Back to Amazon VPC

Route Tables

5 minutes 5 Questions

Route Tables are used to define routes for the traffic within a VPC, allowing communication between subnets and determining how network traffic is directed between resources. Each subnet within a VPC must be associated with a route table, and the table can have multiple entries with varying rules controlling which traffic is allowed or denied to reach the specific destinations. Route Tables provide the ability to configure public and private routing, which dictates if instances within the subnet have access to the internet. When creating a VPC, a default route table is created, which can be modified or replaced with custom route tables based on specific needs.

Guide: Understanding Route Tables in Amazon VPC

What is Route Table in Amazon VPC?


A Route Table in Amazon VPC is a fundamental component which is used to determine where network traffic is directed, based on its destination IP address. Every subnet in a VPC must be associated with a route table; which controls the traffic for that subnet.

Importance of Route Tables in Amazon VPC


Route Tables plays a vital role in the management and control of network traffic flow. With Route tables, you can ensure that traffic is routed correctly to its intended destination. Incorrectly configured route tables can cause traffic loss, unnecessary cost and security issues.

How Route Tables work?


A route table contains a set of rules, called routes, which are used to determine where network traffic is directed. Each subnet in your VPC must be associated with a route table; the table controls the traffic for that subnet. Route tables contain a default route called the local route, which enables communication within the VPC.

Exam Tips: Answering Questions on Route Tables


When tackling exam questions on Route Tables, remember the following tips:
  • Understand that every subnet in your VPC is associated with a route table.
  • Understand the function of a local route in Amazon VPC.
  • Make sure you're aware of the security implications of correctly configuring your route tables.
  • Remember that modifications to route tables can cause traffic to be routed in non-intuitive ways - so understanding the impact of changes is key.

Test mode:
Start practice test
AWS Certified Solutions Architect - Amazon VPC Example Questions

Test your knowledge of Amazon Simple Storage Service (S3)

Question 1

A company set two instances in two subnets, Instance A in Subnet A, and Instance B in Subnet B. Instance A is connected to their headquarters via a VPN connection. They want all traffic between Instance B and the Headquarters to pass through Instance A for further inspection and monitoring. Which Route Table configuration is required?

Correct Answer: In Subnet B's Route Table, add a route with the on-premises network CIDR as the destination and Instance A's network interface as target.

You need to configure Subnet B's Route Table to direct all traffic that is destined for the on-premises network to pass through Instance A's network interface. This will achieve the desired level of inspection and monitoring without making changes to the on-premises network or creating additional network devices or connections.

Question 2

An organization launches new Instances for a temporary Batch process in an AWS VPC. They want the Instances to access the internet, but don't want outside traffic to initiate a connection. Which Route Table configuration should be set?

Correct Answer: Add a route to the internet gateway for the Batch Instance Subnet and configure a NAT Gateway.

To allow internet access for the Batch Instances without allowing incoming traffic from the internet, add a route to the Route Table targeting the internet gateway for the Instances' Subnet and set up a NAT Gateway. The NAT Gateway allows outbound traffic to access the internet, but does not permit incoming traffic to initiate connections with the Instances.

Question 3

A company hosts a website on an Instance in a VPC. They want to grant specific security group access to some administrators using SSH to manage the Instance. Which Route Table change must be made?

Correct Answer: No change is needed to the Route Table, only changes to the security group are required.

The Route Table controls routing of traffic between subnets; SSH access should be managed in the security groups attached to the instance by opening the SSH port only for the IP addresses or security groups that need access. No change is necessary in the Route Table.

Go Premium

AWS Certified Solutions Architect - Associate Preparation Package (2025)

  • 2202 Superior-grade AWS Certified Solutions Architect - Associate practice questions.
  • Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
  • Unlock Effortless AWS Certified Solutions Architect preparation: 5 full exams.
  • 100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
  • Bonus: If you upgrade now you get upgraded access to all courses
  • Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!
More Route Tables questions
4 questions (total)
Start 4 question test