AWS Networking Flashcards

1
Q

VPC Peering

A
  • AWS provided connection between two VPCs

- No transitive peering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

vpc flow logs

A
  • information about the IP traffic
  • stored using cloudwatchlogs or s3
  • vpc, subnet, network interfaces
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cloudfront Lambda@edge

A
  • used to customize content cloudfront delivers
  • viewer request
  • origin request
  • origin response
  • viewer response
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AWS Cloudfront

A
  • Content deliver network (CDN)
  • Moves content closer to the User
  • Geo Location filtering
  • Uses AWS backbone
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Signed Cookies

A
  • provides control over access to content
  • doesn’t require a url change
  • Used for multiple files
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Signed URL

A
  • Provides control over access to content
  • URL updates
  • for Individual files
  • expires date and time
  • IP Ranges
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CloudFront Origins

A
  • Where the content originates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AWS Managed VPN

A
  • IPsec vpn over your existing network
  • quick and simple tunnel to a vpc
  • used as redundant for DirectConnect
  • Dependent on your INET
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AWS Direct Connect

A
  • Dedicated Network connection to AWS backbone
  • when a large link to AWS is required
  • Lead time > 1 month
  • Not encrypted by default
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Direct Connected + VPN

A
  • Adds IPSec to Direct Connect

- Encrypted tunnels over Direct Connect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Cloudfront Edge Locations

A
  • 100s located in different parts of the world

- Content is pushed and cached at the edge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Software VPN

A
  • Customers provide their own VPN
  • when you must manage both ends for compliance reasons
  • when you must use a vpn option not provided by AWS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Transit VPC

A
  • For Connecting geographically dispersed VPCs and Locations
  • When locations and vpcs across multiple regions need to talk
  • Flexibility with AWS managed vpn
  • Hub and spoke with vpcs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CloudHub

A
  • connect locations in hub/spoke using AWS Private Gateway
  • Used to link remote offices
  • Uses existing INET
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

AWS Security Groups

A
  • Instance level

- Can specify allow not deny

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

AWS Default Security groups

A
  • Can’t be deleted

- Can Change the rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

AWS Subnets

A
  • EC2 instance can have 5 subnets

- Will be assigned to default NACL if not assigned to custom NACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

VPC Interface endpoint

A
  • EC2 in VPC to EC2 in VPC
  • Uses ENI with private IP to connected to PrivateLink
  • Typical ELB as the connection point in PrivateLink
  • Service provider model
  • Secured by security groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

VPC Gateway endpoint

A
  • Used for connection from VPC to S3 or Dynamo DB
  • Uses endpoint policies
  • Prefix list in route table
  • Bucket policies can be added to restrict S3 access
20
Q

NAT Gateway

A
  • Used to allow Private IPs access to INET
  • Download software
  • Goes in Publish Subnet
21
Q

Can VPC Peering with Overlapping IPS

A
  • will fail… IPs cannot overlap.
22
Q

Public Subnets

A
  • Have a route via the Internet gateway to the Internet
23
Q

What type of IP is not considered unique

  • IPv6
  • Elastic IPs
  • IPv4 - Public IPs
  • IPv4 - Private IPs
A

IPv4 Private ips… think 10.x.x.x

24
Q

AWS Private Link

A
  • Service provider … a single service to 1ks of VPCs
  • Doesn’t require VPC peering
  • Requires NLB on Service side and ENI on Client side
25
Q

AWS Global Accelerator

A
  • improves the availability and performance of apps with local or global users
  • Uses the AWS global network to optimize the path from user to app
  • Uses AWS Edge locations
  • Uses 2 static anycast IPs that are globally advertised
  • IPS server as the frontend interface of the application
    • NLB, ALB, or EC2
  • Don’t need to make any client facing changes or update DNS as you modify or replce the endpoints - Static IPs
26
Q

NAT Gateways support outbound traffic only.

A
  • True
27
Q

I have 2 public IPs for my website. I want to increase performance and redundancy using multiple AWS regions behind NLBs.

A

Create an AWS Global Accelerator and attache endpoints in each region
Migrate both IPS to AWS Global Accelerator

28
Q

When using throttling controls with API Gateway, what happens when request submissions exceed the steady state request rate?

A

429 Too Many Requests

29
Q

cost-effective solution for Direct connect backup

A

IPSec VPN and use the same BGP prefix

30
Q

IPsec VPN connection has a virtual private gateway on aws side and customer gateway on the on premise side?

A

True

31
Q

Dedicated tenancy can be changed to Host tenancy and visa versa?

A

True

32
Q

How can VPC services access SQS without traversing the internet?

A

VPV interface endpoint

33
Q

How many AZs can a single subnet map to

A

One

34
Q

Each subnet you create is associated to which route table

A

Main

35
Q

Transfer gbs of data quickly and on a regular basis to an s3 bucket

A

Transfer Acceleration

36
Q

Features and advantages of a vpn

A

Between on prem and vpc using secure and private connection with IPsec and tls

37
Q

What are the default inbound and outbound rules for a new / Custom NACL

A

Deny Inbound

Deny Outbound

38
Q

Should you use CloudFront to help latency within a data center… between the app and the S3 bucket?

A

No… use a Cache for that like Redis.

39
Q

Which should you use for VPC flowlogs…. Interfaces or Subnets

A

Interfaces are more secure

40
Q

Do you need to configure Access Logs on an ELB?

A

Yes… this allows you to get information like requestor, ip, path… that cloudtrail won’t get you.

41
Q

How can you enhance the security of data via CloudFront

A

Field Level encryption

42
Q

Virtual Private Gateway

A
  • Allows VPC to communicate with on prem over VPN for a secure connection.
43
Q

Route 53 Alias Support for

A

Amazon CloudFront distribution – A record (IPv4) or AAAA record (IPv6)
AWS Elastic Beanstalk environment – A record (IPv4)
Elastic Load Balancing (ELB) load balancer – A record (IPv4) or AAAA record (IPv6)
Amazon Simple Storage Service (Amazon S3) bucket – A record (IPv4)
Amazon API Gateway custom regional API and edge-optimized API – A record (IPv4)
Amazon VPC interface endpoint – A record (IPv4)
AWS Global Accelerator – A record (IPv4)
Another Route 53 record in the same hosted zone

44
Q

a private subnet that need to connect to Internet-based hosts using the IPv6 protocol. What needs to be configured to enable this connectivity?

A

An egress only Internet Gateway

45
Q

Internet connectivity for a data-processing application in a VPC…that will pull large amounts of data from an object storage system via the Internet.

A

Attach an internet gateway. since the traffic is going over the internet, a VPC Gateway Endpoint is not an option.

46
Q

An elastic IP is what

A

Public static IP