VPC Amazon Virtual Private Cloud - SAP-C02 Practice Questions

Practice VPC segmentation, route tables, NAT, endpoints, private connectivity, security groups, network ACLs, and VPC Flow Logs.

6Questions Available
4Exam Domains

Practice VPC Questions Now

Start a timed practice session focusing on Amazon Virtual Private Cloud topics from the SAP-C02 question bank.

Start SAP-C02 Practice Quiz →

SAP-C02 VPC Question Bank (6 Questions)

Browse all 6 practice questions covering Amazon Virtual Private Cloud for the SAP-C02 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

  1. Question 1Continuous Improvement for Existing Solutions

    A company wants to improve the availability of their three-tier web application. Currently, a single NAT Gateway in one AZ is used for private subnet internet access. What improvement should be made?

    AReplace the NAT Gateway with a NAT instance for cost savings
    BDeploy a NAT Gateway in each AZ and update route tables so each private subnet uses the NAT Gateway in its AZ
    CUse a single NAT Gateway in the primary AZ with cross-AZ routing
    DEnable Internet Gateway for private subnets

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SAP-C02 Quiz
  2. Question 2Design Solutions for Organizational Complexity

    A large enterprise with 200 AWS accounts wants to ensure that no account can disable AWS CloudTrail or modify VPC Flow Logs. Which mechanism enforces these controls at the organizational level?

    AAWS Config conformance packs deployed to all accounts
    BIAM permission boundaries on all IAM roles
    CAWS Organizations Service Control Policies (SCPs)
    DAWS Security Hub automated standards

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SAP-C02 Quiz
  3. Question 3Design Solutions for Organizational Complexity

    An organization must ensure that all new AWS accounts created in their organization automatically have VPC Flow Logs enabled in all regions. What is the BEST solution?

    AUse an SCP to require VPC Flow Logs on account creation
    BUse AWS Control Tower account factory with customizations to enable VPC Flow Logs via CloudFormation StackSets
    CUse an AWS Lambda function triggered by CloudTrail CreateAccount events
    DDeploy an AWS Config rule to detect missing VPC Flow Logs and trigger remediation

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SAP-C02 Quiz
  4. Question 4Design Solutions for Organizational Complexity

    A company's networking team manages a centralized shared VPC. Application teams in separate AWS accounts need to launch EC2 instances into subnets in this shared VPC. Which AWS feature enables this?

    AVPC peering with private route tables
    BAWS Resource Access Manager (RAM) to share VPC subnets with participant accounts
    CAWS Transit Gateway for inter-account routing
    DAWS PrivateLink to expose the shared VPC endpoints

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SAP-C02 Quiz
  5. Question 5Design Solutions for Organizational Complexity

    An organization wants to centralize all VPC Flow Logs from 40 accounts for security analysis. What is the MOST automated approach with minimum per-account configuration?

    ADeploy a Lambda function in each account to push Flow Logs to the central account
    BUse AWS Organizations with CloudFormation StackSets to deploy VPC Flow Logs configuration and Kinesis Firehose destinations pointing to the central logging account
    CUse CloudTrail to capture all Flow Log data
    DEnable VPC Flow Logs manually in each account

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SAP-C02 Quiz
  6. Question 6Design Solutions for Organizational Complexity

    A company is implementing a hub-and-spoke architecture with centralized egress via a NAT Gateway in a central VPC. What must be configured in the spoke VPCs and TGW for this to work?

    AVPC peering between each spoke and the central VPC
    BEach spoke VPC attaches to TGW; spoke VPC default route points to TGW; TGW central route table routes 0.0.0.0/0 to the central egress VPC attachment; central VPC routes traffic through NAT Gateway
    CEach spoke VPC needs its own Internet Gateway
    DUse PrivateLink from each spoke to the central NAT Gateway

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SAP-C02 Quiz

Key VPC Concepts for SAP-C02

vpcsubnetroute tablenat gatewayvpc endpointsecurity groupnaclflow logsprivatelink

SAP-C02 VPC Exam Tips

Amazon Virtual Private Cloud questions in SAP-C02 are typically scenario-based. Focus on enterprise-scale multi-account architecture, governance, and modernization strategies. Priority concepts: vpc, subnet, route table, nat gateway, vpc endpoint, security group.

What SAP-C02 Expects

  • Anchor your answer in prefer future-proof designs that support organizational complexity and migration realities.
  • VPC scenarios for SAP-C02 are frequently mapped to Domain 1 (26%), Domain 2 (29%), Domain 3 (25%), Domain 4 (20%), so read the objective carefully before picking controls or architecture.
  • Expect multi-topic scenarios where VPC interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Professional) and vendor best practices.

High-Value VPC Concepts

  • Know the core VPC building blocks cold: vpc, subnet, route table, nat gateway.
  • Review the edge-case features and limits for vpc endpoint, security group; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how VPC pairs with Networking, Transit Gateway, Security & Compliance in real deployment patterns.
  • For SAP-C02, explain why the chosen VPC design meets reliability, security, and cost expectations better than the alternatives.

Common SAP-C02 Traps

  • Watch for answers that work for a single account but fail at organizational scale.
  • Questions in Design Solutions for Organizational Complexity often include distractors that look correct for VPC but violate least-privilege, durability, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two VPC implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Design Solutions for Organizational Complexity (26%) outcomes for SAP-C02?
  • Can you explain security and access boundaries for VPC without relying on default-open assumptions?
  • Can you describe how VPC integrates with Networking and Transit Gateway during failure, scaling, and monitoring events?

Exam Domains Covering VPC

Domain 1Design Solutions for Organizational Complexity26%Domain 2Design for New Solutions29%Domain 3Continuous Improvement for Existing Solutions25%Domain 4Accelerate Workload Migration and Modernization20%

Related Resources

🎯 Free SAP-C02 Mock Exam Networking Questions Transit Gateway Questions Security & Compliance Questions

More SAP-C02 Study Resources

← SAP-C02 Study Hub30-Day Study PlanFull Practice Exam