Amazon Virtual Private Cloud (VPC) Flashcards by Raymond Sylverne

VPC provides complete control over the _______ __________ environment

VPC provides complete control over the virtual networking environment

How well did you know this?

Not at all

Perfectly

VPCs are _____ wide service

VPCs are region wide service

How well did you know this?

Not at all

Perfectly

A default VPC is created in each _____ with a ____ in each AZ

A default VPC is created in each region with a subnet in each AZ

How well did you know this?

Not at all

Perfectly

By default, you can create up to ____ VPCs per region

By default, you can create up to Five VPCs per region

How well did you know this?

Not at all

Perfectly

Public subnets are subnets that have which setting set to “Yes”

“Auto-assign public IPv4 address” set to “Yes”

How well did you know this?

Not at all

Perfectly

Public subnet route table has an ________ _______ attached

Public subnet route table has an Internet Gateway attached

How well did you know this?

Not at all

Perfectly

When you create a VPC, you must specify a ____ of ____ addresses for the VPC in the form of a ____ block

When you create a VPC, you must specify a range of Ipv4 addresses for the VPC in the form of a CIDR block

How well did you know this?

Not at all

Perfectly

A VPC spans all the ____ _____ in the region

Availability Zones

How well did you know this?

Not at all

Perfectly

You have ___ _______ over who has access to the AWS resources inside your VPC

full control

How well did you know this?

Not at all

Perfectly

Routers interconnect subnet and direct traffic between (4)

Internet gateways

NAT gateways

Virtual private gateways

Subnets

How well did you know this?

Not at all

Perfectly

VPC Endpoints allows private connectivity between services ______ in ___

VPC Endpoints allows private connectivity between services hosted in AWS

How well did you know this?

Not at all

Perfectly

Egress-only Internet Gateway is a stateful gateway that provides egress-only access for ____ traffic from the ___ to the internet

Egress-only Internet Gateway is a stateful gateway that provides egress-only access for IPv6 traffic from the VPC to the internet

How well did you know this?

Not at all

Perfectly

Peering Connection enables you to route traffic via private IP addresses between two ______ _____

Peering Connection enables you to route traffic via private IP addresses between two peered VPCs

How well did you know this?

Not at all

Perfectly

NAT Gateway features: (3)

_______ available

Provides resources in _______ subnet access to the ______ internet

______ Network Address Translation (NAT) service

Highly available

Provides resources in private subnet access to the public internet

Managed Network Address Translation (NAT) service

How well did you know this?

Not at all

Perfectly

Your side of the VPN connection is called the ________ Gateway

Your side of the VPN connection is called the Customer Gateway

How well did you know this?

Not at all

Perfectly

CIDR block size can be between ____ and _____

CIDR block size can be between /16 and /28

How well did you know this?

Not at all

Perfectly

You cannot ____ or _____ the size of an existing CIDR blcok

You cannot increase or decrease the size of an existing CIDR block ;

How well did you know this?

Not at all

Perfectly

The first ____ and ____ IP addresses in a subnet CIDR block are ___ _________ for use

The first four and last IP addresses in a subnet CIDR block are not available for use

How well did you know this?

Not at all

Perfectly

AWS recommends you use CIDR blocks from the ___ _____ ranges

AWS recommends you use CIDR blocks from the RFC 1918 ranges

In order to work properly, VPC Peering requires non-overlapping CIDR blocks across all ____ in all _____ and _______ you want to connect

In order to work properly, VPC Peering requires non-overlapping CIDR blocks across all VPCs in all regions and accounts you want to connect

Flow Logs capture information about traffic to and from _______ interfaces in a ___

Flow Logs capture information about traffic to and from network interfaces in a VPC

The ________ Gateway is the Amazon ___ side of a connection to the public Internet.

The Internet Gateway is the Amazon VPC side of a connection to the public Internet.

Flow log data is stored using __________ Logs or ___

Flow log data is stored using CloudWatch Logs or S3

Flow logs can be created at the following levels: (3)

Network interface

Subnet

VPC

Hardware VPN Connection is a hardware-based connection between your Amazon **VPC** and your **\_\_\_\_** center, **\_\_\_\_** network, or \_\_-\_\_\_\_\_\_\_ facility

Hardware VPN Connection is a hardware-based connection between your Amazon **VPC** and your **data** center, **home** network, or **co-location** facility

Security Groups operate at the _______ level while Network ACL operate at the \_\_\_\_\_\_

Security Groups operate at the **instance** level while Network ACL operate at the **subnet**

Which is stateful and stateless between SGs and ACLs?

ACL: Stateless SG: Stateful

SG's support _____ rules only and evaluates **\_\_\_** rules regardless of \_\_\_\_\_

SG's support **deny** rules only and evaluates **all** rules regardless of **order**

ACL's support _____ and _____ rules and processes rules in \_\_\_\_\_

ACL's support **allow** and **deny** rules and processes rules in **order**

Network ACL rules ___________ \_\_\_\_\_ to all instances in the associated subnets.

Network ACL rules ___________ \_\_\_\_\_ to all instances in the associated subnets. automatically apply

VPN CloudHub provides a way to link _____ \_\_\_\_\_\_ for a backup or primary WAN access to AWS resources and ____ \_\_\_\_\_

VPN CloudHub provides a way to link **remote offices** for a backup or primary WAN access to AWS resources and **each other**

VPN CloudHub connects locations in a ___ and _____ manner using AWS Virtual Private Gateway

VPN CloudHub connects locations in a ___ and _____ manner using AWS Virtual Private Gateway Hub and Spoke

If you have resources in multiple AZ and they share a NAT Gateway. What will happen if the AZ where the NAT Gateway is goes down?

All connected resources will lose internet access

What makes an application or process stateful vs. stateless depends on whether or not it **\_\_\_\_\_** data **\_\_\_\_ \_\_\_\_\_**

What makes an application or process stateful vs. stateless depends on whether or not it **stores** data **over time**.

SG's are stateful, meaning if you send a request from your instance, the response traffic for that request is **\_\_\_\_\_\_\_** to flow in regardless of **\_\_\_\_\_\_\_ \_\_\_\_**

SG's are stateful, meaning if you send a request from your instance, the response traffic for that request is **allowed** to flow in regardless of **inbound** **rules**.

By default, custom Network ACL's deny all inbound and outbound traffic until you ___ \_\_\_\_\_

By default, custom Network ACL's deny all inbound and outbound traffic until you add rules.

Each subnet in VPC must be associated with a network ACL. If you don't explicitly associate a subnet with a network ACL, then that subnet is **\_\_\_\_\_\_\_\_\_\_\_\_** associated with the **\_\_\_\_\_\_** network ACL.

Each subnet in VPC must be associated with a network ACL. If you don't explicitly associate a subnet with a network ACL, then that subnet is **automatically** associated with the **default** network ACL.

You can associate a network ACL with how many subnets?

multiple subnets.

When you associate a network ACL with a subnet, what happens to the previous ACL association?

the previous association is removed.

A Network ACL being stateless means responses to inbound traffic are subject to the **rules** for **outbound** traffic and **vice versa**

A Network ACL being stateless means responses to inbound traffic are subject to the **\_\_\_\_\_** for **\_\_\_\_\_\_\_** traffic and **\_\_\_\_ \_\_\_\_**

VPC endpoints allow you to connect AWS services without leaving the Amazon **\_\_\_\_\_\_\_\_ \_\_\_\_\_\_\_**

VPC endpoints allow you to connect AWS services without leaving the Amazon **internal network**

With AWS, you can choose between two VPC endpoint types- **\_\_\_\_\_\_\_\_** endpoint or **\_\_\_\_\_\_\_\_** endpoint - to securely access your **\_\_ \_\_\_\_\_\_** using a private network

With AWS, you can choose between two VPC endpoint types- **gateway** endpoint or **interface** endpoint - to securely access your **S3 buckets** using a private network

You can peer VPC with VPCs in the **\_\_\_\_** account and with **\_\_\_\_** AWS accounts

You can peer VPC with VPCs in the **same** account and with **other** AWS accounts

If you need to connect tens, hundreds, or thousands of customer VPCs, what service should you use instead of VPC peering

AWS PrivateLink

When using VPC endpoints, Gateway Endpoint only supports __ and \_\_\_\_\_\_\_\_

When using VPC endpoints, Gateway Endpoint only supports **S3** and **DynamoDB**

The ________ \_\_\_\_\_\_\_\_ Gateway is the Amazon VPC side of a ____ connection.

The **Virtual Private** Gateway is the Amazon VPC side of a **VPN** connection.