AWS SYS OPS VPC

Question 1

AMAZON VPC IS THE ______ LAYER OF EC2

Answer 1

NETWORKING

Question 2

VPC SPANS ALL _____ IN A REGION.

Answer 2

AZs

Question 3

PARTS OF A VPC:

Answer 3

• IP SPECIFICATIONS
• SUBNETS
• SECURITY GROUPS
• ROUTE TABLES
• NACLs

Question 4

______ AND ____ ARE USED TO PROTECT AWS RESOURCES IN EACH SUBNET

Answer 4

SECURITYGROUPS(INSTANCE LEVE)

NACLs(SUBNET LEVEL)

Question 5

EXPAND VPC BY ADDING

Answer 5

SECONDARY IP RANGES

Question 6

ON-PREM CONNECTS TO ____ WHICH CONNECTS TO VPC

Answer 6

MANAGED VPN CONNECTION

Question 7

VPN CONNECTION CONSISTS OF :

Answer 7

VIRTUAL PRIVATE GATEWAY: VPN concentrator on Amazon side of VPN connection, attached to VPC

CUSTOMER GATEWY: Physical device or software on your side of the VPN connected

Question 8

AWS PRIVATELINK

Answer 8

Privately connect your VPC to supported AWS services, services hosted by other AWS accounts( VPC ENDPOINTS) and supported AWS Marketplace partner services.

Question 9

Does traffic with AWS PRIVATELINK leave the AWS NETWORK?

Answer 9

NEGATIVE, GHOSTRIDER

Question 10

3 SUBNET TYPES

Answer 10

Public (IGW)
Private (no IGW)
VPN-only Subnet (has a virtual private gateway instead)

Question 11

/28 has how many IP address

Answer 11

16 (this is an interview question)

Question 12

/16 has how many IP address

Answer 12

65, 536

Question 13

which IP addresses in each subnet CIDR block are NOT AVAIABLE FOR YOU AND CAN NOT BE ASSIGNED TO AN INSTANCE

Answer 13

First 4 and the LAST IP addy can not be used.

Question 14

CIDR BLOCK IS READY FOR USE WHEN IT IS IN ____

Answer 14

ASSOCIATED STATE

Question 15

EACH SUBNET MUST BE ASSOCIATED WITH A

Answer 15

ROUTE TABLE, WHICH SPECIFIED THE ALLOWED ROUTES FOR OUTBOUND TRAFFIC LEAVING THE SUBNET

Question 16

YOU CAN ASSOCIATED UP TO ____ SECURITY GROUPS TO AN _____

Answer 16

5 SECURITY GROUPS TO AN INSTANCE IN YOUR VPC

Question 17

WHEN YOU CREATE A SECURITY GROUP, IT HAS _________ AND

Answer 17

NO INBOUND RULES AND INCLUDES AN OUTBOUND RULE THAT ALLOWS ALL OUTBOUND TRAFFIC BY DEFAULT

Question 18

NACLs can connect to multiple subnets , however_____

Answer 18

a subnect can be associated with one NACL

Question 19

ROUTE TABLES:

Answer 19

A CERTAIN SET OF RULES, CALLED ROUTES, THAT DETERMINE WHERE NETWORK TRAFFIC IS DIRECTED

Question 20

SET VPC enableDnsHostnames and enableDnsSupport to true so that

Answer 20

your instances recieve a public DNS hostname and Amazon-provided DNS server can resolve Amazon-provided private DNS hostnames

Question 21

if you use custom DNS domain names defined in a privated hosted zone in Route 53, then the

Answer 21

enableDnsHostnames and enableDnsSupport attributes must be set to true

Question 22

You are limited to _____ Elastic IP Addresses

Answer 22

5

Question 23

an Elastic IP Address is a

Answer 23

static public IPv4 addy

Question 24

AWS imposes a small hourly charge for EIPs that

Answer 24

are not being used

Question 25

VPC ENDPOINTS:

Answer 25

PRIVATELY CONNECT YOUR VPC TO SUPPORTED AWS SERVICES

Question 26

TWO TYPES OF ENDPOINTS

Answer 26

INTERFACE /GATEWAY

Question 27

INTERFACE ENDPOINTS

Answer 27

• ENI WITH A PRIVATE IP, USED AS AN ENTRY POINT FOR TRAFFIC DESTINED TO A SUPPORTED SERVICE
• DO NOT SUPPORT THE USE OF ENDPOINT POLICIES
• SUPPORTS IPV4 TCP TRAFFIC ONLY

Question 28

GATEWAY ENDPOINTS

Answer 28

• TARGET FOR A SPECIFIED ROUTE IN YOUR ROUTE TABLE, USED FOR TRAFFIC DESTINED TO A SUPPORTED AWS SERVICE
• YOU CAN CREATE MULTIPLE ENDPOINTS IN A SINGLE VPC.
• SUPPORTED WITHIN THE SAME REGION
• YOU CAN MODIFY ENDPOINT POLICY
• IPV4 TRAFFIC ONLY

Question 29

• ABILITY FOR MULTIPLE SCHEMA CHANGES
• DATABASE SHOULD BE DURABLE
• CHANGES TO THE DATABASE SHOULD NOT RESULT IN DOWNTIME

Answer 29

AURORA