Skip to content

Instantly share code, notes, and snippets.

@waptik
Last active June 22, 2026 20:22
Show Gist options
  • Select an option

  • Save waptik/c820ee3a8ab471f4f561fc2d31ab7968 to your computer and use it in GitHub Desktop.

Select an option

Save waptik/c820ee3a8ab471f4f561fc2d31ab7968 to your computer and use it in GitHub Desktop.
Quiz by Group C for AWS Certified Developer Associate = DVA-C02

AWS CloudFront & VPC - Kahoot Quiz

Kahoot! multiple choice format (one correct answer per question) · 21 questions

Checked box = correct answer. Use this as your answer-key reference when building or reviewing the kahoot.


Q1. What is the allowed VPC CIDR block size range in AWS?

  • A) /28 to /16
  • B) /24 to /8
  • C) /32 to /0
  • D) /30 to /16

Q2. How many IP addresses are reserved by AWS in every VPC subnet?

  • A) 2
  • B) 3
  • C) 5
  • D) 1

Q3. Which component for outbound internet access is fully managed BY AWS?

  • A) NAT instance
  • B) NAT Gateway
  • C) Bastion host
  • D) Customer Gateway

Q4. What is the max bandwidth a single NAT Gateway can scale up to?

  • A) 5 Gbps
  • B) 10 Gbps
  • C) 45 Gbps
  • D) 100 Gbps

Q5. Which statement correctly describes Security Groups?

  • A) Support allow and deny rules
  • B) Operate at the subnet level
  • C) They are stateful
  • D) Rules processed in numbered order

Q6. Which statement correctly describes Network ACLs?

  • A) They are stateful
  • B) Operate at the instance level
  • C) Support both allow and deny rules
  • D) Apply only when directly attached

Q7. By default, how many security groups can attach to one EC2 network interface?

  • A) 1
  • B) 5
  • C) 10
  • D) 25

Q8. Which AWS feature should you use to block traffic from a specific IP range?

  • A) Security Group
  • B) Network ACL
  • C) Route Table
  • D) Internet Gateway

Q9. What does an Internet Gateway perform for instances with public IPv4 addresses?

  • A) DNS resolution
  • B) Network Address Translation (NAT)
  • C) Load balancing
  • D) Health checks

Q10. Which option gives a dedicated private connection to AWS, bypassing the internet?

  • A) AWS Managed VPN
  • B) AWS Direct Connect
  • C) AWS VPN CloudHub
  • D) Software VPN

Q11. Which VPC endpoint type is used ONLY for Amazon S3 and DynamoDB?

  • A) Interface Endpoint
  • B) Gateway Endpoint
  • C) PrivateLink Endpoint
  • D) NAT Endpoint

Q12. Where does Amazon VPC store Flow Logs data by default?

  • A) Amazon S3
  • B) Amazon CloudWatch Logs
  • C) AWS CloudTrail
  • D) Amazon Athena

Q13. What sits between origins and edge locations, holding a larger cache?

  • A) Origin Shield
  • B) Regional Edge Cache
  • C) Distribution Hub
  • D) Cache Behavior

Q14. Which feature stops users bypassing CloudFront to access S3 directly?

  • A) Signed Cookies
  • B) Origin Access Identity (OAI)
  • C) Field-Level Encryption
  • D) AWS WAF

Q15. What is the default TTL for a CloudFront object with no cache-control headers?

  • A) 1 hour
  • B) 24 hours
  • C) 7 days
  • D) 1 year

Q16. Which feature runs Node.js or Python code at CloudFront edge locations?

  • A) AWS WAF
  • B) Lambda@Edge
  • C) Origin Shield
  • D) Field-Level Encryption

Q17. Which method restricts access for a client that doesn't support cookies?

  • A) Signed Cookies
  • B) Signed URLs
  • C) Origin Access Identity
  • D) Geo-restriction

Q18. Which HTTP method does CloudFront cache responses for?

  • A) GET requests only
  • B) POST requests only
  • C) PUT requests only
  • D) All HTTP methods equally

Q19. What must you do before a CloudFront distribution can be deleted?

  • A) Disable it first
  • B) Delete its origin
  • C) Remove all cache behaviors
  • D) Detach it from Route 53

Q20. Which service filters CloudFront requests via web ACL conditions?

  • A) AWS Shield
  • B) AWS WAF
  • C) AWS Firewall Manager
  • D) Amazon GuardDuty

Q21. A VPC peering connection target ID in a route table begins with?

  • A) vpc-
  • B) pcx-
  • C) igw-
  • D) nat-

AWS CloudFront – Kahoot Quiz

Kahoot! multiple choice · 21 questions

Topic: Amazon CloudFront (DVA-C02 · AWS re/Start)

Checked box = correct answer. Use as your answer-key reference when building the Kahoot.


Q1. What sits between origins and edge locations, holding a larger cache?

  • A) Origin Shield
  • B) Regional Edge Cache
  • C) Distribution Hub
  • D) Cache Behavior

Q2. Which feature stops users bypassing CloudFront to access S3 directly?

  • A) Signed Cookies
  • B) Origin Access Identity (OAI)
  • C) Field-Level Encryption
  • D) AWS WAF

Q3. What is the default TTL for a CloudFront object with no cache-control headers?

  • A) 1 hour
  • B) 24 hours
  • C) 7 days
  • D) 1 year

Q4. Which feature runs Node.js or Python code at CloudFront edge locations?

  • A) AWS WAF
  • B) Lambda@Edge
  • C) Origin Shield
  • D) Field-Level Encryption

Q5. Which method restricts access for a client that doesn't support cookies?

  • A) Signed Cookies
  • B) Signed URLs
  • C) Origin Access Identity
  • D) Geo-restriction

Q6. Which HTTP method does CloudFront cache responses for?

  • A) GET requests only
  • B) POST requests only
  • C) PUT requests only
  • D) All HTTP methods equally

Q7. What must you do before a CloudFront distribution can be deleted?

  • A) Disable it first
  • B) Delete its origin
  • C) Remove all cache behaviors
  • D) Detach it from Route 53

Q8. Which service filters CloudFront requests via web ACL conditions?

  • A) AWS Shield
  • B) AWS WAF
  • C) AWS Firewall Manager
  • D) Amazon GuardDuty

Q9. Which CloudFront feature protects against direct S3 URL access?

  • A) Signed Cookies
  • B) Origin Access Identity (OAI)
  • C) Field-Level Encryption
  • D) AWS WAF

Q10. What must happen before a CloudFront distribution is deleted?

  • A) Delete its origin first
  • B) Disable it (can take ~15 min)
  • C) Remove all invalidations
  • D) Detach from Route 53

Q11. Which distribution type streams media over RTMP protocol?

  • A) Web distribution
  • B) RTMP distribution
  • C) Edge distribution
  • D) Lambda@Edge distribution

Q12. What is Origin Failover used for in CloudFront?

  • A) Encrypting sensitive fields
  • B) Switching to a backup origin on failure
  • C) Caching at regional edge
  • D) Blocking by country

Q13. Which setting forces viewers to connect to CloudFront via HTTPS only?

  • A) HTTP and HTTPS
  • B) Redirect HTTP to HTTPS
  • C) HTTPS only
  • D) Match viewer

Q14. Which CloudFront feature encrypts specific form fields at the edge?

  • A) AWS WAF
  • B) Signed URLs
  • C) Field-Level Encryption
  • D) Origin Shield

Q15. Can you cancel a CloudFront invalidation after submitting it?

  • A) Yes, at any time
  • B) Yes, within 5 minutes only
  • C) No, it cannot be canceled
  • D) Only via AWS CLI

Q16. What is the path pattern of a CloudFront default cache behavior?

  • A) /default/*
  • B) /*
  • C) /cache/*
  • D) /origin/*

Q17. Which use case best suits CloudFront Signed Cookies?

  • A) Restricting a single file download
  • B) Granting access to many files at once
  • C) Blocking a specific country
  • D) Encrypting origin traffic

Q18. Is Amazon CloudFront a HIPAA eligible service?

  • A) No, never
  • B) Yes
  • C) Only in us-east-1
  • D) Only with a Business support plan

Q19. Which CloudFront metric is also known as 'time-to-first-byte'?

  • A) Cache hit rate
  • B) Origin latency
  • C) Total error rate
  • D) Bytes downloaded

Q20. Which action improves a CloudFront cache hit ratio?

  • A) Forward all headers to origin
  • B) Use Cache-Control max-age to extend TTL
  • C) Disable regional edge caches
  • D) Add more cache behaviors per object

Q21. Which HTTP status code does CloudFront return for WAF-blocked requests?

  • A) 301
  • B) 403
  • C) 500
  • D) 502

AWS Route 53 - Kahoot Quiz

Kahoot! multiple choice format (one correct answer per question) · 21 questions

Checked box = correct answer. Use this as your answer-key reference when building or reviewing the kahoot.


Q1. What type of DNS zone routes traffic within a VPC only?

  • A) Public hosted zone
  • B) Private hosted zone
  • C) Traffic flow zone
  • D) Resolver zone

Q2. Which two record types does Route 53 auto-create per hosted zone?

  • A) A and CNAME
  • B) NS and SOA
  • C) MX and TXT
  • D) PTR and SRV

Q3. How many name servers make up a Route 53 delegation set?

  • A) 2
  • B) 4
  • C) 6
  • D) 8

Q4. Which record type can point a zone apex at a CloudFront distribution?

  • A) CNAME
  • B) Alias
  • C) PTR
  • D) SRV

Q5. Which statement about Alias records is correct?

  • A) Charged for queries to AWS resources
  • B) CNAME can be at the zone apex
  • C) Can only point outside Route 53
  • D) Not charged for queries to AWS resources

Q6. Which routing policy uses round robin with no health check support?

  • A) Weighted
  • B) Simple
  • C) Latency
  • D) Failover

Q7. Which policy routes to a secondary resource only if primary fails?

  • A) Weighted
  • B) Failover
  • C) Geolocation
  • D) Multivalue answer

Q8. Which routing policy routes users by their geographic region?

  • A) Latency
  • B) Geolocation
  • C) Weighted
  • D) Simple

Q9. Which policy directs traffic to the Region with best round-trip time?

  • A) Latency
  • B) Geoproximity
  • C) Weighted
  • D) Multivalue answer

Q10. Which policy returns up to 8 healthy records selected at random?

  • A) Simple
  • B) Multivalue answer
  • C) Weighted
  • D) Latency

Q11. Which policy assigns a numeric value to control traffic proportion?

  • A) Weighted
  • B) Failover
  • C) Geolocation
  • D) Latency

Q12. What weight value stops a weighted record from getting traffic?

  • A) 1
  • B) -1
  • C) 0
  • D) 100

Q13. Which health check type is tied to a CloudWatch alarm?

  • A) HTTP_STR_MATCH
  • B) TCP
  • C) CALCULATED
  • D) CLOUDWATCH_METRIC

Q14. Which health check type monitors other health checks vs a threshold?

  • A) CALCULATED
  • B) TCP
  • C) HTTPS_STR_MATCH
  • D) CLOUDWATCH_METRIC

Q15. What is the default domain name registration limit per account?

  • A) 10
  • B) 25
  • C) 50
  • D) 100

Q16. Which port does Route 53 primarily use for DNS queries?

  • A) TCP/UDP port 53
  • B) TCP port 80
  • C) UDP port 443
  • D) TCP port 22

Q17. What uptime SLA does AWS offer for Route 53?

  • A) 99.9%
  • B) 99.99%
  • C) 99.999%
  • D) 100%

Q18. Which feature enables on-prem to AWS DNS queries over private links?

  • A) Route 53 Resolver
  • B) Route 53 Traffic Flow
  • C) Alias records
  • D) Private hosted zones

Q19. Which Route 53 record type does NOT support wildcard entries?

  • A) A
  • B) CNAME
  • C) NS
  • D) MX

Q20. When transferring a domain to another account, what happens to its hosted zone?

  • A) Auto-transferred
  • B) It is deleted
  • C) NOT migrated automatically
  • D) Becomes private

Q21. How long can NS record changes take to fully propagate?

  • A) 5 minutes
  • B) 1 hour
  • C) 48 hours
  • D) 1 week

AWS VPC & Route 53 – Kahoot Quiz

Kahoot! multiple choice · 21 questions

Topics: Amazon VPC and Amazon Route 53 (DVA-C02 · AWS re/Start)

Checked box = correct answer. Use as your answer-key reference when building the Kahoot.


Q1. What is the allowed VPC CIDR block size range in AWS?

  • A) /28 to /16
  • B) /24 to /8
  • C) /32 to /0
  • D) /30 to /16

Q2. What type of DNS zone routes traffic within a VPC only?

  • A) Public hosted zone
  • B) Private hosted zone
  • C) Traffic flow zone
  • D) Resolver zone

Q3. How many IP addresses are reserved by AWS in every VPC subnet?

  • A) 2
  • B) 3
  • C) 5
  • D) 1

Q4. Which two record types does Route 53 auto-create per hosted zone?

  • A) A and CNAME
  • B) NS and SOA
  • C) MX and TXT
  • D) PTR and SRV

Q5. Which component for outbound internet access is fully managed BY AWS?

  • A) NAT instance
  • B) NAT Gateway
  • C) Bastion host
  • D) Customer Gateway

Q6. How many name servers make up a Route 53 delegation set?

  • A) 2
  • B) 4
  • C) 6
  • D) 8

Q7. What is the max bandwidth a single NAT Gateway can scale up to?

  • A) 5 Gbps
  • B) 10 Gbps
  • C) 45 Gbps
  • D) 100 Gbps

Q8. Which record type can point a zone apex at a CloudFront distribution?

  • A) CNAME
  • B) Alias
  • C) PTR
  • D) SRV

Q9. Which statement correctly describes Security Groups?

  • A) Support allow and deny rules
  • B) Operate at the subnet level
  • C) They are stateful
  • D) Rules processed in numbered order

Q10. Which statement about Alias records is correct?

  • A) Charged for queries to AWS resources
  • B) CNAME can be at the zone apex
  • C) Can only point outside Route 53
  • D) Not charged for queries to AWS resources

Q11. Which statement correctly describes Network ACLs?

  • A) They are stateful
  • B) Operate at the instance level
  • C) Support both allow and deny rules
  • D) Apply only when directly attached

Q12. Which routing policy uses round robin with no health check support?

  • A) Weighted
  • B) Simple
  • C) Latency
  • D) Failover

Q13. By default, how many security groups can attach to one EC2 network interface?

  • A) 1
  • B) 5
  • C) 10
  • D) 25

Q14. Which policy routes to a secondary resource only if primary fails?

  • A) Weighted
  • B) Failover
  • C) Geolocation
  • D) Multivalue answer

Q15. Which AWS feature should you use to block traffic from a specific IP range?

  • A) Security Group
  • B) Network ACL
  • C) Route Table
  • D) Internet Gateway

Q16. Which routing policy routes users by their geographic region?

  • A) Latency
  • B) Geolocation
  • C) Weighted
  • D) Simple

Q17. What does an Internet Gateway perform for instances with public IPv4 addresses?

  • A) DNS resolution
  • B) Network Address Translation (NAT)
  • C) Load balancing
  • D) Health checks

Q18. Which policy directs traffic to the Region with best round-trip time?

  • A) Latency
  • B) Geoproximity
  • C) Weighted
  • D) Multivalue answer

Q19. Which option gives a dedicated private connection to AWS, bypassing the internet?

  • A) AWS Managed VPN
  • B) AWS Direct Connect
  • C) AWS VPN CloudHub
  • D) Software VPN

Q20. Which policy returns up to 8 healthy records selected at random?

  • A) Simple
  • B) Multivalue answer
  • C) Weighted
  • D) Latency

Q21. Which policy assigns a numeric value to control traffic proportion?

  • A) Weighted
  • B) Failover
  • C) Geolocation
  • D) Latency
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment