Amazon Virtual Private Cloud (VPC) Flashcards
VPC provides complete control over the _______ __________ environment
VPC provides complete control over the virtual networking environment
VPCs are _____ wide service
VPCs are region wide service
A default VPC is created in each _____ with a ____ in each AZ
A default VPC is created in each region with a subnet in each AZ
By default, you can create up to ____ VPCs per region
By default, you can create up to Five VPCs per region
Public subnets are subnets that have which setting set to “Yes”
Public subnets are subnets that have which setting set to “Yes”
- “Auto-assign public IPv4 address” set to “Yes”
Public subnet route table has an ________ _______ attached
Public subnet route table has an Internet Gateway attached
When you create a VPC, you must specify a ____ of ____ addresses for the VPC in the form of a ____ block
When you create a VPC, you must specify a range of Ipv4 addresses for the VPC in the form of a CIDR block
A VPC spans all the ____ _____ in the region
A VPC spans all the ____ _____ in the region
Availability Zones
You have ___ _______ over who has access to the AWS resources inside your VPC
You have ___ _______ over who has access to the AWS resources inside your VPC
full control
Routers interconnect subnet and direct traffic between (4)
Internet gateways
NAT gateways
Virtual private gateways
Subnets
VPC Endpoints allows private connectivity between services ______ in ___
VPC Endpoints allows private connectivity between services hosted in AWS
Egress-only Internet Gateway is a stateful gateway that provides egress-only access for ____ traffic from the ___ to the internet
Egress-only Internet Gateway is a stateful gateway that provides egress-only access for IPv6 traffic from the VPC to the internet
Peering Connection enables you to route traffic via private IP addresses between two ______ _____
Peering Connection enables you to route traffic via private IP addresses between two peered VPCs
NAT Gateway features: (3)
_______ available
Provides resources in _______ subnet access to the ______ internet
______ Network Address Translation (NAT) service
Highly available
Provides resources in private subnet access to the public internet
Managed Network Address Translation (NAT) service
Your side of the VPN connection is called the ________ Gateway
Your side of the VPN connection is called the Customer Gateway
CIDR block size can be between ____ and _____
CIDR block size can be between /16 and /28
You cannot ____ or _____ the size of an existing CIDR blcok
You cannot increase or decrease the size of an existing CIDR block ;
The first ____ and ____ IP addresses in a subnet CIDR block are ___ _________ for use
The first four and last IP addresses in a subnet CIDR block are not available for use
AWS recommends you use CIDR blocks from the ___ _____ ranges
AWS recommends you use CIDR blocks from the RFC 1918 ranges
In order to work properly, VPC Peering requires non-overlapping CIDR blocks across all ____ in all _____ and _______ you want to connect
In order to work properly, VPC Peering requires non-overlapping CIDR blocks across all VPCs in all regions and accounts you want to connect
Flow Logs capture information about traffic to and from _______ interfaces in a ___
Flow Logs capture information about traffic to and from network interfaces in a VPC
The ________ Gateway is the Amazon ___ side of a connection to the public Internet.
The Internet Gateway is the Amazon VPC side of a connection to the public Internet.
Flow log data is stored using __________ Logs or ___
Flow log data is stored using CloudWatch Logs or S3
Flow logs can be created at the following levels: (3)
Network interface
Subnet
VPC
Hardware VPN Connection is a hardware-based connection between your Amazon VPC and your ____ center, ____ network, or __-_______ facility
Hardware VPN Connection is a hardware-based connection between your Amazon VPC and your data center, home network, or co-location facility
Security Groups operate at the _______ level while Network ACL operate at the ______
Security Groups operate at the instance level while Network ACL operate at the subnet
Which is stateful and stateless between SGs and ACLs?
ACL: Stateless
SG: Stateful
SG’s support _____ rules only and evaluates ___ rules regardless of _____
SG’s support deny rules only and evaluates all rules regardless of order
ACL’s support _____ and _____ rules and processes rules in _____
ACL’s support allow and deny rules and processes rules in order
Network ACL rules ___________ _____ to all instances in the associated subnets.
Network ACL rules ___________ _____ to all instances in the associated subnets.
automatically apply
VPN CloudHub provides a way to link _____ ______ for a backup or primary WAN access to AWS resources and ____ _____
VPN CloudHub provides a way to link remote offices for a backup or primary WAN access to AWS resources and each other
VPN CloudHub connects locations in a ___ and _____ manner using AWS Virtual Private Gateway
VPN CloudHub connects locations in a ___ and _____ manner using AWS Virtual Private Gateway
Hub and Spoke
If you have resources in multiple AZ and they share a NAT Gateway. What will happen if the AZ where the NAT Gateway is goes down?
All connected resources will lose internet access
What makes an application or process stateful vs. stateless depends on whether or not it _____ data ____ _____
What makes an application or process stateful vs. stateless depends on whether or not it stores data over time.
SG’s are stateful, meaning if you send a request from your instance, the response traffic for that request is _______ to flow in regardless of _______ ____
SG’s are stateful, meaning if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound rules.
By default, custom Network ACL’s deny all inbound and outbound traffic until you ___ _____
By default, custom Network ACL’s deny all inbound and outbound traffic until you add rules.
Each subnet in VPC must be associated with a network ACL. If you don’t explicitly associate a subnet with a network ACL, then that subnet is ____________ associated with the ______ network ACL.
Each subnet in VPC must be associated with a network ACL. If you don’t explicitly associate a subnet with a network ACL, then that subnet is automatically associated with the default network ACL.
You can associate a network ACL with how many subnets?
multiple subnets.
When you associate a network ACL with a subnet, what happens to the previous ACL association?
the previous association is removed.
A Network ACL being stateless means responses to inbound traffic are subject to the rules for outbound traffic and vice versa
A Network ACL being stateless means responses to inbound traffic are subject to the _____ for _______ traffic and ____ ____
VPC endpoints allow you to connect AWS services without leaving the Amazon ________ _______
VPC endpoints allow you to connect AWS services without leaving the Amazon internal network
With AWS, you can choose between two VPC endpoint types- ________ endpoint or ________ endpoint - to securely access your __ ______ using a private network
With AWS, you can choose between two VPC endpoint types- gateway endpoint or interface endpoint - to securely access your S3 buckets using a private network
You can peer VPC with VPCs in the ____ account and with ____ AWS accounts
You can peer VPC with VPCs in the same account and with other AWS accounts
If you need to connect tens, hundreds, or thousands of customer VPCs, what service should you use instead of VPC peering
AWS PrivateLink
When using VPC endpoints, Gateway Endpoint only supports __ and ________
When using VPC endpoints, Gateway Endpoint only supports S3 and DynamoDB
The ________ ________ Gateway is the Amazon VPC side of a ____ connection.
The Virtual Private Gateway is the Amazon VPC side of a VPN connection.