VPC Flashcards Preview

AWS Solutions Architect > VPC > Flashcards

Flashcards in VPC Deck (25)
Loading flashcards...
1
Q

What is the difference between a NAT instance and a Bastion Server

A

A Nat instance is used to provide internet access to servers in a private subnet
A Bastion is used to securely administer instances in a private subnet

2
Q

What is VPC peering?

A

Allows you to connect VPCs using private IPs

3
Q

At what level do security groups operate at?

A

Instance level

4
Q

At what level do ACLs operate at?

A

subnet level

5
Q

How many Internet Gateways per VPC can you have?

A

One

6
Q

Do default VPC subnets have access to the internet?

A

Yes, private subnets need to be created

7
Q

What is created by default when you create a new VPC?

A

Route Table
Network ACL
Security Group

8
Q

What is the difference between Egress only internet gateways and Nat Gateways?

A

Nat Gateways operate on IPv4, Egress Only operate on IPv6

9
Q

What is the default setting for the default Network ACL?

A

Allows all inbound/outbound traffic

10
Q

What is the default setting for a custom Network ACL?

A

All inbound/outbound traffic is denied

11
Q

What subnet should a Nat Instance be in?

A

A public subnet

12
Q

What conditions apply to use VPC peering?

A

No matching CIDR block
Must be in same region
No transitive peering

13
Q

What setting should you disable on a Nat Instance?

A

Source/destination checks

14
Q

How many Nat Gateways do you need?

A

One per Availability Zone

15
Q

What are sticky sessions?

A

When a client is associated with a specific server using cookies

16
Q

Can Network ACLs span AZs?

A

Yes

17
Q

How do you create High Availability for Nat Instances?

A

Auto Scaling Groups
Multi AZ in different Regions
Script to automate failover

18
Q

What are ingress/egress rules?

A

Firewalls to protect the network from incoming traffic and to prevent traffic from leaving

19
Q

How many VPCs per region can you have?

A

5

20
Q

How many Network ACLs can a subnet be associated with?

A

Just One

21
Q

How many subnets can a Network ACL be associated with?

A

Multiple

22
Q

What are the 9 steps to create a VPC?

A
Create VPC
Create subnets
Add Internet Gateway
Attach Internet Gateway to VPC
Create new Route Table
Add new route for internet access
Update Subnet Association
Auto Assign IP addresses
Launch instances
23
Q

What does a security group do?

A

Defines what protocols are allowed communicate with the resources behind it

24
Q

How many subnets in an availability zone

A

One subnet per AZ

25
Q

What is a subnet?

A

A CIDR address range - equates to one availability zone