VPC - Access Control Lists (ACLs) Flashcards

1
Q

Can subnets/availability zones span multiple Network ACLs?

A

No, but the reverse is possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What traffic does the default Network ACL allow?

A

All traffic inbound and outbound.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What traffic does a new Network ACL allow?

A

No traffic inbound or outbound.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When you create a standard Network ACL for connecting to the Internet, why might it not connect right away?

A

You will need another rule that opens up ephemeral ports in order to cover the different types of clients that might initiate traffic to the public-facing instances in your VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

T/F: Each subnet in your VPC must be associated with a network ACL.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If you don’t explicitly associate a subnet with a network ACL…

A

…the subnet is automatically associated with the default network ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When you associate a network ACL with a subnet…

A

…the previous association is removed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How are the rules in a Network ACL evaluated?

A

Numerical order starting with the lowest number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When blocking specific IPs…

A

…use network ACLs not security groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly