Amazon Virtual Private Cloud (VPC)

Question 1

VPC provides complete control over the _______ __________ environment

Answer 1

VPC provides complete control over the virtual networking environment

Question 2

VPCs are _____ wide service

Answer 2

VPCs are region wide service

Question 3

A default VPC is created in each _____ with a ____ in each AZ

Answer 3

A default VPC is created in each region with a subnet in each AZ

Question 4

By default, you can create up to ____ VPCs per region

Answer 4

By default, you can create up to Five VPCs per region

Question 5

Public subnets are subnets that have which setting set to “Yes”

Answer 5

Public subnets are subnets that have which setting set to “Yes”

• “Auto-assign public IPv4 address” set to “Yes”

Question 6

Public subnet route table has an ________ _______ attached

Answer 6

Public subnet route table has an Internet Gateway attached

Question 7

When you create a VPC, you must specify a ____ of ____ addresses for the VPC in the form of a ____ block

Answer 7

When you create a VPC, you must specify a range of Ipv4 addresses for the VPC in the form of a CIDR block

Question 8

A VPC spans all the ____ _____ in the region

Answer 8

A VPC spans all the ____ _____ in the region

Availability Zones

Question 9

You have ___ _______ over who has access to the AWS resources inside your VPC

Answer 9

You have ___ _______ over who has access to the AWS resources inside your VPC

full control

Question 10

Routers interconnect subnet and direct traffic between (4)

Answer 10

Internet gateways

NAT gateways

Virtual private gateways

Subnets

Question 11

VPC Endpoints allows private connectivity between services ______ in ___

Answer 11

VPC Endpoints allows private connectivity between services hosted in AWS

Question 12

Egress-only Internet Gateway is a stateful gateway that provides egress-only access for ____ traffic from the ___ to the internet

Answer 12

Egress-only Internet Gateway is a stateful gateway that provides egress-only access for IPv6 traffic from the VPC to the internet

Question 13

Peering Connection enables you to route traffic via private IP addresses between two ______ _____

Answer 13

Peering Connection enables you to route traffic via private IP addresses between two peered VPCs

Question 14

NAT Gateway features: (3)

_______ available

Provides resources in _______ subnet access to the ______ internet

______ Network Address Translation (NAT) service

Answer 14

Highly available

Provides resources in private subnet access to the public internet

Managed Network Address Translation (NAT) service

Question 15

Your side of the VPN connection is called the ________ Gateway

Answer 15

Your side of the VPN connection is called the Customer Gateway

Question 16

CIDR block size can be between ____ and _____

Answer 16

CIDR block size can be between /16 and /28

Question 17

You cannot ____ or _____ the size of an existing CIDR blcok

Answer 17

You cannot increase or decrease the size of an existing CIDR block ;

Question 18

The first ____ and ____ IP addresses in a subnet CIDR block are ___ _________ for use

Answer 18

The first four and last IP addresses in a subnet CIDR block are not available for use

Question 19

AWS recommends you use CIDR blocks from the ___ _____ ranges

Answer 19

AWS recommends you use CIDR blocks from the RFC 1918 ranges

Question 20

In order to work properly, VPC Peering requires non-overlapping CIDR blocks across all ____ in all _____ and _______ you want to connect

Answer 20

In order to work properly, VPC Peering requires non-overlapping CIDR blocks across all VPCs in all regions and accounts you want to connect

Question 21

Flow Logs capture information about traffic to and from _______ interfaces in a ___

Answer 21

Flow Logs capture information about traffic to and from network interfaces in a VPC

Question 22

The ________ Gateway is the Amazon ___ side of a connection to the public Internet.

Answer 22

The Internet Gateway is the Amazon VPC side of a connection to the public Internet.

Question 23

Flow log data is stored using __________ Logs or ___

Answer 23

Flow log data is stored using CloudWatch Logs or S3

Question 24

Flow logs can be created at the following levels: (3)

Answer 24

Network interface

Subnet

VPC

Question 25

Hardware VPN Connection is a hardware-based connection between your Amazon VPC and your ____ center, ____ network, or __-_______ facility

Answer 25

Hardware VPN Connection is a hardware-based connection between your Amazon VPC and your data center, home network, or co-location facility

Question 26

Security Groups operate at the _______ level while Network ACL operate at the ______

Answer 26

Security Groups operate at the instance level while Network ACL operate at the subnet

Question 27

Which is stateful and stateless between SGs and ACLs?

Answer 27

ACL: Stateless

SG: Stateful

Question 28

SG’s support _____ rules only and evaluates ___ rules regardless of _____

Answer 28

SG’s support deny rules only and evaluates all rules regardless of order

Question 29

ACL’s support _____ and _____ rules and processes rules in _____

Answer 29

ACL’s support allow and deny rules and processes rules in order

Question 30

Network ACL rules ___________ _____ to all instances in the associated subnets.

Answer 30

Network ACL rules ___________ _____ to all instances in the associated subnets.

automatically apply

Question 31

VPN CloudHub provides a way to link _____ ______ for a backup or primary WAN access to AWS resources and ____ _____

Answer 31

VPN CloudHub provides a way to link remote offices for a backup or primary WAN access to AWS resources and each other

Question 32

VPN CloudHub connects locations in a ___ and _____ manner using AWS Virtual Private Gateway

Answer 32

VPN CloudHub connects locations in a ___ and _____ manner using AWS Virtual Private Gateway

Hub and Spoke

Question 33

If you have resources in multiple AZ and they share a NAT Gateway. What will happen if the AZ where the NAT Gateway is goes down?

Answer 33

All connected resources will lose internet access

Question 34

What makes an application or process stateful vs. stateless depends on whether or not it _____ data ____ _____

Answer 34

What makes an application or process stateful vs. stateless depends on whether or not it stores data over time.

Question 35

SG’s are stateful, meaning if you send a request from your instance, the response traffic for that request is _______ to flow in regardless of _______ ____

Answer 35

SG’s are stateful, meaning if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound rules.

Question 36

By default, custom Network ACL’s deny all inbound and outbound traffic until you ___ _____

Answer 36

By default, custom Network ACL’s deny all inbound and outbound traffic until you add rules.

Question 37

Each subnet in VPC must be associated with a network ACL. If you don’t explicitly associate a subnet with a network ACL, then that subnet is ____________ associated with the ______ network ACL.

Answer 37

Each subnet in VPC must be associated with a network ACL. If you don’t explicitly associate a subnet with a network ACL, then that subnet is automatically associated with the default network ACL.

Question 38

You can associate a network ACL with how many subnets?

Answer 38

multiple subnets.

Question 39

When you associate a network ACL with a subnet, what happens to the previous ACL association?

Answer 39

the previous association is removed.

Question 40

A Network ACL being stateless means responses to inbound traffic are subject to the rules for outbound traffic and vice versa

Answer 40

A Network ACL being stateless means responses to inbound traffic are subject to the _____ for _______ traffic and ____ ____

Question 41

VPC endpoints allow you to connect AWS services without leaving the Amazon ________ _______

Answer 41

VPC endpoints allow you to connect AWS services without leaving the Amazon internal network

Question 42

With AWS, you can choose between two VPC endpoint types- ________ endpoint or ________ endpoint - to securely access your __ ______ using a private network

Answer 42

With AWS, you can choose between two VPC endpoint types- gateway endpoint or interface endpoint - to securely access your S3 buckets using a private network

Question 43

You can peer VPC with VPCs in the ____ account and with ____ AWS accounts

Answer 43

You can peer VPC with VPCs in the same account and with other AWS accounts

Question 44

If you need to connect tens, hundreds, or thousands of customer VPCs, what service should you use instead of VPC peering

Answer 44

AWS PrivateLink

Question 45

When using VPC endpoints, Gateway Endpoint only supports __ and ________

Answer 45

When using VPC endpoints, Gateway Endpoint only supports S3 and DynamoDB

Question 46

The ________ ________ Gateway is the Amazon VPC side of a ____ connection.

Answer 46

The Virtual Private Gateway is the Amazon VPC side of a VPN connection.