Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

A Cloud Guru - AWS > VPC > Flashcards

VPC Flashcards

1
Q

Abbreviation of VPC?

A

Virtual Private Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is VPC?

A

VPC can isolate a section of AWS cloud where we can launch AWS resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can we Deny specific IP using Network ACL?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How to connect EC2 in private subnets which has no internet?

A

Internet Gateway -> Router ->Routing Tables ->Network ACL -> Public Subnet -> Security Group -> EC2 -> Private Subnet ->EC2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Bastion Host?

A

EC2 instance of Public Subnet -connect to EC2 instance of Private Subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Private reserved IP?

A
  1. 0.0.0
  2. 0.0.0
  3. 0.0.0
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Default VPC vs Custom VPC?

A

Default VPC subnet has access to interest by default.

Each EC2 instance in default vpc has private & public IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Default VPC have Internet access?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is VPC peering?

A

Connect 1 VPC to another VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Main components of VPC?

A 
Internet Gateway
Routing Tables
Network Access Control List
Subnets
Security Groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

1 subnet - 1 AZ?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

1 subnet - Many AZ?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Many subnet - 1 AZ?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Transitive peering?

A

VPC - A -> VPC B - A can connect to B.
VPC - A -> VPC B -> VPC C A can not connect to C.
VPC - A -> VPC C - A can connect to C.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

can we Launch EC2 instance on any of our subnets using VPC?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Can we assign custom IP address for each subnet using VPC?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How we can configure route tables between subnet?

A

Using VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Can we create internet gateway & attach to VPC?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Can we enhance security using VPC?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Can we create network Access control list using VPC?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Can we create network Access control list using VPC?

A

Networking & Content delivery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

After creating VPC what other components added to new VPC?

A

Route Table, Network ACL,Security group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

After creating VPC what other components not added to new VPC?

A

Subnet, Internet Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How many IP AWS reserves for internal purpose?

A

5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
10.0.0.0 used for?
Network address
26
10.0.0.1 used for?
VPC Router
27
10.0.0.2 used for?
DNS Server
28
10.0.0.3 used for?
Future use
29
10.0.0.255 used for?
Network broadcast
30
how many Internet gateway can be associated with a VPC?
1
31
Any new subnet will be auto associated with which Route table?
Default Route table
32
Advisable settings for Main route table public accessible/private ?
Private
33
To enable route table to internet what IP need to added with gateway?
"0.0.0.0/0 | ::/0"
34
IPV6 start with ?
::
35
How to enable internet for subnet?
associate subnet with public route table.
36
To enable IP ping what need to be configured?
ICMP
37
HTTP port
80
38
HTTPS port
443
39
SSH port
22
40
MySQL port
3306
41
Abbreviation of NAT?
Network address translation
42
Purpose of NAT Instance/gateway?
NAT Instance / NAT gateways allows EC2 instance in private subnet to access internet through NAT Instance/gateway.
43
What is NAT Instance?
Single EC2 instance
44
What is NAT Gateway?
Highly available gateway
45
In which subnet we need to provision NAT Instances/gateway?
Public Subnet
46
NAT Instances use which security group?
Public Security Group
47
Can we have Source Destination Check enabled for NAT Instance?
NO it should be turned off for NAT Instance EC2.
48
In which route table we need to map NAT instance/gateway for Internet?
Private Route table to NAT Instance
49
Disadvantage of NAT Instance?
Performance issue & availability is low.
50
Advantage of NAT Gateway?
Highly available & High performance
51
AZ can have many NAT Gateway?
No Only 1.
52
Can NET Gateway auto scale?
Yes
53
Can NET Instance auto scale?
No
54
Can we have Source Destination Check enabled for NAT Gateway?
Not Applicable
55
AZ can have many NAT Instance?
Yes
56
NAT Gateway use which security group?
Security group not involved in NAT Gateway
57
NAT Gateway scale range?
5 Gbps to 45 Gbps
58
Do we get NACL when we create VPC?
Yes
59
What permission do we have when we create NACL?
Allow All
60
All subnet need to linked with NACL?
yes
61
Which NACL will be mapped when we create subnet?
default NACL
62
Can we block IP in NACL?
yes
63
Can we block IP in security groups?
NO
64
1 NACL can hold many subnets?
Yes
65
1 subnet can link multi NACL?
no
66
what is first defense before security group?
NACL
67
How NACL inbound/outbound rules are evaluated?
Chronological order; Rule 100 take precedence of rule 400
68
Load Balancing available in which service?
EC2
69
How many type of Load balancer available in AWS?
3
70
What are the three types of Load balancer available in AWS?
"Application Load Balancer Network Load Balancer Classic Load balancer"
71
How many subnet we need to provision load balancer?
We need 2 public facing subnet to create load balancer
72
What is VPC flow log?
VPC flow log allows you to log all IP traffic in & out of VPC
73
Which service is used for VPC flow log?
AWS Cloud watch is used for VPC flow log
74
What are the 3 location where we can create flow log?
"VPC Subnet Network Interface level-ENI"
75
Can we store VPC flow log to S3
Yes
76
Can you enable VPC flow log for VPC peer with VPC with other AWS accounts?
No you can once create flow log for VPC peer with in your account.
77
Can you change config of flow log?
No not after creation.
78
Can we monitor all IP traffic in VPC flow log?
No not all traffic is monitored in VPC flow log
79
What IP traffic is not monitor in VPC flow log?
"Traffic related to windows license check Traffic related to AWS DNS server Traffic related to 169.254.169.254 traffic related to reserved IP for default VPC router."
80
What is Bastion Host?
"Bastion host are special purpose computer which are configured to withstand attacks. It host only proxy server & all other services are removed."
81
Bastion Host VS NAT Gateway?
"Bastion host can do SSH/RDP | NAT Gate way can do only HTTP/HTTPS"
82
Where we can get Bastion host template?
AWS AMI Marketplace
83
What is Direct Connect?
AWS Direct connect allows you establish dedicated network connect between your datacenter to AWS datacenter
84
Which scenario we need AWS Direct Connect?
Scenario where we have high network traffic between AWS & on premise infrastructure
85
Steps to setup direct connect?
"Create a virtual interface in the direct connect console. This is a PUBLIC Virtual Interface. Go to VPC console and then VPN connections. Create a Customer gateway. Create a Virtual Private gateway. Attach the virtual private gateway to the desired VPC. select VPN connections and create new VPN connections. Select the virtual private gateway and the Customer gateway. Once the VPN is available set up the VPN on the customer gateway or firewall."
86
What is Global Accelerator?
AWS Global Accelerator is a service which accelerate performance of your application for local & global users.
87
How global Accelerator operates?
AWS Global accelerator direct traffic to optimal end points in AWS network. That improve performance of application for global audience.
88
By default how many static IP will be provided?
2
89
What are the list of component involved in Goal Accelerator?
``` "Static IP Accelerator DNS Name Network Zone Listener Endpoint Group Endpoint " ```
90
What is AWS Global Accelerator-Static IP?
Global Accelerator provide 2 static IP which we can associate with Accelerator.
91
What is AWS Global Accelerator-Accelerator?
Accelerator direct traffic to optimal endpoints over aws global network
92
What is AWS Global Accelerator-DNS Name?
Global Accelerator assign DNA name to each accelerator.
93
What is AWS Global Accelerator-Network Zone?
Its is like AZ; If IP of Network zone is unavailable you can use IP of another Network zone
94
What is AWS Global Accelerator-Listener?
Listener process inbound connection from client to Global Accelerator.
95
What is AWS Global Accelerator-Endpoint Group?
"End point group is associated with a Region; | It contain one or more end points"
96
What is AWS Global Accelerator-Endpoint?
It can be Load balancer, EC2 or Elastic IP.
97
What is traffic dial?
It allocate amount of traffic for end point group.
98
What is client affinity?
User for stateful application. Redirect to same end point
99
What is VPC Endpoint?
"VPC end point allows you to privately connect VPC to Supported AWS Services. You can access AWS services internally without going to internet."
100
What runs VPC endpoint?
Private Link
101
What is advantage of VPC endpoint?
Internet gateway, NAT device connection, AWS Direct connect not required to connect VPC to aws service.
102
What type of scaling is supported at VPC endpoint?
Horizontal scaling
103
What are the two types of VPC endpoints?
"Interface Endpoint | Gateway Endpoint"
104
What is interface endpoint?
Interface endpoint is an ENI with private IP that serves as entry point for aws services.
105
What is gateway endpoint?
Its like Net gateway
106
Which services support gateway endpoint?
S3 & dynamo db.
107
What is AWS Private Link?
AWS Private link allows you to securely connect your VPC to 10, 100, 1000 or even more VPC.
108
What are the ways we have to connect our VPC to other VPC?
"Connect to Internet VPC Peering AWS Private Link"
109
Disadvantage of connecting VPC to internet ?
Security is compromised
110
Disadvantage of connecting VPC to VPC Peering ?
It is feasible for connecting < 10 VPC
111
what are the requirements for AWS Private link?
You need Network load balancer & your connecting VPC need ENI.
112
What is AWS Transit Gateway?
It allows you to have transitive peering between thousands of VPC and on-premise data center.
113
AWS Transit Gateway works on which model?
Hub-and-Spoke model.
114
What is VPN Cloud Hub?
If you have multiple sites each with its ownVPN connection you can use awsvpn cloud hub to connect those sites together
115
Is Security group is Statefull?
Yes
116
Is NACL is Stateless?
Yes
117
Does AWS support transitive peering?
NO
118
US East 1 A of one Account is different to US East 1 A another account?
Yes
119
Can we span security group across VPC?
NO
120
Does NAT Instance works behind a Security group?
Yes
121
How to improve NAT Instance performance & Availability?
Auto scale group,Multi subnet in different AZ
122
Which of these is NOT a component of the AWS Global Accelerator service?
CloudFront
123
"How many Amazon VPCs are allowed per AWS account per AWS Region? (Before any support requests to increase the number). "
You can have up to five Amazon VPCs per AWS account per AWS Region, but you can place a support request to increase the number.
124
By default, EC2 instances in new subnets in a custom VPC can communicate with each other across Availability Zones.
In a custom VPC with new subnets in each AZ, there is a route within the route table that supports communication across all subnets/AZs. Additionally, it has a Default SG with an "allow" rule: all traffic, all protocols, all ports, from resource using this default security group.
125
Which of the following offers the largest range of internal IP addresses?
The /16 offers 65,536 possible addresses.
126
You have created a new VPC and launched an EC2 instance into a public subnet. However, you did not assign a public IP to the instance during its creation. What is the easiest way to make your instance reachable from the internet?
An Elastic IP address is a public IPv4 address, which is reachable from the internet. If your instance does not have a public IPv4 address, you can associate an Elastic IP address with your instance to enable communication with the internet. For example, this allows you to connect to your instance from your local computer. Elastic IP addresses.
127
To save administration headaches, a consultant advises that you leave all security groups in web-facing subnets open on port 22 to 0.0.0.0/0 CIDR. That way, you can connect wherever you are in the world. Is this a good security design?
0.0.0.0/0 would allow ANYONE from ANYWHERE to connect to your instances. This is generally a bad plan. The phrase 'web-facing subnets' does not mean just web servers. It would include any instances in that subnet some of which you may not want strangers attacking. You would only allow 0.0.0.0/0 on port 80 or 443 to connect to your public-facing Web Servers, or preferably only to an ELB. Good security starts by limiting public access to only what the customer needs. Please see the AWS Security white paper for complete details.
128
A VPN connection consists of which of the following components?
"A Virtual Private Gateway sits at the edge of your VPC and is a key component when using a VPN. It's responsible for site-to-site connection from on-premises to a VPC. A customer gateway is a resource that is installed on the customer side and provides a customer gateway inside a VPC."
129
How many internet gateways can be attached to a custom VPC?
Since an internet gateway is a highly available VPC component, only one is attachable to a custom VPC.
130
"True or False: You can accelerate your application by adding a second Internet Gateway to your VPC. "
You can only have one Internet Gateway per VPC.
131
At which of the following levels can VPC Flow Logs be created?
VPC Flow Logs can be created at the VPC, subnet, and network interface levels. VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
132
Which of the following is a chief advantage of using VPC gateway endpoints to connect your VPC to services such as S3 and DynamoDB?
In contrast to a NAT gateway, traffic between your VPC and the other services does not leave the Amazon network when using VPC gateway endpoints. A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service (S3 and DynamoDB).
133
Which of the following options allows you to securely administer an EC2 instance located in a private subnet?
A Bastion host allows you to securely administer (via SSH or RDP) an EC2 instance located in a private subnet. Don't confuse Bastions and NATs, which allow outside traffic to reach an instance in a private subnet.
134
Which of the following statements are NOT true of EC2 instances in a VPC?
AWS releases your instance's public IP address when it is stopped, hibernated, or terminated. Your stopped or hibernated instance receives a new public IP address when it is started.
135
Which of the following are true for security groups?
"Security groups control access at the instance-level (as they are associated with network interfaces), they support ""allow"" rules only, and they evaluate all rules before deciding whether to allow traffic into the instance(s). Security groups operate at the instance level (as they are associated with network interfaces), they support ""allow"" rules only, and they evaluate all rules before deciding whether to allow traffic."
136
Security groups act like a firewall at the instance level, whereas _________ are an additional layer of security that act at the subnet level. (Fill in the blank with the correct answer.)
NACLs act on the subnet level, while security groups act on the instance level.
137
When peering VPCs, you may peer your VPC only with another VPC in your same AWS account.
You may peer a VPC to another VPC that's in your same account, or to any VPC in any other account.
138
True or False: An Application Load Balancer must be deployed into at least two Availability Zone subnets.
An Application Load Balancer must be deployed into at least two Availability Zone subnets.
139
What is the purpose of an egress-only internet gateway?
The purpose of an egress-only internet gateway is to allow IPv6 based traffic within a VPC to access the internet, whilst denying any internet based resources to connection back into the VPC.
140
What is the advantage of running your AWS VPN connection through your Direct Connect connection over using the ordinary Internet?
It is likely that if you choose to run your VPN through a Direct Connect from your datacenter to the AWS network that your VPN connection will be both faster, and more secure. However data charges are still incurred whilst using Direct Connect. Additionally Transit Gateway attachments may be made to VPN regardless of if it is through DX or not.
141
You have five VPCs in a 'hub and spoke' configuration, with VPC 'A' in the center and individually peered with VPCs 'B', 'C', 'D', and 'E', which make up the spokes. There are no other VPC connections. Which of the following VPCs can VPC 'B' communicate with directly?
As transitive peering is not allowed, VPC 'B' can communicate directly only with VPC 'A'.
142
"True or False: A subnet can span multiple Availability Zones. "
Each subnet must reside entirely within one Availability Zone and cannot span across zones.
143
When I create a new security group, all outbound traffic is allowed by default.
"By default, a security group includes an outbound rule that allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only. If your security group has no outbound rules, no outbound traffic originating from your instance is allowed. "
144
Which of the following is true?
Security groups are stateful and Network Access Control Lists are stateless. Stateful means if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules.
145
What is the name of the AWS Global Accelerator component that services the static IP addresses for your accelerator from a unique IP subnet?
A network zone services the static IP addresses for your accelerator from a unique IP subnet. Similar to an AWS Availability Zone, a network zone is an isolated unit with its own set of physical infrastructure. When you configure an accelerator, by default, Global Accelerator allocates two IPv4 addresses for it. If one IP address from a network zone becomes unavailable due to IP address blocking by certain client networks, or network disruptions, then client applications can retry on the healthy static IP address from the other isolated network zone.
146
When you create a custom VPC, which of the following are created automatically?
When you create a custom VPC, a default Security Group, network access control list (ACL), and route table are created automatically. You must create your own subnets, internet gateway, and NAT gateway (if you need one).
147
"Are you permitted to conduct your own security assessments or penetration tests on your own VPC without alerting AWS first? "
AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services only. You should request authorization for other simulated events
148
In a default VPC, when you launch an EC2 instance and don't specify a subnet, the EC2 instances are assigned 2 IP addresses at launch. What are they?
"In a default VPC, when you launch an EC2 instance and don't specify a subnet, it's automatically launched into a default subnet in your default VPC. The default subnet may MapPublicIPOnLaunch set to the value of true. So when it is launched, a public and private IP is available for the instance. "

A Cloud Guru - AWS (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions