AWS SAA Mock Exam 7 - Networking & Connectivity
📝 Exam Information
- Focus: VPC, Networking, Hybrid Connectivity
- Duration: 130 minutes
- Questions: 65 questions
Question 1
Công ty cần connect on-premises network (10.0.0.0/16) với AWS VPC (172.16.0.0/16). Yêu cầu bandwidth 5Gbps, low latency, high availability. Giải pháp nào optimal?
A) VPN connection với multiple tunnels B) Direct Connect với VIF + VPN backup C) Multiple Direct Connect connections với BGP routing D) Transit Gateway với multiple VPN connections
Answer: C Explanation: Multiple DX connections provide high bandwidth, low latency, và built-in redundancy với BGP routing.
Question 2
Multi-tier application trong private subnets cần internet access cho software updates nhưng không được expose ra internet. Architecture nào đúng?
A) Internet Gateway + Route Tables + Security Groups
B) NAT Gateway in public subnet + Route Tables
C) VPC Endpoints + Internet Gateway + NACLs
D) NAT Instance + Elastic IP + Security Groups
Answer: B Explanation: NAT Gateway cho phép outbound internet access từ private subnets mà không expose instances.
Question 3-15
[Additional networking questions covering:] - VPC design patterns (multi-tier, hub-spoke) - Security groups vs NACLs (stateful vs stateless) - Routing strategies (BGP, static routes) - DNS resolution (Route 53, private hosted zones)
Network Security Best Practices
- Defense in depth - Multiple security layers
- Least privilege - Minimum required access
- Network segmentation - Isolate workloads
- Monitoring - VPC Flow Logs, GuardDuty
Connectivity Options Comparison
- Internet Gateway: Public internet access
- NAT Gateway: Outbound internet from private subnets
- VPC Endpoints: Private access to AWS services
- Direct Connect: Dedicated network connection
- VPN: Encrypted connection over internet