Bird
Raised Fist0
AWScloud~20 mins

Creating a custom VPC in AWS - Practice Exercises

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Custom VPC Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Architecture
intermediate
2:00remaining
VPC CIDR Block Size Calculation

You create a custom VPC with the CIDR block 10.0.0.0/20. How many IP addresses are available for use in this VPC?

A4096 IP addresses
B2048 IP addresses
C8192 IP addresses
D1024 IP addresses
Attempts:
2 left
💡 Hint

Remember that the number of IP addresses in a CIDR block is 2^(32 - prefix length).

Configuration
intermediate
2:00remaining
Subnet Creation in a Custom VPC

You have a VPC with CIDR block 192.168.0.0/16. You want to create a subnet with CIDR 192.168.1.0/24. Which statement is true about this subnet?

AThe subnet contains 256 IP addresses, but 5 are reserved by AWS.
BThe subnet contains 128 IP addresses, all usable by instances.
CThe subnet contains 512 IP addresses, but 5 are reserved by AWS.
DThe subnet contains 256 IP addresses, all usable by instances.
Attempts:
2 left
💡 Hint

A /24 subnet has 256 IP addresses, but AWS reserves some IPs.

security
advanced
2:00remaining
Security Group Behavior in a Custom VPC

You create a security group in your custom VPC that allows inbound SSH (port 22) from 0.0.0.0/0. What is the security implication of this configuration?

AOnly IP addresses within the VPC can connect via SSH to instances using this security group.
BNo IP addresses can connect via SSH because the rule is invalid.
COnly IP addresses explicitly whitelisted in the subnet can connect via SSH.
DAny IP address on the internet can attempt to connect via SSH to instances using this security group.
Attempts:
2 left
💡 Hint

Consider what 0.0.0.0/0 means in network rules.

service_behavior
advanced
2:00remaining
Internet Gateway Attachment Effect

You create a custom VPC and attach an Internet Gateway (IGW) to it. What effect does attaching the IGW have on the VPC?

AIt blocks all inbound traffic from the internet to the VPC.
BIt automatically assigns public IP addresses to all instances in the VPC.
CIt enables instances in public subnets to communicate with the internet if route tables are configured correctly.
DIt creates a VPN connection to AWS managed services.
Attempts:
2 left
💡 Hint

Think about what an Internet Gateway does in AWS networking.

Best Practice
expert
3:00remaining
Designing a Highly Available Custom VPC Architecture

You need to design a custom VPC architecture that supports high availability for a web application across two Availability Zones (AZs). Which design best meets this requirement?

ACreate one public subnet in a single AZ and multiple private subnets in the other AZ, with a single NAT Gateway in the public subnet.
BCreate one public subnet and one private subnet in each AZ, with a NAT Gateway in each public subnet for outbound internet access from private subnets.
CCreate multiple public subnets in one AZ only, and private subnets in both AZs, sharing a single NAT Gateway in the public subnet.
DCreate one public subnet and one private subnet in a single AZ only, with a NAT Gateway in the private subnet.
Attempts:
2 left
💡 Hint

Consider fault tolerance and redundancy across AZs.

Practice

(1/5)
1. What is the main purpose of creating a custom VPC in AWS?
easy
A. To automatically create public IP addresses for all instances
B. To connect your AWS account to social media platforms
C. To enable AWS to manage your network without your input
D. To have a private network with a specific IP range for your resources

Solution

  1. Step 1: Understand what a VPC is

    A VPC is a private network in AWS where you control IP ranges and network settings.

  2. Step 2: Identify the purpose of a custom VPC

    Creating a custom VPC lets you choose your IP range and control network setup for your resources.

  3. Final Answer:

    To have a private network with a specific IP range for your resources -> Option D

  4. Quick Check:

    Custom VPC = Private network with chosen IP range [OK]
Hint: Custom VPC means your own private network in AWS [OK]
Common Mistakes:
  • Thinking VPC automatically assigns public IPs
  • Believing AWS manages the network without user control
  • Confusing VPC with external internet connections
2. Which of the following is the correct way to specify the CIDR block when creating a custom VPC?
easy
A. 192.168.1.256/24
B. 255.255.255.0
C. 10.0.0.0/16
D. 10.0.0.0/33

Solution

  1. Step 1: Understand CIDR notation

    CIDR block defines IP range with format like x.x.x.x/y where y is between 0 and 32.

  2. Step 2: Check each option for validity

    10.0.0.0/16 is valid CIDR (10.0.0.0/16). 255.255.255.0 is a subnet mask, not CIDR. 192.168.1.256/24 has invalid IP (256). 10.0.0.0/33 has invalid prefix length (33).

  3. Final Answer:

    10.0.0.0/16 -> Option C

  4. Quick Check:

    CIDR block format = x.x.x.x/y with y ≤ 32 [OK]
Hint: CIDR uses / and prefix ≤ 32, IP parts ≤ 255 [OK]
Common Mistakes:
  • Using subnet mask instead of CIDR
  • Using invalid IP numbers like 256
  • Using prefix length greater than 32
3. Given this AWS CLI command to create a VPC:
aws ec2 create-vpc --cidr-block 10.1.0.0/16 --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=MyVPC}]'

What will be the result?
medium
A. A VPC with CIDR 10.1.0.0/16 and a Name tag 'MyVPC' will be created
B. The command will fail due to incorrect tag syntax
C. A VPC with default CIDR will be created ignoring the specified CIDR
D. A subnet will be created instead of a VPC

Solution

  1. Step 1: Analyze the CLI command structure

    The command uses 'create-vpc' with a valid CIDR block and correct tag specification syntax.

  2. Step 2: Understand the effect of the command

    This creates a VPC with the given CIDR and applies the Name tag 'MyVPC' to it.

  3. Final Answer:

    A VPC with CIDR 10.1.0.0/16 and a Name tag 'MyVPC' will be created -> Option A

  4. Quick Check:

    Valid CLI command creates VPC with CIDR and tags [OK]
Hint: Tags use 'ResourceType' and 'Tags' in CLI [OK]
Common Mistakes:
  • Incorrect tag syntax causing command failure
  • Confusing subnet creation with VPC creation
  • Ignoring the CIDR block parameter
4. You created a custom VPC but forgot to enable DNS hostnames. What is the best way to fix this?
medium
A. Modify the VPC attribute to enable DNS hostnames using AWS console or CLI
B. Delete the VPC and create a new one with DNS hostnames enabled
C. Create a new subnet with DNS hostnames enabled
D. DNS hostnames cannot be enabled after VPC creation

Solution

  1. Step 1: Understand DNS hostnames setting in VPC

    DNS hostnames is a VPC attribute that can be enabled or disabled after creation.

  2. Step 2: Identify how to enable DNS hostnames

    You can modify the VPC attribute via AWS console or CLI without deleting the VPC.

  3. Final Answer:

    Modify the VPC attribute to enable DNS hostnames using AWS console or CLI -> Option A

  4. Quick Check:

    DNS hostnames can be enabled post-creation [OK]
Hint: VPC attributes can be changed anytime without deletion [OK]
Common Mistakes:
  • Thinking you must delete and recreate the VPC
  • Trying to enable DNS hostnames on a subnet instead of VPC
  • Believing DNS hostnames are enabled by default always
5. You want to create a custom VPC with two public subnets in different availability zones and enable DNS support and hostnames. Which sequence of steps is correct?
hard
A. Attach internet gateway first, then create VPC and subnets, DNS settings are automatic
B. Create VPC with CIDR, enable DNS support and hostnames, create two public subnets in different AZs, attach internet gateway
C. Create VPC with CIDR, create subnets, attach internet gateway, then enable DNS support and hostnames
D. Create two subnets first, then create VPC, enable DNS hostnames, attach internet gateway

Solution

  1. Step 1: Create the VPC with chosen CIDR block

    The VPC must exist before creating subnets or attaching gateways.

  2. Step 2: Enable DNS support and hostnames on the VPC

    This ensures resources inside can resolve names properly.

  3. Step 3: Create two public subnets in different availability zones

    Subnets must be inside the VPC and in separate AZs for high availability.

  4. Step 4: Attach an internet gateway to allow internet access

    This makes the subnets public.

  5. Final Answer:

    Create VPC with CIDR, enable DNS support and hostnames, create two public subnets in different AZs, attach internet gateway -> Option B

  6. Quick Check:

    VPC -> DNS -> Subnets -> Internet Gateway [OK]
Hint: VPC first, then DNS settings, subnets, internet gateway [OK]
Common Mistakes:
  • Creating subnets before the VPC exists
  • Attaching internet gateway before VPC creation
  • Assuming DNS settings are automatic