VPC

Question 1

What is AWS VPC?

Answer 1

A virtual datacenter in the cloud. A logically isolated part of the AWS cloud where you can define your own network.

Question 2

What does an AWS VPC consist of?

Answer 2

Internet gateways (or virtual private gateways), route tables, network access control lists, subnets, and security groups.

Question 3

How many AZ’s can 1 subnet be in?

Answer 3

1

Question 4

Can a subnet span multiple AZ’s?

Answer 4

No

Question 5

What is a NAT Gateway?

Answer 5

Network Address Translation Gateway

it enables instances in a private subnet to connect to the internet or other AWS services while preventing the internet from initiating a connection with those instances.

Question 6

What is a NAT Gateway?

Answer 6

Network Address Translation Gateway

it enables instances in a private subnet to connect to the internet or other AWS services while preventing the internet from initiating a connection with those instances.

Question 7

Where does the NAT gateway live in your VPC environment?

Answer 7

The public subnet.

Question 8

What Gbps throughput does NAT Gateway start at?

Answer 8

5 Gbps

Question 9

What Gbps throughput can a NAT gateway scale too?

Answer 9

45 Gbps

Question 10

Do you need to patch a NAT Gateway?

Answer 10

No

Question 11

Are security groups stateful?

Answer 11

Yes

Question 12

What does it mean that Security groups are stateful?

Answer 12

If you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules

Question 13

Are Network ACL’s stateful?

Answer 13

No, they are stateless

Question 14

Does your VPC Automatically come with a Network ACL?

Answer 14

Yes

Question 15

Does the default NACL allow inbound and outbound traffic?

Answer 15

yes

Question 16

Does a custom NACL allow all inbound and outbound traffic by default?

Answer 16

No, it denies by default.

Question 17

Does a Subnet need to be associated with a NACL?

Answer 17

Yes, if you do not add one the default one will be associated to the subnet.

Question 18

Would you use a NACL or a security group to block an IP address?

Answer 18

A NACL

Question 19

Can a subnet be associated to multiple NACL’s?

Answer 19

No

Question 20

Can a NACL be associated to multiple subnets?

Answer 20

Yes

Question 21

If you add a subnet to a NACL what happens to the prior NACL associated to the subnet?

Answer 21

The previous association is removed.

Question 22

Does a NACL contain a numbered list of rules?

Answer 22

Yes

Question 23

In what order do NACLs evaluate the rule list?

Answer 23

In order starting with the lowest numbered rule.

Question 24

Can NACLs have separate inbound and outbound rules for the same thing.

For example can it allow inbound traffic on port 80 but deny outbound traffic on port 80?

Answer 24

Yes

Question 25

Are NACLs stateless?

Answer 25

Yes

Question 26

What would you use a VPC Endpoint for?

Answer 26

When you want to connect to an AWS service without leaving the Amazon internal network.

Question 27

What are the two VPC Endpoints?

Answer 27

1) Interface
2) gateway

Question 28

What are the two services the Gateway VPC Endpoint supports?

Answer 28

S3 and DynamoDB

Question 29

What does VPC Peering allow you to do?

Answer 29

Connect 1 VPC to another VPC via a direct network route using private IP addresses

Question 30

Is transitive peering allowed with VPC Peering?

Answer 30

No

Question 31

Can you peer between regions with VPC Peering?

Answer 31

Yes

Question 32

Can you overlap CIDR address ranges with VPC Peering?

Answer 32

No

Question 33

How can you peer VPC’s to tens, hundreds, or thousands of customer VPC’s?

Answer 33

AWS PrivateLink

Question 34

Does AWS PrivateLink require VPC Peering?

Answer 34

No

Question 35

Does AWS PrivateLink require no route tables?

Answer 35

Yes

Question 36

Does AWS PrivateLink require NAT Gateways?

Answer 36

No

Question 37

What are the two things an AWS PrivateLink require?

Answer 37

A Network Load Balancer on the service VPC and an ENI on the customer VPC

Question 38

What is AWS VPN CloudHub?

Answer 38

if you have multiple sites, each with their own VPN connection, you can use AWS VPN CloudHub to connect those sites together.

Question 39

What does AWS Direct Connect do?

Answer 39

Allows you yo directly connect your data center to AWS