VPC Security Group will apply to communications between instances in EC2-Classic and instances in the VPC.

2. How do you use ClassicLink?
Answer: In order to use ClassicLink, you first need to enable at least one VPC in your account for ClassicLink. Then you associate a Security Group from the VPC with the desired EC2-Classic instance. The EC2-Classic instance is now linked to the VPC and is a member of the selected Security Group in the VPC. Your EC2-Classic instance cannot be linked to more than one VPC at the same time.

3. Does the EC2-Classic instance become a member of the VPC?
Answer: The EC2-Classic instance does not become a member of the VPC. It becomes a member of the VPC Security Group that was associated with the instance. All the rules and references to the VPC Security Group apply to communication between instances in EC2-Classic instance and resources within the VPC.

4. Will ClassicLink settings on my EC2-Classic instance persist through stop/start cycles?
Answer: The ClassicLink connection will not persist through stop/start cycles of the EC2-Classic instance. The EC2-Classic instance will need to be linked back to a VPC after it is stopped and started. However, the ClassicLink connection will persist through instance reboot cycles.

5. Can you have more than two network interfaces attached to my EC2 instance?
Answer: The total number of network interfaces that can be attached to an EC2 instance depends on the instance type. See the EC2 User Guide for more information on the number of allowed network interfaces per instance type. 

6. Can you attach a network interface in one Availability Zone to an instance in another Availability Zone?
Answer: Network interfaces can only be attached to instances residing in the same Availability Zone.

7. Can you attach a network interface in one VPC to an instance in another VPC?
Answer: Network interfaces can only be attached to instances in the same VPC as the interface.

8. Can you use Elastic Network Interfaces as a way to host multiple websites requiring separate IP addresses on a single instance?
Answer: Yes, however, this is not a use case best suited for multiple interfaces. Instead, assign additional private IP addresses to the instance and then associate EIPs to the private IPs as needed. 

9. Can you detach the primary interface (eth0) on my EC2 instance?
Answer: No. You can attach and detach secondary interfaces (eth1-eth) on an EC2 instance, but you can’t detach the eth0 interface. Learn AWS Training Online From Real-Time Experts 

10. Can you use AWS Direct Connect or hardware VPN connections to access VPCs I’m peered with?
Answer: No. “Edge to Edge routing” isn’t supported in Amazon VPC. Refer to the VPC Peering Guide for additional information. 

11. Can you peer two VPCs with matching IP address ranges?
Answer: No. Peered VPCs must have non-overlapping IP ranges.

12. Do you need an Internet Gateway to use peering connections?
Answer: No. VPC peering connections do not require an Internet Gateway.

13. Is VPC peering traffic within the region encrypted?
Answer: No. Traffic between instances in peered VPCs remains private and isolated – similar to how traffic between two instances in the same VPC is private and isolated.

14. Is there any bandwidth limitations for peering connections?
Answer: Bandwidth between instances in peered VPCs is no different than bandwidth between instances in the same VPC. Note: A placement group can span peered VPCs; however, you will not get full-bisection bandwidth between instances in peered VPCs. Read more about Placement Groups.

15. Can you modify the VPC route tables? How?
Answer: Yes. You can create route rules to specify which subnets are routed to the Internet gateway, the virtual private gateway, or other instances.

16. Can you specify which subnet will use which gateway as its default?
Answer: Yes. You may create a default route for each subnet. The default route can direct traffic to egress the VPC via the Internet gateway, the virtual private gateway, or the NAT gateway.

17. Can you use the AWS Management Console to control and manage Amazon VPC?
Answer: Yes. You can use the AWS Management Console to manage Amazon VPC objects such as VPCs, subnets, route tables, Internet gateways, and IPSec VPN connections. Additionally, you can use a simple wizard to create a VPC.

18. How many VPCs, subnets, Elastic IP addresses, Internet gateways, customer gateways, virtual private gateways, and VPN connections can you create?
Answer: You can have:
⦁ Five Amazon VPCs per AWS account per region

⦁ Two hundred subnets per Amazon VPC

⦁ Five Amazon VPC Elastic IP addresses per AWS account per region

⦁ One Internet gateway per VPC

⦁ Five virtual private gateways per AWS account per region

⦁ Fifty customer gateways per AWS account per region

⦁ Ten IPsec VPN Connections per virtual private gateway

⦁ See the VPC User Guide for more information on VPC limits.

19. Does the Amazon VPC VPN Connection have a Service Level Agreement (SLA)?
Answer: Not

20. What does an Amazon VPC router do?
Answer: An Amazon VPC router enables Amazon EC2 instances within subnets to communicate with Amazon EC2 instances in other subnets within the same VPC. The VPC router also enables subnets, Internet gateways, and virtual private gateways to communicate with each other. Network usage data is not available from the router; however, you can obtain network usage statistics from your instances using Amazon CloudWatch.


21. Does Amazon VPC support multicast or broadcast?
Answer: No 

22. How do instances in a VPC access the Internet?
Answer: You can use public IP addresses, including Elastic IP addresses (EIPs), to give instances in the VPC the ability to both directly communicate outbound to the Internet and to receive unsolicited inbound traffic from the Internet (e.g., web servers). You can also use the solutions in the next question.

23. How do instances without public IP addresses access to the Internet?
Answer: Instances without public IP addresses can access the Internet in one of two ways:

Instances without public IP addresses can route their traffic through a NAT gateway or a NAT instance to access the Internet. These instances use the public IP address of the NAT gateway or NAT instance to traverse the Internet. The NAT gateway or NAT instance allows outbound communication but doesn’t allow machines on the Internet to initiate a connection to the privately addressed instances.

For VPCs with a hardware VPN connection or Direct Connect connection, instances can route their Internet traffic down the virtual private gateway to your existing datacenter. From there, it can access the Internet via your existing egress points and network security/monitoring devices.

24. How does a hardware VPN connection work with Amazon VPC?
Answer: A hardware VPN connection connects your VPC to your datacenter. Amazon supports Internet Protocol security (IPsec) VPN connections. Data transferred between your VPC and datacenter routes over an encrypted VPN connection to help maintain the confidentiality and integrity of data in transit. An Internet gateway is not required to establish a hardware VPN connection.

25. How do I connect a VPC to my corporate datacenter?
Answer: Establishing a hardware VPN connection between your existing network and Amazon VPC allows you to interact with Amazon EC2 instances within a VPC as if they were within your existing network. AWS does not perform network address translation (NAT) on Amazon EC2 instances within a VPC accessed via a hardware VPN connection. Complete.

26. Which customer gateway devices can I use to connect to Amazon VPC?
Answer: There are two types of VPN connections that you can create: statically-routed VPN connections and dynamically-routed VPN connections. Customer gateway devices supporting statically-routed VPN connections must be able to:

  • Establish IKE Security Association using Pre-Shared Keys
  • Establish IPsec Security Associations in Tunnel mode
  • Utilize the AES 128-bit or 256-bit encryption function
  • Utilize the SHA-1 or SHA-2 (256) hashing function
  • Utilize Diffie-Hellman (DH) Perfect Forward Secrecy in “Group 2” mode, or one of the additional DH groups we support
  • Perform packet fragmentation prior to encryption

In addition to the above capabilities, devices supporting dynamically-routed VPN connections must be able to:

  • Establish Border Gateway Protocol (BGP) peerings
  • Bind tunnels to logical interfaces (route-based VPN)
  • Utilize IPsec Dead Peer Detection

27. Name any VPCs for which you cannot enable ClassicLink?
Answer: ClassicLink cannot be enabled for a VPC that has a Classless Inter-Domain Routing (CIDR) that is within the range, with the exception of and In addition, ClassicLink cannot be enabled for any VPC that has a route table entry pointing to the CIDR space to a target other than “local”. 

28. Can traffic from an EC2-Classic instance travel through the Amazon VPC and egress through the Internet gateway, virtual private gateway, or to peered VPCs?
Answer: Traffic from an EC2-Classic instance can only be routed to private IP addresses within the VPC. They will not be routed to any destinations outside the VPC, including Internet gateway, virtual private gateway, or peered VPC destinations.

29. Does ClassicLink affect the access control between the EC2-Classic instance and other instances that are in the EC2-Classic platform?
Answer: ClassicLink does not change the access control defined for an EC2-Classic instance through its existing Security Groups from the EC2-Classic platform. 

30. What tools are available to me to help troubleshoot my Hardware VPN configuration?
Answer: The DescribeVPNConnection API displays the status of the VPN connection, including the state (“up”/”down”) of each VPN tunnel and corresponding error messages if either tunnel is “down”. This information is also displayed in the AWS Management Console.

Note: Browse latest Aws Interview Questions and Aws Tutorial. Here you can check Aws Training details and Aws Training Videos for self learning. Contact +91 988 502 2027 for more information.

Leave a Comment

Scroll to Top