VPC Interview Questions & Answers

Must-Know questions on Amazon VPC for Interviews!

1. What is Amazon VPC?

A. Amazon Virtual Private Cloud (VPC) is a service that allows you to provision a logically isolated section of the AWS Cloud, giving you control over your virtual networking environment.

2. What are the components of VPC?

A. Key components include subnets, route tables, network access control lists (NACLs), security groups, internet gateways, and virtual private gateways.

3. What is CIDR block in VPC?

A. CIDR (Classless Inter-Domain Routing) block is a range of IP addresses used to define the size and address space of a VPC and its subnets.

4. Explain VPC Peering.

A. VPC Peering allows connecting one VPC with another via a direct network route using private IP addresses. It enables communication between instances in different VPCs as if they are on the same network.

5. How does Internet Gateway work in VPC?

A. An Internet Gateway (IGW) enables communication between instances in a VPC and the internet. It serves as a gateway for traffic destined to or originating from the internet.

6. What is the purpose of a NAT Gateway in VPC?

A. Network Address Translation (NAT) Gateway allows instances in a private subnet to initiate outbound traffic to the internet while preventing inbound traffic initiated by the internet.

7. Describe VPC Endpoint types and their uses.

A.VPC Endpoints allow private connectivity to AWS services, eliminating the need for internet gateways or NAT devices, enhancing security, and reducing data transfer costs.

8. How are Security Groups different from NACLs in VPC?

A. Security Groups act as virtual firewalls for instances, controlling inbound and outbound traffic, while Network Access Control Lists (NACLs) operate at the subnet level and control traffic in and out of subnets.

9. What is the purpose of Route Tables in VPC?

A. Route Tables determine where network traffic is directed within a VPC. They define the rules for routing packets based on their destination IP addresses.

10. Explain VPC Flow Logs.

A. VPC Flow Logs capture information about the IP traffic going to and from network interfaces in a VPC, providing detailed visibility for monitoring and troubleshooting network issues.

11. How do you create a VPC?

A. VPC creation involves defining a CIDR block, specifying subnets, configuring route tables, and attaching internet and NAT gateways.

12. What is a CIDR block in VPC?

A. CIDR (Classless Inter-Domain Routing) block is a range of IP addresses used to define the size and address space of a VPC and its subnets.

13. Can you modify the CIDR block of an existing VPC?

A. No, the CIDR block of an existing VPC cannot be modified. You would need to create a new VPC with the desired CIDR block and migrate resources.

14. Explain VPC Peering Limitations.

A. VPC peering doesn’t support transitive peering; you can’t peer through a peered VPC to another VPC. Also, CIDR blocks should not overlap.

15. How does VPC Endpoints enhance security?

A. VPC Endpoints allow private connectivity to AWS services, avoiding exposure to the public internet, thus enhancing security and reducing data transfer costs.

16. What is the purpose of Subnetting in VPC?

A. Subnetting allows segregation of resources within a VPC and facilitates better network management and security controls.

17. Can a subnet span multiple Availability Zones (AZs)?

A. No, subnets are confined to a single AZ within a region.

18. Explain the difference between Public and Private subnets.

A. Public subnets have a route to an Internet Gateway, while private subnets use a NAT Gateway or NAT instance for outbound internet access.

19. How are Subnet route tables used in VPC?

A. Route tables define how traffic is routed between subnets and to the internet or other resources within or outside the VPC.

20. What happens if a subnet’s route table doesn’t have an internet gateway?

A. Instances in that subnet can’t access the internet unless a NAT gateway or NAT instance is used for outbound traffic.

21. What is the difference between a Virtual Private Gateway and an Internet Gateway?

A. A Virtual Private Gateway is used for connecting VPCs to a VPN or direct connect, while an Internet Gateway allows internet connectivity.

22. How does a NAT Gateway differ from a NAT instance in VPC?

A. NAT Gateways are managed services by AWS, while NAT instances require manual setup and configuration.

23. What is the role of an Elastic IP (EIP) in VPC?

A. EIPs are static public IP addresses that can be attached to instances or resources to provide persistent public access.

24. Describe the role of Security Groups in VPC.

A. Security Groups act as firewalls controlling inbound and outbound traffic to instances within a VPC.

25. Can you associate multiple Security Groups with an EC2 instance?

A. Yes, an instance can be associated with multiple Security Groups, allowing fine-grained control over network traffic.

26. How do Network Access Control Lists (NACLs) differ from Security Groups?

A. NACLs operate at the subnet level and filter traffic at the network level, whereas Security Groups are applied at the instance level and filter traffic at the instance level.

27. Explain the default rules in a Security Group.

A. By default, all inbound traffic is denied, and all outbound traffic is allowed in a newly created Security Group.

28. Can you use VPC peering between VPCs in different regions?

A. No, VPC peering is limited to VPCs within the same region.

29. How can you achieve cross-account VPC peering?

A. By modifying the peering connection’s request to reference the VPC in another AWS account and accepting the peering request in both accounts.

30. What steps would you take to troubleshoot VPC connectivity issues?

A. Check route tables, security group rules, NACLs, VPC peering, and subnet associations for potential misconfigurations.

31. How do you monitor VPC performance and resources?

A. CloudWatch metrics, VPC Flow Logs, and third-party tools can be used to monitor VPC performance and resource utilization.

32. Explain the concept of VPC Limits and how they can affect deployments.

A. VPC limits define maximum resources (such as VPCs, subnets, Security Groups) per AWS account per region, affecting the scale and capacity of deployments.

33. What actions can you take to improve VPC performance?

A. Optimize subnet CIDR ranges, distribute instances across AZs, use low-latency instance types, and leverage AWS managed services like NAT Gateways for outbound traffic.

34. What are some best practices for securing a VPC?

A. Implement least privilege access controls, regularly update Security Groups and NACLs, use bastion hosts, enable VPC Flow Logs, and conduct regular audits.

35. How would you secure data transferred within a VPC?

A. Use encryption for data in transit (SSL/TLS) and at rest (AWS Key Management Service), ensure strict access controls, and employ secure communication protocols.

Prabhat_Yadav