📋 VPC Cheat Sheet

Networking and troubleshooting questions in SOA-C03 usually start with VPC routing, filtering, DNS, or hybrid connectivity.

Why This Cheat Sheet Matters for SOA-C03

This cheat sheet covers the most important Amazon VPC concepts tested on the SOA-C03 (AWS CloudOps Engineer Associate) certification exam. It contains 3 sections with 12 key points that you should memorize before exam day. Practice VPC operations, subnet routing, NAT gateways, security groups, NACLs, VPC endpoints, flow logs, peering, and troubleshooting connectivity. Use this as a quick-reference guide during your final review sessions.

3Sections
12Key Points

Traffic Path

  • Route tables decide where subnet traffic goes.
  • Security groups are stateful and attached to network interfaces.
  • NACLs are stateless and apply at subnet boundaries.
  • VPC Flow Logs capture accepted or rejected traffic metadata, not payloads.

Connectivity

  • NAT gateways allow private subnet instances to initiate outbound internet access.
  • Gateway endpoints support S3 and DynamoDB private access from a VPC.
  • Interface endpoints use PrivateLink for private access to many AWS services.
  • Transit Gateway provides hub-and-spoke connectivity across many VPCs and networks.

Exam Cues

  • Need private AWS service access: choose a VPC endpoint.
  • Need centralized many-VPC routing: Transit Gateway.
  • Need identify rejected traffic: VPC Flow Logs.
  • Need outbound-only internet for private instances: NAT gateway.

Practice VPC Questions

Put your knowledge to the test with practice questions.

VPC Questions →Full SOA-C03 Quiz

More SOA-C03 Cheat Sheets

📋CloudWatch Cheat Sheet📋Systems Manager Cheat Sheet📋Backup and Recovery Cheat Sheet📋CloudFormation Cheat Sheet📋IAM and Security Cheat Sheet📋Route 53 Cheat Sheet📋CloudFront Cheat Sheet
← SOA-C03 Study HubFree Mock Exam7-Day Study Plan