Networking

Question 1

Amazon VPC

Answer 1

Logically isolated AWS Cloud section

Question 2

VPC Purpose

Answer 2

Launch AWS resources in defined virtual network. Establish boundaries for AWS resources.

Question 3

Resource Accessibility

Answer 3

Public-facing or private resources

Question 4

Subnets Explanation

Answer 4

Public and private resource groupings.

Question 5

Subnets in VPC

Answer 5

Ranges of IP addresses

Question 6

Coffee Shop Analogy VPC

Answer 6

Cashiers in public, baristas in private subnet

Question 7

VPC Definition

Answer 7

AWS private network

Question 8

Resource Placement

Answer 8

EC2, ELBs inside VPC

Question 9

Subnets and Grouping

Answer 9

Grouping: Resources grouped in subnets

Question 10

Networking Rules

Answer 10

Rules: Control resource accessibility

Question 11

Traffic Control

Answer 11

Control: Public or private availability.

Question 12

Internet Gateway (IGW)

Answer 12

IGW: Allows internet traffic flow.

Question 13

Internet Gateway Analogy

Answer 13

Analogy: IGW like a front door for customers.

Question 14

Virtual Private Gateway

Answer 14

Private Gateway: Allows VPN connection.

Question 15

VPN Connection Analogy

Answer 15

Analogy: Private bus route for approved network.

Question 16

AWS Direct Connect

Answer 16

Direct Connect: Private, dedicated fiber connection.

Question 17

Direct Connect Benefits

Answer 17

Benefits: Low latency, high security.

Question 18

AWS Direct Connect Analogy

Answer 18

Analogy: Magic doorway for direct connection.

Question 19

Multiple Gateway Types

Answer 19

Types: One VPC, multiple gateways for different resources.

Question 20

Direct Connect Partner Involvement

Answer 20

Involvement: Partner assists in establishing connection.

Question 21

Regulatory Compliance

Answer 21

Compliance: Direct Connect meets high regulatory needs.

Question 22

VPC Organization

Answer 22

Organization: Resources in subnets

Question 23

Subnet Definition

Answer 23

Subnet: VPC section with EC2 instances

Question 24

Internet Gateway Purpose

Answer 24

Purpose: Allow public internet access.

Question 25

Internet Gateway Connection

Answer 25

Connection: Between VPC and internet.

Question 26

No Internet Gateway Implication

Answer 26

Implication: No access without internet gateway.

Question 27

Virtual Private Gateway Purpose

Answer 27

Purpose: Access private VPC resources.

Question 28

Virtual Private Gateway Analogy

Answer 28

Analogy: Internet as a road with a bodyguard.

Question 29

Bodyguard Role in Analogy

Answer 29

Role: VPN connection, extra protection

Question 30

VPN Connection Encryption

Answer 30

Encryption: Protects internet traffic.

Question 31

Protected Internet Traffic

Answer 31

Protection: Enabled by virtual private gateway.

Question 32

Traffic Jams Possibility

Answer 32

Possibility: Shared road, potential jams.

Question 33

Corporate Data Center Connection

Answer 33

Connection: VPN to virtual private gateway.

Question 34

VPN Connection Approval

Answer 34

Approval: Traffic allowed from approved networks.

Question 35

AWS Direct Connect Purpose

Answer 35

Purpose: Dedicated connection to data center.

Question 36

Apartment Building Analogy

Answer 36

Analogy: Dedicated hallway for residents.

Question 37

Residents’ Exclusive Access

Answer 37

Access: Exclusive, no public road usage.

Question 38

AWS Direct Connect Benefits

Answer 38

Benefits: Reduce costs, increase bandwidth.

Question 39

Network Traffic Flow

Answer 39

Flow: Dedicated private connection usage.

Question 40

AWS Security Tools

Answer 40

Tools: Network hardening, app security, identity, DDoS prevention, encryption.

Question 41

Subnet Purpose

Answer 41

Purpose: Control access to gateways.

Question 42

Subnet Traffic Permissions

Answer 42

Permissions: Controlled by network ACLs.

Question 43

Network ACLs Function

Answer 43

Function: Packet control, like passport control.

Question 44

Network ACLs Role

Answer 44

Role: Approve or block traffic based on rules.

Question 45

Security Groups Introduction

Answer 45

Introduction: Instance-level access control.

Question 46

Default Security Group

Answer 46

Default: Blocks all inbound and outbound traffic.

Question 47

Security Group Modification

Answer 47

Modification: Customize to allow specific traffic.

Question 48

Security Group Analogy

Answer 48

Analogy: Doorman at a building entrance.

Question 49

Security Group Stateful Nature

Answer 49

Stateful: Remembers allowed traffic.

Question 50

Network ACLs Stateless Nature

Answer 50

Stateless: Checks every packet, no memory.

Question 51

Traffic Round Trip Explanation

Answer 51

Explanation: Security group and ACL checks illustrated.

Question 52

Return Traffic Pattern

Answer 52

Pattern: Stateful security group advantage.

Question 53

Network Overhead Clarification

Answer 53

Clarification: Instant exchanges, minimal overhead.

Question 54

Security in Depth Importance

Answer 54

Importance: Combine ACLs and security groups for robust security.

Question 55

Networking Service Comparison

Answer 55

Comparison: AWS networking isolates and directs traffic.

Question 56

Coffee Shop Owners’ Action - Networking Service

Answer 56

Action: Divide counter into public (cashier) and private (barista) areas.

Question 57

Public Subnet Purpose

Answer 57

Purpose: Resources accessible to the public (e.g., online store).

Question 58

Private Subnet Purpose

Answer 58

Purpose: Resources accessible only through private network (e.g., customer database).

Question 59

Subnet Communication Ability

Answer 59

Communication: Subnets can communicate within the VPC.

Question 60

Example Scenario

Answer 60

Scenario: EC2 instances in public subnet communicate with databases in private subnet.

Question 61

Default Network ACL

Answer 61

Default: AWS account includes default network ACL.

Question 62

Configuration Options

Answer 62

Options: Use default or create custom network ACLs.

Question 63

Default ACL Functionality

Answer 63

Functionality: Default allows all traffic, modifiable with rules.

Question 64

Custom ACL Behavior

Answer 64

Custom: Denies all traffic until rules specify allowed traffic.

Question 65

Explicit Deny Rule

Answer 65

Rule: All network ACLs have an explicit deny rule.

Question 66

Deny Rule Purpose

Answer 66

Purpose: Deny unmatched packets for enhanced security.

Question 67

Network Traffic in VPC:

Customer Request in AWS Cloud
Packet Entry into VPC
Packet Permission Check
Permission Check Component

Answer 67

Action: Customer requests data sent as a packet.
Entry: Packet enters VPC via internet gateway.
Check: Permissions checked before entering/exiting subnet.
Component: Network Access Control List (ACL).

Question 68

Network ACL Definition

Answer 68

Definition: Virtual firewall controlling traffic at subnet level.

Question 69

Network ACL Functionality

Answer 69

Function: Stateless packet filtering, remembers nothing.

Question 70

Packet Check Direction

Answer 70

Check: Inbound and outbound at subnet border.

Question 71

Traveler Analogy Recap

Answer 71

Recap: Similar to a traveler entering a different country.

Question 72

Packet Response Handling

Answer 72

Handling: Network ACL checks response, no memory of previous requests.

Question 73

Permissions Evaluation

Answer 73

Evaluation: After entering subnet, permissions evaluated for resources.

Question 74

Packet Permission Checker

Answer 74

Checker: Security group for Amazon EC2 instance.

Question 75

Security Groups Definition

Answer 75

Definition: Virtual firewall controlling inbound/outbound EC2 traffic.

Question 76

Security Group Default Setting

Answer 76

Default: Denies inbound, allows outbound traffic.

Question 77

Custom Rule Addition

Answer 77

Customization: Rules added to allow specific inbound traffic.

Question 78

Guests in Apartment Analogy

Answer 78

Analogy: Apartment building with guests as packets, door attendant as security group.

Question 79

Door Attendant’s Role

Answer 79

Role: Security group checks list for guest entry.

Question 80

Checking List Analogy

Answer 80

Check: Door attendant checks list for entering guests.

Question 81

List Checking Recap

Answer 81

Recap: List checked for entry, not rechecked for exit.

Question 82

Security Group Default Setup

Answer 82

Setup: Denies all inbound, allows all outbound traffic by default.

Question 83

Custom Rule Configuration

Answer 83

Configuration: Add rules for allowed traffic, deny others.

Question 84

Amazon EC2 Instances Scenario

Answer 84

Scenario: Multiple instances in the same VPC, common or different security groups.

Question 85

Security Groups Feature

Answer 85

Feature: Stateful packet filtering, remembers prior decisions.

Question 86

Packet Response Handling

Answer 86

Handling: Security group recalls previous decisions for inbound packets.

Question 87

Example Recap

Answer 87

Recap: Sending request from EC2 to the internet.

Question 88

Response Packet Handling

Answer 88

Handling: Security group remembers the request, allows response irrespective of inbound rules.

Question 89

Guest Analogy Recap

Answer 89

Recap: Door attendant recalls guest from prior approval, allows exit without additional checks.

Question 90

Custom Rule Configuration

Answer 90

Configuration: Configure custom rules for both network ACLs and security groups.

Question 91

Packet’s Internet Journey

Answer 91

Journey: Travels from client to internet gateway, through network ACL, reaches public subnet with EC2 instances.

Question 92

AWS account’s default network access control list?

Answer 92

It is stateless and allows all inbound and outbound traffic.

Question 93

Route 53 (DNS): Function

Answer 93

AWS’s DNS service.

Question 94

Route 53 (DNS): Translation Analogy

Answer 94

Translates names to IP addresses.

Question 95

Route 53 (DNS): Routing Policies

Answer 95

Geolocation, latency-based, weighted round robin.

Question 96

Route 53 (DNS): Domain Registration

Answer 96

Buy and manage domains.

Question 97

Route 53 (DNS): Example Use Case

Answer 97

Direct traffic based on customer location.

Question 98

Amazon CloudFront: Purpose

Answer 98

Content Delivery Network (CDN).

Question 99

Amazon CloudFront: Edge Locations

Answer 99

Serve content near users

Question 100

Amazon CloudFront: Deployment Example

Answer 100

Host in Oregon for North America, Dublin for Ireland.

Question 101

Amazon CloudFront: Latency Improvement

Answer 101

Content delivered closer to users.

Question 102

Amazon CloudFront: Asset Types

Answer 102

Static web assets like images and GIFs.

Question 103

DNS Resolution: Role

Answer 103

Phone book of the internet.

Question 104

DNS Resolution: Process

Answer 104

Translates domain to IP address.

Question 105

DNS Resolution: Resolver Interaction

Answer 105

Customer DNS resolver communicates with company DNS server.

Question 106

DNS Resolution: Example Scenario

Answer 106

AnyCompany’s website IP retrieval.

Question 107

Amazon Route 53: Function

Answer 107

DNS web service in AWS.

Question 108

Amazon Route 53: Routing

Answer 108

Connects users to AWS-hosted applications.

Question 109

Amazon Route 53: DNS Records Management:

Answer 109

Register new domains, transfer records.

Question 110

Amazon Route 53: Integration with CloudFront

Answer 110

Works together for content delivery.

Question 111

Example: Route 53 and CloudFront Content Delivery: Setup

Answer 111

AnyCompany’s app on EC2 instances, Auto Scaling, and Load Balancer.

Question 112

Example: Route 53 and CloudFront Content Delivery: Request Initiation

Answer 112

Customer visits AnyCompany’s website.

Question 113

Example: Route 53 and CloudFront Content Delivery:DNS Resolution

Answer 113

Route 53 identifies IP address (192.0.2.0)

Question 114

Example: Route 53 and CloudFront Content Delivery:Content Delivery

Answer 114

CloudFront routes request to nearest edge location.

Question 115

Example: Route 53 and CloudFront Content Delivery: Connection

Answer 115

CloudFront connects to Load Balancer, then to EC2 instance.

Question 116

Connection Options

Answer 116

VPN, Direct Connect.

Question 117

Security Measures

Answer 117

Block subversive attacks, allow healthy traffic.

Question 118

Components Covered

Answer 118

VPC, gateways, network ACLs, security groups.

Question 119

Secure Pipelines

Answer 119

Encrypted over the internet or exclusive fiber.

Question 120

Global Network

Answer 120

Edge locations for global reach.

Question 121

DNS Management

Answer 121

Route 53.

Question 122

Content Delivery

Answer 122

CloudFront for caching.

Question 123

Which component can be used to establish a private dedicated connection between your company’s data center and AWS?

Answer 123

AWS Direct Connect.

Question 124

security groups

Answer 124

They are stateful and deny all inbound traffic by default.

Question 125

Which component is used to connect a VPC to the internet?

Answer 125

Internet gateway