AWS Transit Gateway Flashcards
What is the primary function of AWS Transit Gateway?
A) Providing a centralized hub to connect multiple VPCs and on-premises networks
B) Encrypting data at rest in AWS services
C) Managing IAM users and roles
D) Hosting web applications on AWS
Answer: A) Providing a centralized hub to connect multiple VPCs and on-premises networks
Explanation: AWS Transit Gateway acts as a central router that simplifies network management by connecting multiple VPCs and on-premises networks through a single gateway.
Which of the following is an advantage of AWS Transit Gateway compared to VPC peering?
A) Supports transitive routing between VPCs
B) Requires less configuration than Transit Gateway
C) Is only applicable within the same region
D) Uses a flat network topology
Answer: A) Supports transitive routing between VPCs
Explanation: Unlike VPC peering, AWS Transit Gateway enables transitive routing, allowing traffic to flow between multiple VPCs and on-premises networks without needing individual peering connections.
How can traffic segmentation be achieved in AWS Transit Gateway?
A) By using separate Transit Gateway route tables for different workloads
B) By assigning unique IAM roles to each VPC
C) By enabling Auto Scaling in AWS Transit Gateway
D) By deploying a dedicated Transit Gateway per VPC
Answer: A) By using separate Transit Gateway route tables for different workloads
Explanation: AWS Transit Gateway allows traffic segmentation by using multiple route tables, enabling separation of traffic between different VPCs, applications, or business units.
Which AWS feature is commonly used alongside AWS Transit Gateway to enforce security policies in segmented traffic?
A) AWS Security Groups
B) AWS Network Firewall
C) AWS Lambda
D) AWS CloudFormation
Answer: B) AWS Network Firewall
Explanation: AWS Network Firewall can be used with Transit Gateway to enforce security policies, inspect traffic, and create segmentation rules for different workloads.
What is the main difference between AWS PrivateLink and AWS Transit Gateway?
A) PrivateLink is used for connecting services within AWS without exposing traffic to the internet, while Transit Gateway is used for interconnecting multiple VPCs and on-premises networks
B) PrivateLink supports transitive routing, while Transit Gateway does not
C) Transit Gateway is designed for service discovery, while PrivateLink handles network security
D) PrivateLink replaces Transit Gateway for all networking use cases
Answer: A) PrivateLink is used for connecting services within AWS without exposing traffic to the internet, while Transit Gateway is used for interconnecting multiple VPCs and on-premises networks
Explanation: AWS PrivateLink provides a way to securely access AWS services or third-party services without exposing them to the internet, whereas AWS Transit Gateway connects multiple VPCs and on-premises networks.
When would AWS PrivateLink be a better choice than AWS Transit Gateway?
A) When needing to access AWS services privately without transitive routing
B) When managing a large-scale multi-VPC architecture requiring centralized routing
C) When requiring site-to-site VPN connectivity
D) When implementing AWS Lambda functions
Answer: A) When needing to access AWS services privately without transitive routing
Explanation: AWS PrivateLink is ideal for securely accessing AWS services without traversing the internet, while Transit Gateway is better suited for interconnecting multiple VPCs and on-premises networks.
What is AWS Transit Gateway primarily used for?
A) Hosting static websites on AWS
B) Providing a centralized routing hub for multiple VPCs and on-premises networks
C) Encrypting network traffic between AWS regions
D) Replacing AWS Direct Connect for hybrid cloud connections
Answer: B) Providing a centralized routing hub for multiple VPCs and on-premises networks
Explanation: AWS Transit Gateway allows customers to connect multiple VPCs, on-premises networks, and Direct Connect connections through a single routing hub, simplifying network management.
Which AWS feature allows AWS Transit Gateway to connect to an on-premises data center?
A) AWS Site-to-Site VPN or AWS Direct Connect
B) AWS Security Groups
C) AWS CloudFormation
D) AWS Lambda
Answer: A) AWS Site-to-Site VPN or AWS Direct Connect
Explanation: AWS Transit Gateway can integrate on-premises data centers using AWS Site-to-Site VPN (public internet-based connection) or AWS Direct Connect (private, dedicated network link).
How does AWS Transit Gateway differ from VPC Peering?
A) Transit Gateway supports transitive routing, while VPC Peering does not
B) Transit Gateway is only for AWS services, while VPC Peering supports hybrid cloud connections
C) VPC Peering can connect more VPCs than Transit Gateway
D) Transit Gateway requires overlapping CIDR blocks, while VPC Peering does not
Answer: A) Transit Gateway supports transitive routing, while VPC Peering does not
Explanation: AWS Transit Gateway supports transitive routing, meaning traffic can flow through the gateway between multiple VPCs. VPC Peering only allows direct connections between two VPCs and does not support transitive routing.
Which component is required to configure routing in AWS Transit Gateway?
A) Transit Gateway Route Tables
B) AWS Elastic Load Balancer
C) AWS Security Groups
D) Amazon Route 53
Answer: A) Transit Gateway Route Tables
Explanation: Transit Gateway Route Tables define how traffic is routed between VPCs, AWS Direct Connect, and on-premises networks in AWS Transit Gateway.
Which of the following AWS networking services is required for AWS Transit Gateway to communicate with an on-premises network?
A) AWS Internet Gateway
B) AWS Site-to-Site VPN or AWS Direct Connect
C) AWS Elastic Load Balancer
D) AWS Network Firewall
Answer: B) AWS Site-to-Site VPN or AWS Direct Connect
Explanation: AWS Transit Gateway enables hybrid cloud connectivity by linking AWS resources to on-premises networks via Site-to-Site VPN or Direct Connect.
What is a key advantage of using AWS Transit Gateway over traditional VPC peering?
A) AWS Transit Gateway supports transitive routing
B) AWS Transit Gateway is cheaper than VPC Peering
C) AWS Transit Gateway encrypts traffic by default
D) AWS Transit Gateway automatically provisions all AWS networking services
Answer: A) AWS Transit Gateway supports transitive routing
Explanation: AWS Transit Gateway allows multiple VPCs to communicate with each other through a single connection, unlike VPC Peering, which requires direct peer-to-peer connections.
Which of the following best describes AWS Transit Gateway route tables?
A) They define which traffic is allowed or denied within AWS Security Groups
B) They store DNS records for routing between AWS resources
C) They determine how traffic flows between connected VPCs, AWS Direct Connect, and Site-to-Site VPN connections
D) They manage IAM roles and permissions for networking services
Answer: C) They determine how traffic flows between connected VPCs, AWS Direct Connect, and Site-to-Site VPN connections
Explanation: AWS Transit Gateway route tables control how traffic is routed between VPCs, Direct Connect, and on-premises networks.
What is the default behavior of AWS Transit Gateway when a new VPC attachment is created?
A) It automatically learns routes and enables communication
B) It requires explicit route configuration in a Transit Gateway route table
C) It creates a default internet route for the VPC
D) It automatically peered with all VPCs within the AWS region
Answer: B) It requires explicit route configuration in a Transit Gateway route table
Explanation: When a VPC is attached to AWS Transit Gateway, it does not automatically propagate routes; the administrator must manually configure route tables.
What is the maximum number of AWS Transit Gateways that can be attached to a single VPC?
A) One
B) Two
C) Three
D) Unlimited
Answer: A) One
Explanation: A VPC can only be attached to one AWS Transit Gateway at a time, but a single Transit Gateway can connect to multiple VPCs.
Which of the following cannot be connected directly to AWS Transit Gateway?
A) AWS Direct Connect
B) AWS Site-to-Site VPN
C) Amazon Route 53
D) Amazon VPC
Answer: C) Amazon Route 53
Explanation: Amazon Route 53 is a DNS service and does not interact with AWS Transit Gateway, which is used for network routing.
