You have a VPC with CIDR 10.0.0.0/16 and a subnet 10.0.1.0/24. You want instances in this subnet to access the internet. Which route table entry correctly enables this?
Internet access requires routing all external traffic (0.0.0.0/0) to the internet gateway.
To allow internet access, the route table must send all traffic destined outside the VPC (0.0.0.0/0) to the internet gateway (igw). Other options either route internal traffic or use incorrect targets.
You have a VPC with public and private subnets. Which route table setup correctly isolates private subnet traffic from direct internet access?
Private subnets use NAT gateways to access the internet indirectly.
Public subnets route internet traffic directly to the internet gateway. Private subnets route internet traffic to a NAT gateway, which allows outbound internet access without exposing instances directly.
What happens if a route table in a VPC does not include the default local route (e.g., 10.0.0.0/16 → local)?
The local route enables communication inside the VPC CIDR block.
The local route is automatically added to route tables and allows instances to communicate within the VPC. Removing it breaks internal communication between instances.
You have a route table that includes the routes 10.0.0.0/16 → local and 10.0.1.0/24 → nat-gateway. Which route applies for traffic to 10.0.1.5?
More specific routes take priority over broader ones.
Route tables prioritize the most specific route. Since 10.0.1.0/24 is more specific than 10.0.0.0/16, traffic to 10.0.1.5 goes to the NAT gateway.
A subnet's instances cannot reach the internet, but the subnet is public and associated with a route table that has 0.0.0.0/0 → igw. What is the most likely cause?
Public subnets require instances to have public IPs to access the internet.
Even with correct routing, instances in a public subnet need public IP addresses to communicate with the internet. Without them, traffic cannot flow out.