Networking — AWS Certified SysOps Administrator Practice Questions

Learning

Loading practice session...

Loading certificate…

Ready to learn

Sample questions — Networking

1. Which characteristic distinguishes a public subnet from a private subnet in an AWS VPC?

A.A public subnet has a route to an Internet Gateway in its route table, allowing direct internet access.✓ Correct
B.A public subnet automatically assigns private IP addresses to all instances launched within it.
C.A public subnet uses a NAT Gateway to route outbound traffic to the internet from instances.
D.A public subnet restricts all inbound traffic using Network Access Control Lists by default.

Explanation

A public subnet is defined by having a route (0.0.0.0/0) pointing to an Internet Gateway in its associated route table, enabling instances with public IPs to communicate directly with the internet.

2. A company wants database servers to be inaccessible from the internet but still able to download OS updates. Which subnet architecture should be used?

A.Place the database servers in a private subnet and route outbound internet traffic through a NAT Gateway in a public subnet.✓ Correct
B.Place the database servers in a public subnet and use Security Groups to block all inbound internet traffic.
C.Place the database servers in a private subnet with a direct route to the Internet Gateway for outbound traffic only.
D.Place the database servers in a public subnet with a Network ACL that denies all inbound traffic on port 80 and 443.

Explanation

Private subnets have no direct route to an Internet Gateway. A NAT Gateway (placed in a public subnet) allows outbound-only internet access for private subnet resources, keeping them unreachable from outside.

3. A VPC has two subnets. Subnet A can reach the internet; Subnet B cannot. What is the MOST likely difference between their configurations?

A.Subnet A's route table contains a 0.0.0.0/0 route to an Internet Gateway; Subnet B's route table does not.✓ Correct
B.Subnet A has a larger CIDR block than Subnet B, providing more available IP addresses for routing.
C.Subnet B is associated with the main route table, which contains a route to a Virtual Private Gateway.
D.Subnet A has an IPv6 CIDR block assigned, while Subnet B only supports IPv4 addressing.

Explanation

Internet reachability in a VPC is controlled by the subnet's associated route table. Only subnets whose route table has a 0.0.0.0/0 entry pointing to an Internet Gateway are considered public subnets.

4. When multiple routes in a VPC route table match a destination IP address, how does AWS determine which route to use?

A.AWS uses the most specific route (longest prefix match), selecting the route with the narrowest CIDR range that matches.✓ Correct
B.AWS always prefers the default route (0.0.0.0/0) over all other routes regardless of prefix length.
C.AWS selects routes in alphabetical order based on the target gateway identifier in the route table.
D.AWS randomly selects among all matching routes to distribute traffic evenly across available gateways.

Explanation

VPC route tables use longest prefix match (most specific route) to determine the path for traffic. A /24 route is preferred over a /16 route for overlapping destinations, matching standard IP routing behavior.

5. Which AWS Elastic Load Balancer type is BEST suited for routing HTTP and HTTPS traffic to different microservices based on URL path?

A.Application Load Balancer (ALB), which supports content-based routing rules using host headers and URL paths.✓ Correct
B.Network Load Balancer (NLB), which operates at Layer 4 and offers ultra-low latency for all HTTP traffic.
C.Classic Load Balancer (CLB), which provides advanced Layer 7 routing for legacy microservice architectures.
D.Gateway Load Balancer (GWLB), which inspects and routes HTTP traffic through third-party virtual appliances.

Explanation

Application Load Balancers operate at Layer 7 and support advanced routing rules based on URL paths, host headers, HTTP methods, and query parameters — ideal for microservices and containerized applications.

Practice all 22+ questions in this domain

Start free practice →

Frequently asked questions

How many AWS Certified SysOps Administrator practice questions are there for Networking?↓

AnyCert has 22 AWS Certified SysOps Administrator practice questions specifically for the Networking domain, each with a detailed AI-tutored explanation.

Is Networking heavily tested on the AWS Certified SysOps Administrator exam?↓

Networking is one of the core domains in the AWS Certified SysOps Administrator exam blueprint. Mastering this domain is essential for passing. AnyCert's practice questions cover the full scope of testable topics in this domain.

How should I study the Networking domain for AWS Certified SysOps Administrator?↓

Practice all 22 Networking questions in AnyCert, review every explanation for missed answers, and use the AI tutor to clarify any concept. Focus on understanding the reasoning behind each answer, not just memorizing the correct choice.

Sample questions — Networking

1. Which characteristic distinguishes a public subnet from a private subnet in an AWS VPC?

A.A public subnet has a route to an Internet Gateway in its route table, allowing direct internet access.✓ Correct
B.A public subnet automatically assigns private IP addresses to all instances launched within it.
C.A public subnet uses a NAT Gateway to route outbound traffic to the internet from instances.
D.A public subnet restricts all inbound traffic using Network Access Control Lists by default.

Explanation

A public subnet is defined by having a route (0.0.0.0/0) pointing to an Internet Gateway in its associated route table, enabling instances with public IPs to communicate directly with the internet.

2. A company wants database servers to be inaccessible from the internet but still able to download OS updates. Which subnet architecture should be used?

A.Place the database servers in a private subnet and route outbound internet traffic through a NAT Gateway in a public subnet.✓ Correct
B.Place the database servers in a public subnet and use Security Groups to block all inbound internet traffic.
C.Place the database servers in a private subnet with a direct route to the Internet Gateway for outbound traffic only.
D.Place the database servers in a public subnet with a Network ACL that denies all inbound traffic on port 80 and 443.

Explanation

3. A VPC has two subnets. Subnet A can reach the internet; Subnet B cannot. What is the MOST likely difference between their configurations?

A.Subnet A's route table contains a 0.0.0.0/0 route to an Internet Gateway; Subnet B's route table does not.✓ Correct
B.Subnet A has a larger CIDR block than Subnet B, providing more available IP addresses for routing.
C.Subnet B is associated with the main route table, which contains a route to a Virtual Private Gateway.
D.Subnet A has an IPv6 CIDR block assigned, while Subnet B only supports IPv4 addressing.

Explanation

4. When multiple routes in a VPC route table match a destination IP address, how does AWS determine which route to use?

A.AWS uses the most specific route (longest prefix match), selecting the route with the narrowest CIDR range that matches.✓ Correct
B.AWS always prefers the default route (0.0.0.0/0) over all other routes regardless of prefix length.
C.AWS selects routes in alphabetical order based on the target gateway identifier in the route table.
D.AWS randomly selects among all matching routes to distribute traffic evenly across available gateways.

Explanation

5. Which AWS Elastic Load Balancer type is BEST suited for routing HTTP and HTTPS traffic to different microservices based on URL path?

A.Application Load Balancer (ALB), which supports content-based routing rules using host headers and URL paths.✓ Correct
B.Network Load Balancer (NLB), which operates at Layer 4 and offers ultra-low latency for all HTTP traffic.
C.Classic Load Balancer (CLB), which provides advanced Layer 7 routing for legacy microservice architectures.
D.Gateway Load Balancer (GWLB), which inspects and routes HTTP traffic through third-party virtual appliances.

Explanation

Practice all 22+ questions in this domain

Start free practice →

Frequently asked questions

How many AWS Certified SysOps Administrator practice questions are there for Networking?↓

AnyCert has 22 AWS Certified SysOps Administrator practice questions specifically for the Networking domain, each with a detailed AI-tutored explanation.

Is Networking heavily tested on the AWS Certified SysOps Administrator exam?↓

How should I study the Networking domain for AWS Certified SysOps Administrator?↓