AWS Network Services

Question 1

What is a VPC?

Answer 1

A Virtual Private Cloud, an isolated virtual network in AWS where you can launch resources (EC2, RDS, etc.). Each account comes with a default VPC.

Question 2

What’s the difference between default and non-default VPC?

Answer 2

Default VPC comes preconfigured with subnets, route tables, and an internet gateway. A non-default VPC is created manually and fully customizable.

Question 3

What is a subnet?

Answer 3

A subdivision of a VPC IP range (CIDR). Defines a smaller network segment where resources live. Can be public, private, or VPN-only depending on route table entries.

Question 4

How do you decide if a subnet is public or private?

Answer 4

If the subnet’s route table has an entry to an Internet Gateway (IGW) → public. If no IGW but has a Virtual Private Gateway (VPG) → VPN-only. If neither → private.

Question 5

What is a route table?

Answer 5

A set of rules (routes) that define how traffic is directed within a VPC. Every subnet must be associated with one.

Question 6

What is an Internet Gateway (IGW)?

Answer 6

A VPC component that allows communication between instances in the VPC and the internet. Also translates private IPs to public IPs (NAT).

Question 7

What is a NAT Gateway?

Answer 7

A managed AWS service that allows private subnets to initiate outbound connections to the internet (e.g., for updates), but prevents inbound connections.

Question 8

What is an Egress-only Internet Gateway?

Answer 8

Similar to NAT Gateway, but used for IPv6 traffic only.

Question 9

What is a Security Group (SG)?

Answer 9

A stateful firewall at the instance level. Works as an allow list only. Return traffic is automatically allowed.

Question 10

What is a Network ACL (NACL)?

Answer 10

A stateless firewall at the subnet level. Evaluates inbound and outbound rules separately. Allows both allow and deny rules.

Question 11

Key difference SG vs NACL?

Answer 11

SG = instance-level, stateful, allow-only rules. NACL = subnet-level, stateless, allow & deny rules.

Question 12

What is a VPC Peering?

Answer 12

A connection between two VPCs allowing traffic via private IPs. Not transitive (A-B and B-C doesn’t mean A-C). Max ~1.25–1.5 Gbps.

Question 13

What is an AWS Transit Gateway?

Answer 13

A scalable hub-and-spoke service that connects multiple VPCs and on-prem networks. Simplifies networking (no need for full-mesh peering).

Question 14

What is a VPC Endpoint?

Answer 14

A private connection from your VPC to AWS services (like S3, DynamoDB) without using the internet. Uses Elastic Network Interfaces.

Question 15

What is PrivateLink?

Answer 15

An extension of endpoints that lets you privately connect your VPC to third-party services or other AWS accounts through their load balancers.

Question 16

What is Route 53?

Answer 16

AWS’s scalable, highly available DNS service. Translates domain names into IPs and performs health checks for endpoints.

Question 17

What is CloudFront?

Answer 17

AWS’s Content Delivery Network (CDN). Distributes content via edge locations worldwide for low latency. Integrated with WAF & Shield.

Question 18

What is Global Accelerator?

Answer 18

Provides two static IPs that route traffic through AWS’s global network to the closest healthy endpoint. Improves latency & failover across regions.

Question 19

Difference Route 53 vs Global Accelerator?

Answer 19

Route 53 = DNS-based traffic routing (decision at resolution time). Global Accelerator = network-level routing using static IPs and AWS backbone.

Question 20

What is a Site-to-Site VPN?

Answer 20

A managed VPN that connects on-premises networks (Customer Gateway) to AWS (Virtual Private Gateway) over the public internet. Max ~1.25 Gbps.

Question 21

What is a Client VPN?

Answer 21

A managed VPN for individual remote users (teleworkers) to securely connect to AWS or on-prem networks.

Question 22

What is Direct Connect?

Answer 22

A private, dedicated connection between your data center and AWS via a colocation facility. Bandwidth up to 10/50/100 Gbps. Lower latency, higher reliability.

Question 23

Key difference: VPN vs Direct Connect?

Answer 23

VPN = quick, cheap, internet-based, ~1.25 Gbps. Direct Connect = private, high bandwidth (up to 100 Gbps), stable, ideal for hybrid/enterprise workloads.

Question 24

rango de IP privadas que AWS asigna como default VPC?

Answer 24

172.31.0.0/16