Which statement correctly describes the main difference between a public subnet and a private subnet in AWS?
Think about which subnet can send traffic directly to the internet.
Public subnets have a route to the internet gateway, enabling resources to communicate directly with the internet. Private subnets lack this route, so their resources cannot access the internet directly.
You are designing a web application architecture in AWS. Which subnet setup is best practice for hosting web servers and databases?
Consider which resources need internet access and which should be protected.
Web servers need internet access to serve users, so they go in public subnets. Databases should be protected from direct internet access, so they go in private subnets.
What is the security risk if a private subnet mistakenly has a route to an internet gateway?
Think about what happens when private resources can be reached from outside.
If a private subnet has a route to an internet gateway, its resources can be accessed directly from the internet, which can expose sensitive data and increase attack surface.
How does a NAT Gateway enable instances in a private subnet to access the internet?
Consider how private subnet instances send requests to the internet without direct access.
A NAT Gateway in a public subnet routes outbound traffic from private subnet instances to the internet, allowing them to access external services without exposing their private IPs.
You have a VPC with CIDR block 10.0.0.0/16. You want to create two public subnets and two private subnets with equal size and no overlap. Which CIDR blocks correctly divide the VPC into these four subnets?
Remember that /16 means 65536 IPs. Dividing into four equal subnets means each subnet has /18 (16384 IPs).
Dividing a /16 block into four /18 blocks creates four equal subnets without overlap. Option A correctly assigns four /18 CIDR blocks covering the entire 10.0.0.0/16 range.