AWS Components Flashcards

1
Q

What is Virtual Private Cloud (VPC)

A

logically segmented network within AWS that allows connected resources to communicate with each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does the peer relationship work for VPC?

A

permits traffic only directly between the two peers and does not provide for any transit capabilities from one peer VPC through another to an external destination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does the network connectivity work between two VPCs after establishing the VPC peering relationship?

A

there is two-way network connectivity between the entire IP address block of both VPCs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does VPC Hub-and-Spoke Model work?

A
  • subscriber VPCs (spokes) use VPC peering with the central VPC (hub) to provide direct communications between the instances in the subscriber VPCs and the instances in the central VPC
  • the subscriber VPCs are unable to communicate with each other because this would require transit connectivity through the central VPC, which is not a capability supported by VPC peering
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does AWS do if it sees packets with a source or destination IP address outside of the two peered VPCs

A

it drops the traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the role of AWS Transit Gateway?

A

enables to control communications between VPCs and to connect to on-premises networks via a single gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

in contrast to VPC peering, which interconnects two VPCs only, what can act as a hub in a hub-and-spoke model for interconnecting VPCs?

A

Transit Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Elastic Network Interface (ENI)?

A

a logical networking component in a VPC that represents a virtual network card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

With which AWS component does the VM-Series integrate to simplify the setup of centralized inspection?

A

Transit Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When integrating firewall with a Transit Gateway, what is the name of the VPC that is created?

A

security VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How is the traffic inspected in security VPC?

A

firewalls are deployed in security vpc and they connect to the Transit Gateway via VPC or VPN attachments and all traffic is routed to the VM-Series firewall for inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What do security groups provide?

A

an Layer 4 stateful firewall for control of the source/destination IP addresses and ports that are permitted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How are Security Groups applied?

A

to an instance’s network interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Are Security Groups stateful?

A

yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How many security groups can be associated to an interface?

A

up to 5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the default behavior of a security groups?

A

the default setting contains no inbound rule, and the outbound rule permits all traffic

17
Q

Which actions can be configured in a Security Group?

A

allow action rules only—there is no explicit deny action

18
Q

What kind of traffic can a Security Group police?

A

any protocol that has a standard protocol number

19
Q

When deploying a VPC, there is a default ACL associated with it. How does it behave?

A

permits all traffic

20
Q

What kind of traffic policing does a Network ACL provide?

A

Layer 4 control of source/destination IP addresses and ports, inbound and outbound from subnets

21
Q

How are network ACLs applied?

A

at subnet level

22
Q

What kind of actions does a network ACL have?

A

allow and deny action rules

23
Q

Are Network ACLs stateful?

A

stateless - bidirectional traffic must be permitted in both directions

24
Q

What IP address does the Internet Gateway (IGW) map?

A

a mapping of an internal VPC IP address to a public IP address owned by AWS

25
Q

How can be an IP address assigned to Internet Gateway (IGW?)

A
  • random and dynamic
    • AWS assigns the IP address to an instance at startup and returns it to the pool when you stop the instance
  • random and assigned to an instance as part of a process
    • the IP address stays with the instance unless you intentionally assign it to another instance or delete it and return it to the pool
26
Q

What does a VPN Gateway (VGW) provide?

A

a VPN service to a VPC for the termination of IPSec tunnels

27
Q

What is an Amazon Elastic Compute Cloud (EC2)?

A

a VM that is deployed within a VPC

28
Q

What is Amazon Machine Image (AMI)?

A

VM images available in the Amazon Marketplace for deployment as a VPC instance