AWS Networking

Question 1

What is the role of subnets in a VPC?

Answer 1

Subnets in a VPC are used to group resources based on security or operational needs. They allow you to organize your resources and establish boundaries within the VPC. Subnets can be public or private, with public subnets containing resources accessible by the public and private subnets containing resources accessible only through your private network.

Question 2

What is the purpose of a network access control list (ACL) in a VPC?

Answer 2

A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level. It checks packet permissions for subnets, determining who sent the packet and how it is trying to communicate with the resources in a subnet. Network ACLs perform stateless packet filtering and can be used to customize the traffic allowed or denied at the subnet level.

Question 3

What is the function of a security group in a VPC?

Answer 3

A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance. It provides security at the instance level and can be used to configure custom rules for traffic. Security groups perform stateful packet filtering, meaning they remember previous decisions made for incoming packets. By default, security groups deny all inbound traffic and allow all outbound traffic, but you can add custom rules to control the traffic.

Question 4

What is the difference between network ACLs and security groups in a VPC?

Answer 4

Network ACLs operate at the subnet level and control inbound and outbound traffic. They perform stateless packet filtering, meaning they evaluate each packet crossing the subnet border independently. Network ACLs remember nothing about previous packets. On the other hand, security groups operate at the instance level and control inbound and outbound traffic for individual instances. They perform stateful packet filtering, remembering previous decisions made for incoming packets. Security groups are associated with instances, while network ACLs are associated with subnets.

Question 5

What is the default behavior of a network ACL in a VPC?

Answer 5

By default, the default network ACL in an AWS account allows all inbound and outbound traffic. However, you can modify it by adding your own rules. All network ACLs, including the default one, have an explicit deny rule at the end of the rule list. If a packet doesn’t match any of the other rules, it is denied.

Question 6

What is the default behavior of a security group in a VPC?

Answer 6

By default, a security group denies all inbound traffic and allows all outbound traffic. You can customize the rules to specify which traffic to allow or deny. When a packet response returns to an instance, the security group remembers the previous request and allows the response to proceed, regardless of inbound security group rules.

Question 7

What is Network Address Translation (NAT) Gateway in Amazon VPC?

Answer 7

NAT Gateway allows instances within a private subnet to initiate outbound internet traffic while keeping them protected from inbound traffic. It provides internet connectivity for instances without exposing them directly to the internet.

Question 8

What is a Virtual Private Gateway in Amazon VPC?

Answer 8

A Virtual Private Gateway is a VPN connection termination point on the AWS side of a VPN connection. It allows you to establish a secure, encrypted connection between your VPC and your on-premises network or another VPC.

Question 9

What is VPC Peering in Amazon VPC?

Answer 9

VPC Peering allows you to connect two VPCs together, enabling communication between them using private IP addresses as if they were part of the same network. It can be used to share resources or communicate between different environments.

Question 10

What is Direct Connect in Amazon VPC?

Answer 10

AWS Direct Connect is a service that enables you to establish a dedicated private connection between your data center and a VPC. It provides a direct, private link between your network and AWS without having to use the public internet. It helps reduce network costs and increase bandwidth for your network traffic.

Question 11

How does AWS Direct Connect work?

Answer 11

AWS Direct Connect works by establishing a dedicated private connection, similar to a private hallway, between your data center and a VPC. Only the residents (in this case, your organization) have access to this private connection, allowing them to directly access resources in the VPC without using the public road (shared internet).

Question 12

What are the benefits of AWS Direct Connect?

Answer 12

The benefits of AWS Direct Connect include reduced network costs and increased bandwidth for your network traffic. It provides a more reliable and consistent connection compared to using the public internet. It also enhances security by keeping the network traffic within a dedicated private connection.

Question 13

Which statement best describes an AWS account’s default network access control list?

It is stateless and denies all inbound and outbound traffic.

It is stateful and allows all inbound and outbound traffic.

It is stateless and allows all inbound and outbound traffic.

It is stateful and denies all inbound and outbound traffic.

Answer 13

The correct response option isIt is stateless and allows all inbound and outbound traffic.

Network access control lists (ACLs) performstatelesspacket filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound.

Each AWS account includes a default network ACL. When configuring your VPC, you can use your account’s default network ACL or create custom network ACLs.

By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic should be allowed. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied.

Question 14

What is DNS resolution?

Answer 14

DNS resolution is the process of translating a domain name to an IP address.

Question 15

How does DNS resolution work?

Answer 15

When a user enters a domain name into their browser, a DNS server communicates with a web server to obtain the corresponding IP address for that domain name.

Question 16

What is DNS in the context of the internet?

Answer 16

DNS (Domain Name System) is like the phone book of the internet. It translates domain names to IP addresses.

Question 17

What is Amazon Route 53?

Answer 17

Amazon Route 53 is a DNS web service provided by AWS. It allows developers and businesses to route end users to internet applications hosted in AWS.

Question 18

What infrastructure can Amazon Route 53 route user requests to?

Answer 18

Amazon Route 53 can route user requests to infrastructure running in AWS, such as Amazon EC2 instances and load balancers. It can also route requests to infrastructure outside of AWS.

Question 19

What additional feature does Amazon Route 53 provide?

Answer 19

Amazon Route 53 allows you to manage DNS records for domain names. You can register new domain names directly in Route 53 and transfer DNS records for existing domain names from other registrars.

Question 20

How does Amazon Route 53 work with Amazon CloudFront?

Answer 20

Amazon Route 53 uses DNS resolution to identify the IP address of an application, and then Amazon CloudFront delivers the content to the user from the nearest edge location.

Question 21

What is an Auto Scaling group?

Answer 21

An Auto Scaling group is a group of Amazon EC2 instances that automatically scales in or out based on demand. It helps ensure high availability and scalability of applications.

Question 22

What is an Application Load Balancer?

Answer 22

An Application Load Balancer is a load balancing option provided by AWS. It distributes incoming traffic to multiple Amazon EC2 instances attached to it.

Question 23

How does the combination of Amazon Route 53 and Amazon CloudFront deliver content?

Answer 23

When a customer requests data from an application, Amazon Route 53 uses DNS resolution to identify the corresponding IP address. The request is then sent to the nearest edge location through Amazon CloudFront, which connects to the Application Load Balancer and forwards the request to an Amazon EC2 instance.

Question 24

Which statement best describes security groups? They are stateful and deny all inbound traffic by default.
They are stateful and allow all inbound traffic by default.
They are stateless and deny all inbound traffic by default.
They are stateless and allow all inbound traffic by default.

Answer 24

The correct response option is Security groups are stateful and deny all inbound traffic by default.

Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance.

By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.

Security groups in AWS are stateful, which means that if you allow inbound traffic for a specific request, the corresponding outbound traffic for the response is automatically allowed.
By default, security groups have an inbound traffic rule that denies all incoming traffic. This means that no inbound connections are allowed unless explicitly specified in the security group rules.

Question 25

What is inbound or outbound traffic ?

Answer 25

Inbound traffic: It refers to the data packets or network communication that is coming into a network or a specific resource (such as a server or an instance) from external sources. In other words, it represents the incoming data from outside the network or resource.

Outbound traffic: It refers to the data packets or network communication that is leaving a network or a specific resource and heading towards external destinations. It represents the outgoing data from the network or resource to the outside world.

Question 26

What are the benefits of using a VPC?

Answer 26

Security: A VPC provides a layer of security for your AWS resources by isolating them from the public internet.
Control: You have complete control over the network configuration of your VPC, including the subnets, route tables, and security groups.
Scalability: You can easily scale your VPC as your needs grow.
Cost-effectiveness: You only pay for the resources that you use in your VPC.

Question 27

How do I create a VPC?

Answer 27

You can create a VPC using the AWS Management Console, the AWS CLI, or the AWS SDKs.

Question 28

How do I configure a VPC?

Answer 28

Once you have created a VPC, you need to configure it by adding subnets, route tables, and security groups.

Question 29

What are security groups and how do I use them?

Answer 29

Security groups are virtual firewalls that control incoming and outgoing network traffic to your AWS resources. You can use security groups to control which IP addresses can access your resources, and what ports they can access.

Question 30

What are network ACLs and how do I use them?

Answer 30

Network ACLs are another layer of security for your VPC. They control incoming and outgoing network traffic at the subnet level. Network ACLs are less granular than security groups, but they can be used to control traffic to and from multiple subnets.

Question 31

How do I connect my VPC to the internet?

Answer 31

You can connect your VPC to the internet using a NAT gateway, an internet gateway, or a VPN connection.

Question 32

How do I route traffic within my VPC?

Answer 32

You can route traffic within your VPC using route tables. Route tables define how traffic is routed between subnets and internet gateways.

Question 33

How do I connect my VPC to another VPC?

Answer 33

You can connect your VPC to another VPC using VPC peering. VPC peering allows you to route traffic between two VPCs without having to use the internet.

Question 34

What are some best practices for AWS networking?

Answer 34

Use security groups to control access to your resources.
Use network ACLs to provide an additional layer of security.
Isolate your production workloads from your development and testing workloads.
Use a different subnet for each type of workload.
Use route tables to control how traffic is routed within your VPC.
Use VPC peering to connect your VPCs to each other.
Use AWS Direct Connect to connect your on-premises network to AWS.

Question 35

What is the difference between a VPC and a VPN?

Answer 35

A VPC is a virtual private cloud that is isolated from the public internet. A VPN is a virtual private network that creates a secure connection between two or more networks over the internet.

Question 36

What are the different types of VPC peering?

Answer 36

• Bidirectional peering: This allows you to route traffic between two VPCs in both directions.
• Unidirectional peering: This allows you to route traffic from one VPC to another VPC in one direction only.

Question 37

What is AWS Direct Connect?

Answer 37

AWS Direct Connect is a dedicated network connection between your on-premises network and AWS. This can provide a more reliable and secure connection than using the internet.

Question 38

How do I use AWS Global Accelerator?

Answer 38

AWS Global Accelerator is a service that improves the performance of your applications by routing traffic to the nearest AWS edge location. This can reduce latency and improve the overall user experience.

Question 39

What is Amazon Route 53?

Answer 39

Amazon Route 53 is a cloud-based DNS service that allows you to route traffic to your AWS resources. This can help you to improve the availability and performance of your applications.

Question 40

What is a NAT gateway?

Answer 40

A NAT gateway is a network address translation (NAT) device that allows you to connect your VPC to the internet. It translates private IP addresses in your VPC to public IP addresses on the internet.

Question 41

What is AWS CloudFront?

Answer 41

AWS CloudFront is a content delivery network (CDN) that can help you to deliver your content to users around the world with high availability and low latency.

Question 42

What is a transit VPC?

Answer 42

A transit VPC is a VPC that is used to connect multiple VPCs to each other. It provides a central routing point for traffic between the VPCs.

Question 43

What is a VPC endpoint?

Answer 43

A VPC endpoint is a private connection between your VPC and a specific AWS service. This can provide a more secure and reliable connection than using the internet.

Question 44

What is AWS PrivateLink?

Answer 44

AWS PrivateLink is a service that allows you to create private connections between your VPCs and AWS services. This can provide a more secure and reliable connection than using the internet.

Question 45

What are some of the challenges of AWS networking?

Answer 45

• Security: It can be difficult to secure your VPCs and the traffic that flows between them.
• Scalability: It can be difficult to scale your VPCs as your needs grow.
• Cost: It can be expensive to use some of the AWS networking services.