VPC Flashcards by Edd Smith

VPC. What does it mean. What is it.

Virtual Private Cloud.

It’s your own little bit of the AWS network.

How well did you know this?

Not at all

Perfectly

VPC Limit Per Account

5 VPCs, per region, per account.

How well did you know this?

Not at all

Perfectly

What’s a subnet?

Subnets allow you to split your VPC into networks.

How well did you know this?

Not at all

Perfectly

True or false. Subjects must reside in the CIDR block of their parent VPC?

True

How well did you know this?

Not at all

Perfectly

CIDR block means.

Classless inter domain routing.

How well did you know this?

Not at all

Perfectly

True or false. Public subnets will have a public and private IP.

True.

How well did you know this?

Not at all

Perfectly

For a subnet to be made public. You must carry out two action. What are they?

Add an internet gateway

Add a record to the routes table referring to said internet gateway.

How well did you know this?

Not at all

Perfectly

The two types of subnet are.

Public

Private

How well did you know this?

Not at all

Perfectly

IGW stands for?

Internet gateway.

How well did you know this?

Not at all

Perfectly

True or false. To make a application highly available. Resources should be in subnets split across multiple AZ’s.

True.

How well did you know this?

Not at all

Perfectly

All subnets have a default route that can not be deleted. It allows all the subnets to talk to each other. What is this route?

10.0.0.0/16

How well did you know this?

Not at all

Perfectly

1st address in an AWS subnet is reserved for…

Network

How well did you know this?

Not at all

Perfectly

2nd address in an AWS subnet is reserved for…

Routing

How well did you know this?

Not at all

Perfectly

3rd address in an AWS subnet is reserved for…

DNS

How well did you know this?

Not at all

Perfectly

4th address in an AWS subnet is reserved for…

AWS future use

How well did you know this?

Not at all

Perfectly

Last address in an AWS subnet is reserved for…

Broadcasting

How well did you know this?

Not at all

Perfectly

NACL stands for

Network access control list

How well did you know this?

Not at all

Perfectly

What is the purpose of a NACL?

Network firewalls for subnets.

How well did you know this?

Not at all

Perfectly

True or false. NACLs contain a numbered list of rules that run sequentially

True

How well did you know this?

Not at all

Perfectly

What’s the purpose of a security group?

Firewall / access control at the resource level.

How well did you know this?

Not at all

Perfectly

Security groups are state full. What doss this mean?

You don’t have to configure rules to allow for return traffic.

How well did you know this?

Not at all

Perfectly

NACLs are stateless. What does this mean?

You will have to configure rules for how to handle return traffic.

How well did you know this?

Not at all

Perfectly

What’s the purpose of a NAT gateway?

It allows resources from a private subnet to make requests out to the internet.

How well did you know this?

Not at all

Perfectly

True or false. NAT gateways do not respond to incoming requests from the internet?

True.

How well did you know this?

Not at all

Perfectly

Steps that must be taken to get a NAT gateway up and running?

Create the Nat gateway. | Add a route to the gateway in the routes table.

NAT gateway stands for.

Network Address Translator.

What’s the purpose in a bastion host?

It allows you to access subnets from external hosts. Eg connect to an EC2 in a private subnet, from your home computer.

What resource is used to create a bastion host on AWS?

EC2

Keys to other servers should never be kept on a bastion server. How do you get around this?

SSH agent forwarding.

What does the transit gateway do?

It’s one hub that can centralise all data in all VPCs.

If your VPN decice DOES support BGP (Border Gateway Protocol) you should enable...

Dynamic routing

If your VPN decice DOES NOT support BGP (Border Gateway Protocol) you should specify.

Static Routing.

True or false. A subnet is automatically created when you create a VPC?

False.

When creating a VPC. AWS automatically creates three things.

A DHCP options set A route table A network ACL

True or false. An internet gateway is highly available, redundant and horizontally scaleable.

True.

An ENI can be attached directly to a running instance. What is this practise known as?

A hot attatch

Attaching an ENI to an instance during launch, is known as

A cold attatch

Where are VPC flowlogs stored

Cloudwatch Logs

Once a VPC flow log has been created. Can it be modified.

Nope

VPC flow logs. Can capture info from...

A network interface for an instance A subnet The VPC

Each VPC flow log. Is made up with data from a time window. How long is this time window?

15 mins

A route table can be assigned to how many subnets?

One

Can a subnet be assigned to multiple routes tables?

Yes

Within a VPC public subnet. What function does the IP address provide?

To allow communication with external resources via the internet.

What does the local route on a routes table enable?

Communication between VPC subnets.

Security groups support allow rules only. True or false.

True

You launch a dedicated EBS-Backed EC2 instance. Does the EBS run on the single tennant hardware with the EC2 instance?

No.

What RDS service uses mirroring, instead of multi AZ deployment

Microsoft sql server

IAM policy logic always starts with...

A default deny.

Are network ACLs stateless or stateful

Stateful

Can instances in a custom security group, communicate with each other by default?

No. You must give explicit permission.

Can instances in the default security group, communicate with each other by default?

Yes

Are EIPs region specific?

Yes

Can EIPs be moved between VPCs in the same region

Yes

What does a VPC end point allow for?

To establish a private connection between a VPC and other AWS resources. Eg an EC2 instance in a private subnet and s3

To make different resources talk to each other. Always use .... never ....

IAM roles | Access keys

You can not use NAT gateways on private subnets. What must you use instead?

VPC end points

The two types of VPC endpoint are

Gateway endpoint | Interface endpoint

When to use a gateway endpoint?

For s3 and Dynamo

When to use an interface endpoint?

When it’s not for s3 or Dynamo

Want to secure your VPC. Use what two things?

Network ACLs | Security groups

If you add a rule to a network ACL. Does it effect all instances in the related subnet?

Yes

You detect a malicious set of IPs attacking your VPC. Where best to apply a block on the IP range?

The network ACL

NAT instances. Who is responsible for security, scalability and health checks?

You are.

What is NAT gateway?

Fully managed service for NAT instances

How to make NAT gateways HA?

Place them in multiple AZ’s

True or false. NAT gateways are a good choice where a NAT instance is a bottle neck?

True

Is Amazon direct connect encrypted by default?

How to encrypt data sent over direct connect?

Use a VPN

Is direct connect considered low latency?

Yes

What does direct connect do?

Managed connectivity between multiple VPCs

What is flat network architecture in AWS

Single account with a single VPC

What is seven enter network architecture in AWS?

Multiple accounts in multiple VPCs

Is transistive routing supporting in VPC peering?

Does VPC Peering work cross region?

Yes

Site to site VPN connections require

A pupbloc IP address on the customer gateway of the on premisises network A virtual gateway attatched to the VPC

Can you share a NAT instance across a VPC?

You have a direct connect connection. But you need it to be highly available. How do you do this?

Have a redundant connection fallback from another location.