Interview · AWS Networking
AWS Networking — Interview Questions (Sample)
Question bank covering VPC, TGW, and Cloud WAN.
These questions exercise the interview layout’s accordion and difficulty filter.
What is the difference between a security group and a network ACL? easy
Security groups are stateful and operate at the ENI level; return traffic is automatically allowed. Network ACLs are stateless, operate at the subnet level, and evaluate rules in numbered order.
When would you choose Cloud WAN over a Transit Gateway mesh? medium
Choose Cloud WAN when you have a global, multi-region network and want a single declarative policy instead of operating one TGW per region with manual peering. For a single region, a TGW is simpler.
Explain how segment isolation and sharing work in a Cloud WAN policy. hard
Segments are isolated by default. Sharing is opt-in via
segment-actions with a share action, or share-with on the segment.
Static routes and attachment-acceptance rules also live in
segment-actions. Nothing routes between segments unless the policy says so.