ADVANCED VPC Networking

Question 1

allowing the monitoring of traffic flow to and from interfaces within a VPC

Answer 1

VPC Flow Logs

Question 2

VPC only caputures metadata and not contents

Answer 2

True

Question 3

When attached to a VPC, flow logs monitor

Answer 3

All ENI in VPC

Question 4

When attached to a Subnet, flow logs monitor

Answer 4

All ENI in Subnet

Question 5

Can Flow logs be attached to ENIs directly?

Answer 5

Yes

Question 6

Are Flow Logs realtime?

Answer 6

NO

Question 7

VPC Flow Log destinations are S3 or CloudWatch Logs

Answer 7

True

Question 8

Can Athena be used to query VPC Flow logs in S3?

Answer 8

Yes

Question 9

Do flow logs monitor packet Contents?

Answer 9

No

Question 10

Allow outbound (and response) only access to the public AWS services and Public Internet for IPv6-enabled instances or other VPC-based services

Answer 10

Egress-Only internet gateways

Question 11

Allows private IPs to access public networks without allowing externally initiated connections in

Answer 11

NAT

Question 12

Internet Gateway IPv6 allows all IPS in and out

Answer 12

True

Question 13

type of VPC endpoint which allow access to S3 and DynamoDB without using public addressing

Answer 13

Gateway Endpoints

Question 14

added to route table and points the route table to it

Answer 14

Gateway Endpoints

Question 15

Gateway endpoints are Highly available across all AZs in a region

Answer 15

True

Question 16

Controls which things can be connected to by the gateway endpoint

Answer 16

Endpoint Policies

Question 17

Can Gateway Endpoints access cross-region services?

Answer 17

No

Question 18

used to allow private IP addressing to access public AWS services apart from S3 and DynamoDb

Answer 18

Interface Endpoints

Question 19

Are Interface Endpoints highly available by default?

Answer 19

No

Question 20

1 Endpoint to 1 Subnet Per used AZ to get High Availability

Answer 20

True

Question 21

Interface Endpoints only support TCP and IPv4

Answer 21

True

Question 22

Do interface Endpoints use PrivateLink?

Answer 22

Yes

Question 23

Interface Endpoints provides a NEW service endpoint DNS

Answer 23

True

Question 24

One single DNS name that works with whatever AZ you’re using to access the interface endpoint

Answer 24

Endpoint Regional DNS

Question 25

Resolves to one specific interface in one specific availability zone

Answer 25

Endpoint Zonal DNS

Question 26

OVerrides the default DNS for services

Answer 26

PrivateDNS

Question 27

Associates a private R53 hosted zone to the VPC changing the default service DNS to resolve to the interface endpoint ip

Answer 27

Private DNS

Question 28

Uses prefix lists and route tables

Answer 28

Gateway Endpoints

Question 29

Uses DNS and a private IP address

Answer 29

Interface Endpoints

Question 30

networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses

Answer 30

VPC peering

Question 31

One peering connection links two and only two VPCs

Answer 31

True

Question 32

Does VPC peering work across region/cross account

Answer 32

Yes

Question 33

Does VPC Perring support transitive peering?

Answer 33

No

Question 34

are route tables at both sides of the peering connection needed?

Answer 34

Yes

Question 35

Can VPC peering connections be created where there is overlap in the VPC CIDRS?

Answer 35

No