Final 3 Flashcards
(23 cards)
A company launched a high security server on a high performance EC2 instance in the us-east-1 region’s private subnet that uses IPv4. Due to the sensitive data that the server contains, it needs to prevent any unauthorized access. Which VPC feature will allow the EC2 instance to communicate to the Internet but prevents inbound traffic?
a. Disable Internet Gateway
b. Egress-only Internet Gateway
c. Enable Internet Gateway
d. Configure NAT Gateway
d. Configure NAT Gateway
When creating a NAT Gateway, you will select what type of subnet to configure the NAT Gateway?
a. Public subnet
b. Private subnet
c. Either public or private subnet
d. Neither public nor private subnet, NAT Gateways are created in Amazon’s network
a. Public subnet
True or False: When you create a new security group in a VPC, there is no inbound rule, but the outbound rule is wide open that allows all traffic by AWS.
True
A company is using Amazon EC2 instances and S3 buckets as part of its cloud architecture. There is a requirement that mandates all traffic between the VPC and other public AWS services to not leave the Amazon network. Which one of the following should you use to connect the Amazon S3 from EC2 instance?
a. Configure Direct Connect
b. Configure VPC Endpoint
c. Configure VPN
d. Configure VPC Peering
b. Configure VPC Endpoint
When mapping an Amazon ALB-DNS-name to a sub-domain-name in a hosted zone in Route53 to create a new record set, what type of record set should you create?
a. A
b. Alias
c. CNAME
d. AAAA
b. Alias
You are unable to connect to the newly deployed EC2 instance via SSH using a home computer. However, you are able to successfully access other existing instances in the VPC without any issues. Which of the following should allow you to connect to the newly deployed instance from your home computer?
a. Configure the Network Access Control List of your VPC to permit ingress traffic over port 22 from your IP
b. Configure the Security Group of the EC2 instance to permit ingress traffic over port 22 from your IP
c. Attach Internet Gateway to your VPC and establish VPN connection
d. Configure the Security Group of the EC2 instance to permit ingress traffic over port 3389 from your IP
b. Configure the Security Group of the EC2 instance to permit ingress traffic over port 22 from your IP
What is the helm command to install a chart?
helm install <chart-name>
What is the helm command to show a list of all deployed releases?
helm list
What is the helm command to uninstall a release?
helm uninstall <release-name>
What is the helm command to learn more about available helm commands?
helm help
What ports do an Application Load Balancer support?
HTTP (port 80) and HTTPS (port 443)
What ports does a Network Load Balancer listen on?
Custom ports (e.g. 3000, 5000) using TCP
What does every Playbook in Ansible start with?
--- (3 dashes) at the top
What does an Inventory file in Ansible contain?
List of hosts you want to manage.
Looks like this:
[web-server]
server1 ansible_host = <ip>
server2 ansible_host = <ip></ip></ip>
What is VPC Peering?
Helps resources in different VPC networks to connect over the private IP address
What is a VPC endpoint?
Enables you to privately connect to your VPC to support AWS services and VPC endpoint services powered by Private Link without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.
Instances in a private subnet can connect to services outside your VPC.
Name Server (NS) Record
Used by Top-Level Domain (TLD) servers to direct traffic to the content DNS server, which contains the authoritative DNS records.
DNS Record
An object in a hosted zone that you use to define how you want to route traffic for the domain or subdomain.
A (Address) Record
Most fundamental type of DNS record.
Maps to the IP address of a given domain.
CNAME (Canonical Name) Record
Used for resolving one domain name to another domain name.
Alias Record
Type of record that you can create with Route 53 to route traffic to AWS resources.
Specific to Route 53 only.
Used to map resource record sets in you hosted zone to Load Balancers, CloudFront distributions, or S3-based websites.
NAT Gateway
For resources in private subnets to download internet packages/software
Network Access Control List (NACL)
Network-level firewall, stateless
