VPC Fundementals

Question 1

What is a VPC?

Answer 1

A Virtual Private Cloud, a private network in AWS to deploy resources.

Question 2

What is a subnet?

Answer 2

A partition of a VPC’s network; tied to an Availability Zone.

Question 3

What is the difference between public and private subnets?

Answer 3

Public subnets can access the internet; private subnets cannot.

Question 4

What component allows subnets to access the internet?

Answer 4

Internet Gateway for public subnets; NAT Gateway for private subnets.

Question 5

What is an Internet Gateway?

Answer 5

Allows instances in a VPC to connect to the internet.

Question 6

What is a NAT Gateway?

Answer 6

Allows instances in private subnets to access the internet while remaining unreachable from it.

Question 7

What is a NACL?

Answer 7

A subnet-level firewall that allows or denies traffic.

Question 8

What is a Security Group?

Answer 8

An instance-level firewall that only allows traffic.

Question 9

How do NACLs and Security Groups differ?

Answer 9

NACLs are stateless and support DENY rules; Security Groups are stateful and support only ALLOW rules.

Question 10

What is the purpose of VPC Flow Logs?

Answer 10

To capture information about IP traffic going to and from network interfaces in a VPC.

Question 11

Where can VPC Flow Logs send data?

Answer 11

Amazon S3, CloudWatch Logs, or Kinesis Data Firehose.

Question 12

What is VPC Peering?

Answer 12

A private connection between two VPCs using the AWS network.

Question 13

Can VPC peering be transitive?

Answer 13

No, VPC peering is not transitive.

Question 14

What is a VPC Endpoint?

Answer 14

Allows private access to AWS services from your VPC.

Question 15

What are the two types of VPC Endpoints?

Answer 15

Gateway (for S3/DynamoDB) and Interface (for other services).

Question 16

What is Site-to-Site VPN?

Answer 16

Encrypted VPN over the internet connecting on-premises to AWS.

Question 17

What is AWS Direct Connect?

Answer 17

A private, fast, secure physical connection from on-premises to AWS.

Question 18

Which connection goes over the public internet?

Answer 18

Site-to-Site VPN.

Question 19

Which connection is private and takes longer to set up?

Answer 19

AWS Direct Connect.

Question 20

What is a NAT Gateway used for?

Answer 20

Providing internet access to private subnets.

Question 21

What are NACLs and where are they applied?

Answer 21

Network Access Control Lists applied at the subnet level.

Question 22

What are Security Groups and where are they applied?

Answer 22

Instance-level firewalls applied to EC2 or ENI.

Question 23

What are VPC Flow Logs used for?

Answer 23

Monitoring IP traffic and troubleshooting network issues.

Question 24

Can you peer VPCs with overlapping CIDRs?

Answer 24

No, VPC peering requires non-overlapping CIDR blocks.

Question 25

What does LAMP stand for?

Answer 25

Linux, Apache, MySQL, PHP.

Question 26

Where does Apache run in the LAMP stack?

Answer 26

On EC2, serving as the web server.

Question 27

Where is the database hosted in a typical LAMP architecture on AWS?

Answer 27

Amazon RDS with MySQL.

Question 28

Which AWS service can be added for caching in LAMP?

Answer 28

Amazon ElastiCache.

Question 29

Where is application logic and data stored in EC2?

Answer 29

On an EBS volume (root or additional).