A Cantrill - ADVANCED VPC Networking

Question 1

What does VPC flow logs capture?

Answer 1

Captures metadata (does not capture contents).

Includes:
source and destination IP addr
source and destination ports
protocols

Question 2

Are VPC flow logs realtime or not ?

Answer 2

No, VPC flow logs are NOT realtime.

Question 3

What are gateway endpoints?

Answer 3

Gateway endpoints are a type of VPC endpoint which allow access to S3 and DynamoDB without using public addressing. HA, regional.

Question 4

What are interface endpoints?

Answer 4

Interface endpoints are used to allow private IP addressing to access public AWS services. NOT HA, AZ specific.

Uses PrivateLink … If you see PrivateLink in exam ==> INTERFACE endpoint

Question 5

How does GW endpoint and interface endpoints differ?

Answer 5

GW uses prefix lists/route table, interface uses DNS.

Question 6

What is VPC peering?

Answer 6

VPC peering is a software defined and logical networking connection between two VPC’s. Can be same or different regions AND accounts.

Question 7

Does VPC peering support transitive peering?

Answer 7

NO. VPC peering does NOT support transitive peering.

Question 8

Where can VPC flow logs be attached?

Answer 8

VPCs, Subnets, ENIs.

Question 9

To peer 4 VPC’s how many peering connections are required?

Answer 9

6 peering connections are required when connecting 4 VPCs.