AWS Network and Content Delivery - Networking & Content Delivery Flashcards

Question 1

Q

How many bits is an IPv4 address, and what does an IPv4 address look like?

Answer

A

An IPv4 address is 32 bits long and is typically expressed in dotted-decimal notation, like “192.168.0.1”.

Question 2

Q

VPC-Private-Subnet-Diagram-With-VPC-Endpoints

Question 3

Q

AWS Virtual Private Cloud (VRF if you wish) is limited to a single region. It can have many subnets, each subnet limited to a single availability zone. AWS is obviously enforcing very strict fault isolation.

Question 4

Q

mermaid

Answer

A

AWS accounts can access resources in multiple regions.
Within each region, you can have multiple Virtual Private Clouds (VPCs).
Each VPC exists within a single region and cannot span multiple regions.
Within each VPC, you can create one or more subnets.
Each subnet is associated with a single Availability Zone and cannot span multiple Availability Zones.
A subnet is a range of IP addresses in your VPC where you can create AWS resources, such as EC2 instances.
When you create a subnet, you specify its IP addresses, depending on the configuration of the VPC.
The 4 types of subnets include Public subnet, Private subnet, VPN-only subnet, and Isolated subnet.
The minimum size of a subnet is a /28 (or 14 IP addresses) for IPv4.
In the context of AWS VPCs, the allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses).
However, AWS reserves the first four IP addresses and the last IP address of each subnet for IP networking purposes.
For IPv6, the subnet size is fixed to be a /64. Only one IPv6 CIDR block can be allocated to a subnet.
A VPC in AWS has several attributes that are not specific to its subnets.
These include DNS attributes, Amazon DNS server, DHCP option sets, Flow Logs, IP Address Manager (IPAM), Ingress Routing, Network Access Analyzer, Network Manager, Reachability Analyzer.

Question 5

Q

connecting to s3 bucket over internet with nat gatewayreplace the NAT gateway with a VPC endpoint so that we can reach S3 (or any other AWS service) without connectivity to the outside

Answer

A

replace the NAT gateway with a VPC endpoint so that we can reach S3 (or any other AWS service) without connectivity to the outside

Question 6

Q

private connection vpc endpoint goes with card 3

Question 7

Q

private ways to connect to s3 bucket

Question 8

Q

Answer

A

POST SMART” Linkedin
Here’s how to associate each letter with a writing aspect:
P - Purposeful Topic: Start with a purposeful topic that aligns with your professional expertise or industry trends. Choose something that provides value or insights to your LinkedIn network.
O - Organized Structure: Ensure your article has a clear and organized structure. Use headings, subheadings, and bullet points to make it easy for readers to follow along.
S - Storytelling: Incorporate storytelling to make your article engaging and relatable. Share personal anecdotes or real-world examples to illustrate your points.
T - Target Audience: Keep your target audience in mind. Write with your LinkedIn connections in mind, addressing their interests, challenges, and needs.
S - Strategic Keywords: Use strategic keywords relevant to your industry or topic. This can improve the discoverability of your article on LinkedIn and through search engines.
M - Meaningful Content: Provide meaningful and valuable content. Offer insights, tips, or solutions that your readers can apply in their professional lives.
A - Authentic Voice: Write in an authentic voice that reflects your personality and expertise. Avoid overly formal language and aim for a conversational tone.
R - Relevant Visuals: Include relevant visuals such as images, infographics, or charts to enhance your article and make it visually appealing.
T - Thoughtful Conclusion: Conclude your article thoughtfully. Summarize key points, invite readers to share their thoughts in the comments, or encourage them to take a specific action.

Question 9

Q

C-EP-EAS-PAI-EMII-CII

CEPE ASP IMIICIICII

Answer

A

Cogently, Eloquently, Perspicaciously, Eruditely, Astutely, Sagaciously, Profoundly, Acutely, Incisively, Meticulously, Invariably, Ineffably, Conclusively, Incontrovertibly, Inherently, Inimitably, Ineffaceably, Inscrutably, Inexplicably, Inextricably.

Question 10

Q

How many bits is an IPv6 address, and what does an IPv6 address look like?

Answer

A

An IPv6 address is 128 bits long and is expressed in hexadecimal notation with colons, like “2001:0db8:85a3:0000:0000:8a2e:0370:7334”.

Question 11

Q

What does a CIDR notation show, and what does it look like?

IP_address/prefix_length

Answer

A

CIDR notation represents IP addresses and their associated routing prefix. It looks like “IP_address/prefix_length”, e.g., “192.168.0.0/24”.

Question 12

Q

What is the OSI model, how many layers are there, and which layers does Amazon handle, and which layers does the customer handle?

N/AP 3/57

Answer

A

The OSI model has seven layers. Amazon primarily handles the networking layers (Layer 3 and below , while customers are responsible for the application and presentation layers (Layers 5-7 .

Question 13

Q

OSI MMEMONIC

Answer

A

All (Application)
People (Presentation)
Seem (Session)
To (Transport)
Need (Network)
Data (Data Link)
Processing (Physical)

Question 14

Q

OSI MMEMONIC

USS TPFP

Question 15

Q

What is Amazon VPC?

LOGICAL PRIVATE CLOUD TO LAUNCH

Answer

A

Amazon VPC Virtual Private Cloud is a service that lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

Question 16

Q

What does Amazon VPC allow you to select or enable?

I Create Cool SBNT TABLE Networks GATEWAY Really!”

Now, let’s break it down:

I (IP Address Range): This reminds you of the initial step, defining the IP address range for your network.

Create (Create Subnets): This represents the next step, where you create subnets based on the defined IP address range.

Cool (Configure Route Tables): This part reminds you to configure route tables to manage the traffic flow within your network.

Networks (Set Up Network Gateways): The last part of the phrase reminds you of setting up network gateways, which is crucial for connecting your network to the external world.

Answer

A

Amazon VPC allows you to select your own IP address range, create subnets, configure route tables, and set up network gateways.

Question 17

Q

What does Amazon VPC allow you to select or enable? 2

“Ninja SDV EV”

Answer

A

“Ninja SVD EV”

Network Access Control Lists (NACLs)
Security Groups
Direct Connect
Virtual Private Network (VPN) Connections
Direct Connect
ELASTIC Load Balancers
VPC Peering

Question 18

Q

How many regions and how many availability zones can a VPC span?

VPC NO MAZ ACROSS DIFFERENT REGIONS . SBNT WI VPC SBNT W SPECIFICE AZ WI

Answer

A

A VPC can span all AWS regions and multiple availability zones within each region.

However, a single VPC cannot span multiple availability zones across different regions. When you create subnets within a VPC, those subnets can be associated with specific availability zones within the chosen region.

Question 19

Q

What is a subnet, and how can they be classified?

IP RANGE IN VPC/PUB AND PRIV

Answer

A

A subnet is a range of IP addresses in your VPC. Subnets can be classified as public or private, depending on whether the instances in the subnet are exposed to the internet.

Question 20

Q

How many availability zones can a subnet span?

VPC MULTIPLE SBNT =1AZ

SBNT SPAN MAZ WI 1 REGION RESOURCE EC2 1 SBNT AT A TIME

Answer

A

In AWS (Amazon Web Services), a subnet can span multiple availability zones (AZs) within a single AWS region. Each subnet is associated with a specific availability zone. By spanning subnets across multiple availability zones, you can design your infrastructure to be more resilient to failures in a single availability zone.

Keep in mind that while a subnet can span multiple availability zones, a resource (e.g., an EC2 instance) can only be associated with one subnet at a time. When designing for high availability, you distribute your resources across multiple subnets, each in a different availability zone, and use features like Elastic Load Balancers, Auto Scaling Groups, and Route 53 for effective load balancing and failover.

Question 21

Q

Can you change an IP address range after you create the VPC?

Answer

A

No, you cannot change the IP address range of an existing VPC after it has been created.

Question 22

Q

What is the difference between a public subnet and a private subnet?

ROUTE TO

Answer

A

A public subnet has a route to the internet, while a private subnet does not have a direct route to the internet.

Question 23

Q

What is the smallest and what is the largest IPv4 CIDR block that you may use?

28/16 16/65536

Answer

A

The smallest IPv4 CIDR block is a /28 (16 IPv4 addresses , and the largest is a /16 (65,536 IPv4 addresses .

Question 24

Q

How many IP addresses within a CIDR block are reserved for AWS use and not available to the customer?

NA VPC ROUTER DNS FU NBA

Answer

A

The first four and the last IP address in a CIDR block are reserved for AWS use and are not available to customers0.1: Reserved by AWS for the VPC router.
0.0: Network address.
0.2: Reserved by AWS. The IP address of the DNS server is the base of the VPC network range plus two. …
0.3: Reserved by AWS for future use.
0.255: Network broadcast address..

Question 25

Q

What are the reserved addresses, and what are they used for?

NA VPC ROUTER IPDNS SERVER FUTURE NETWORK BROADCST ADDRESS

What are 5 reserved IP addresses in AWS?
0.0/24 , the following five IP addresses are reserved:
0.0: Network address.
0.1: Reserved by AWS for the VPC router.
0.2: Reserved by AWS. The IP address of the DNS server is the base of the VPC network range plus two. …
0.3: Reserved by AWS for future use.
0.255: Network broadcast address.

Answer

A

What are 5 reserved IP addresses in AWS?
0.0/24 , the following five IP addresses are reserved:
0.0: Network address.
0.1: Reserved by AWS for the VPC router.
0.2: Reserved by AWS. The IP address of the DNS server is the base of the VPC network range plus two. …
0.3: Reserved by AWS for future use.
0.255: Network broadcast address.

Question 26

Q

What is an elastic IP address, and what is the benefit of using an elastic IP address?

NATG OR VMI DIS OR TERM

STATIC IPv4 DYNAMIC CLOUD COMPUTING CONSITENT IP TO MASK FAILURE OF VMI

Answer

A

NATG OR VMI Disaccociate or Terminate

Question 27

Q

What is an elastic IP address, and what is the benefit of using an elastic IP address?

STATIC IPv4 DYNAMIC CLOUD COMPUTING CONSITENT IP TO MASK FAILURE OF VMI

Answer

A

An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. The benefit is that it provides a consistent IP address that you can use to mask the failure of an instance or to ensure that traffic is routed to the proper instance in your VPC.

Question 28

Q

What is an elastic network interface?

VIRTUAL/NI ATTACH TO VMI IN VPC NETWORKING FOR VMI

Answer

A

An Elastic Network Interface (ENI is a virtual network interface that you can attach to instances in a VPC. It provides networking capabilities for instances.

Question 29

Q

What is a route table and what are the 2 designations or columns that each route table has?

RULES CALLED ROUTES FOR TRAFFIC DESTINATION TARGET

Answer

A

A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. The two designations or columns in a route table are “Destination” and “Target.”

Question 30

Q

Does a subnet require a route table, and how many route tables can be associated with each subnet?

YES SUBNET = 1 ROUTE TABLE MULTIPLE SBNTS WITH SAME ROUTE TABLE

Answer

A

Yes, a subnet requires a route table. Each subnet must be associated with one route table at a time, but you can associate multiple subnets with the same route table.

Question 31

Q

Can the same route table be used by another subnet?

Answer

A

Yes, the same route table can be associated with multiple subnets.

Question 32

Q

When you use the VPC wizard, what are the 4 VPC configuration options, and when is each configuration most appropriate?

1 P SBNT PP SBNT PP SBNT VPN P VPN

Answer

A

Amazon VPC with a single public subnet only.
Amazon VPC with public and private subnets.
Amazon VPC with public and private subnets and AWS Site-to-Site VPN access.
Amazon VPC with a private subnet only and AWS Site-to-Site VPN access.

Question 33

Q

What is an Internet gateway igw ?

—–vpc COMPONENT / COM BTWN VMI IN VPC AND INTERNET

Answer

A

An Internet Gateway (IGW is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet.

Question 34

Q

What 2 things are needed in order to make a subnet public?

ROUTE VIA IG AND VMI IN SBNT PUBLIC IP OR ELASTIC IP

Answer

A

To make a subnet public, it needs a route to the internet via an Internet Gateway, and instances in the subnet need public IP addresses or Elastic IP addresses.

Question 35

Q

What is a Network Address Translation NAT gateway nat-gw ?

GATEWAY ALLOWS VMI IN PRIV SBNT TO ACCESS INTERNET NO INBOUND

Answer

A

A NAT gateway allows instances in a private subnet to initiate outbound traffic to the internet while preventing inbound traffic initiated by the internet from reaching those instances.

Question 36

Q

Where does a nat-gw live, and what else do you need to associate with the nat-gw?

PUB SBNT/ EIP MAYBE SECURITY GROUP

Answer

A

A NAT gateway lives in the public subnet, and it needs an Elastic IP address EIP associated with it.

Question 37

Q

What is VPC sharing, and what is used to permit sharing? note: within 1 VPC

ACCOUNTS SHARE VPC RESOURCES W RESOURCE PERMISSIONS

The primary concept used to permit sharing within a VPC is the “Resource Share.”

Answer

A

VPC sharing allows multiple accounts to create their resources in a shared VPC. Resource permissions are used to permit sharing.

The primary concept used to permit sharing within a VPC is the “Resource

Question 38

Q

VPC IN OTHER AWS ACCOUNT INTEREGION

What is VPC peering, and what is used to make the connection? note: between multiple VPCs

2 VPC VIA PRIVATE IP LIKE SAME NTWK MY VPC OR VPC AWS ACCOUNT INTER REGI

NO VPN OF DC

Answer

A

A VPC peering connection is a networking connection between two VPCs that enables routing using each VPC’s private IP addresses as if they were in the same network. VPC peering connections can be created between your own VPCs or with a VPC in another AWS account. VPC peering also supports inter-region peering.

VPC peering in Amazon Web Services (AWS) is a networking connection between two Virtual Private Clouds (VPCs) that allows them to communicate with each other as if they were on the same network. VPC peering is a way to connect multiple VPCs and enable the exchange of traffic between them without the need for a VPN (Virtual Private Network) or Direct Connect connection.

Question 39

Q

VPC PEERING

1 TO 1 PEER CONNECT NO TRANSITIVE PEERING

Answer

A

A VPC peering connection is a one to one relationship between two VPCs. You can create multiple VPC peering connections for each VPC that you own, but transitive peering relationships are not supported.

Question 40

Q

VPC PEERING 2

PRIVATE 2 VPCS IPV 4 6 AS IF SAME NTWK

Answer

A

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network.

Question 41

Q

What are 2 ways to connect your AWS VPC with your on-premise data center, and what type of gateway and connection are used for each?

DC/DCG/DC VPN/VPG/VPN

Answer

A

AWS Direct Connect:
Gateway Type: Direct Connect Gateway
Connection Type: Dedicated Connection

AWS VPN (Virtual Private Network):
Gateway Type: Virtual Private Gateway
Connection Type: VPN Connection

Question 42

Q

What type of VLAN standard is used for AWS Direct Connect?

Answer

A

AWS Direct Connect uses 802.1Q VLAN tagging.

Question 43

Q

DIRECT CONNECT PHOTO

Question 44

Q

What type of VLAN standard is used for AWS Direct Connect?

Answer

A

AWS Direct Connect uses 802.1Q VLAN tagging.

Question 45

Q

When do you use a VPC endpoint vpcep-id ?

PRIVATE VPC TO SERVICES WO PUB INTERNET

Answer

A

You use a VPC endpoint when you want to privately connect your VPC to supported AWS services without requiring internet traffic to traverse the public internet.

Question 46

Q

What are the 2 types of endpoints?

IE/PRIVATE LINK SNS SQS GE/S3 DYNAMODB NO NAT DEVICE OR VPN

Answer

A

Interface Endpoints (powered by AWS PrivateLink SNS SQS
Gateway Endpoints (for Amazon S3 and DynamoDB .
Gateway Endpoints:
Interface Endpoints:
VPC Interface Endpoints (for other AWS services): These are used to connect your VPC to other AWS services using a private connection. interface endpoints can be used for various AWS services such as Amazon SNS, Amazon SQS, and others. They provide private connectivity over the AWS network.

VPC Gateway Endpoints (S3 and DynamoDB): These are used to enable private connectivity from within your Virtual Private Cloud (VPC) to Amazon S3 and Amazon DynamoDB, without the need for an internet gateway, NAT device, or VPN connection. Gateway endpoints are associated with a specific VPC and route S3 or DynamoDB traffic directly to the AWS service over the AWS global network.

Question 47

Q

What is an AWS Transit Gateway, and what topology is used with it?

HUB AND SPOKE CENTRAL HUB TO VPC’S VPC TO ON PREMISE

Answer

A

AWS Transit Gateway is a service that enables customers to connect their Amazon VPCs and on-premises networks to a single gateway. The hub-and-spoke topology is used, allowing for a central hub to connect with multiple spoke VPCs and on-premises networks.

Question 48

Q

What is an AWS Transit Gateway, and what topology is used with it? PHOTO

HUB AND SPOKE CENTRAL HUB TO VPC’S VPC TO ON PREMISE

Answer

A

Hub and spoke TGDCVPC

Question 49

Q

Are you charged to transfer data into your S3 bucket, transfer data out within a Region, or transfer data out to a different Region?
100 INTERNET SAME REGION

DOWNLOADAND TRANSFER DATA VIA S3

Answer

A

You pay for all bandwidth into and out of Amazon S3, except for the following: Data transferred out to the internet for the first 100GB per month, aggregated across all AWS Services and Regions (except China and GovCloud) Data transferred in from the internet. Data transferred between S3 buckets in the same AWS Region.

Question 50

Q

What are the 2 firewall options to secure traffic coming in and out of your network?

Answer

A

The two firewall options are Security Groups and Network Access Control Lists (Network ACLs .

Question 51

Q

Where does the security group act at, and what specifically do you attach it to?

INSTANCE FIREWALLWITH IN AND OUT RULES ATTACHED TO VMI

Answer

A

Security groups act at the instance level, and you attach them to instances.

It acts as a virtual firewall for your instances, controlling inbound and outbound traffic based on rules that you define. Specifically, a security group is attached to instances.

Question 52

Q

What is the default rule for security groups?

STATEFUL

Answer

A

The default rule for security groups is to deny all inbound traffic and allow all outbound traffic.

Question 53

Q

Are security groups stateful or stateless, and what type of traffic must be defined?

DEFINE INBOUND RULE OUTBOUND ALLOWS REPONSE

Answer

A

Security groups are stateful, and you only need to define inbound rules as outbound traffic is automatically allowed for the response.

Question 54

Q

Where does the Network Access Control List (Network ACL act at?

SUBNET

Answer

A

Network ACLs act at the subnet level.

Question 55

Q

What are the default rules for Network ACLs?

IN AND OUT

Answer

A

The default rules for Network ACLs are to allow all inbound and outbound traffic.

Question 56

Q

Are Network ACLs stateful or stateless, and what type of traffic must be defined?

Answer

A

Network ACLs are stateless, and you must define both inbound and outbound rules.

Question 57

Q

What is Amazon Route 53 used for?

DNS WEB SERVICE TO ROUTE END USERS TO ENPOINTS GLOBALLY

Answer

A

Amazon Route 53 is a scalable and highly available domain name system (DNS web service designed to route end-user requests to endpoints globally.

Question 58

Q

What types of routing does Route 53 support, and how is each routing option different?

SWF LOCATATION RESOURCE ML

Answer

A

Route 53 supports several routing types, including simple routing, weighted routing, latency-based routing, failover routing, geolocation routing, and multivalue answer routing. Each type of routing has its specific use case, allowing you to configure how traffic is directed to different endpoints.

Simple routing policy – Use for a single resource that performs a given function for your domain, for example, a web server that serves content for the example.com website. You can use simple routing to create records in a private hosted zone.

Failover routing policy – Use when you want to configure active-passive failover. You can use failover routing to create records in a private hosted zone.
Weighted routing policy – Use to route traffic to multiple resources in proportions that you specify. You can use weighted routing to create records in a private hosted zone.

Geolocation routing policy – Use when you want to route traffic based on the location of your users. You can use geolocation routing to create records in a private hosted zone.

Geoproximity routing policy – Use when you want to route traffic based on the location of your resources and, optionally, shift traffic from resources in one location to resources in another location.

Latency routing policy – Use when you have resources in multiple AWS Regions and you want to route traffic to the Region that provides the best latency. You can use latency routing to create records in a private hosted zone.

IP-based routing policy – Use when you want to route traffic based on the location of your users, and have the IP addresses that the traffic originates from.

Multivalue answer routing policy – Use when you want Route 53 to respond to DNS queries with up to eight healthy records selected at random. You can use multivalue answer routing to create records in a private hosted zone.

Question 59

Q

What types of routing does Route 53 support, and how is each routing option different? PRIVATE HOSTED ZONE L ML

MULT AWS REG USER LOCATION ML-53 DNS UP TO 8

Answer

A

Latency routing policy – Use when you have resources in multiple AWS Regions and you want to route traffic to the Region that provides the best latency. You can use latency routing to create records in a private hosted zone.

IP-based routing policy – Use when you want to route traffic based on the location of your users, and have the IP addresses that the traffic originates from.

Multivalue answer routing policy – Use when you want Route 53 to respond to DNS queries with up to eight healthy records selected at random. You can use multivalue answer routing to create records in a private hosted zone.

Question 60

Q

What types of routing does Route 53 support, and how is each routing option different?
S1

S-1 RESORCE WEB SERVER

Answer

A

Route 53 supports several routing types, including simple routing, weighted routing, latency-based routing, failover routing, geolocation routing, and multivalue answer routing. Each type of routing has its specific use case, allowing you to configure how traffic is directed to different endpoints.
Simple routing policy – Use for a single resource that performs a given function for your domain, for example, a web server that serves content for the example.com website. You can use simple routing to create records in a private hosted zone.

Question 61

Q

What is difference between geolocation and geo proximity routing?

USER VS RESOURCE

Answer

A

Geolocation routing policy — Use when you want to route traffic based on the location of users. Geo-proximity routing policy — Use when you want to route traffic based on the location of your resources and optionally switch resource traffic at one location to resources elsewhere.

Question 62

Q

What types of routing does Route 53 support, and how is each routing option different?

SWF LOCATATION RESOURCE ML

Answer

A

Simple routing policy – Use for a single resource that performs a given function for your domain, for example, a web server that serves content for the example.com website. You can use simple routing to create records in a private hosted zone.

Failover routing policy – Use when you want to configure active-passive failover. You can use failover routing to create records in a private hosted zone.

Weighted routing policy – Use to route traffic to multiple resources in proportions that you specify. You can use weighted routing to create records in a private hosted zone.