AWS Networking

Question 1

What is Global Accelarator?

Answer 1

An AWS service that allows users to connect their remote branches to the closest point in the AWS system.

Question 2

Subnet in AWS is?

Answer 2

Confined in an AZ

Question 3

True or False: Security group is locked down in an AZ?

Answer 3

False. Security Group is locked down to a VPC/region

Question 4

What is a security group best practice?

Answer 4

Recommendation is 1 security group per instance.

Question 5

True or False: Is NACL stateful?

Answer 5

False. NACL is stateless.

Question 6

True or False: Is Security group stateful?

Answer 6

True.

Question 7

What are the AWS Gateways and it’s purpose?

Answer 7

INTVDC.
Internet Gateway - provides internet connectivity.
NAT Gateway - provides Internet connectivity for private subnets.
Transit Gateway - allows VPC VPC peering and VPC On-prem connectivity.
Virtual Private Gateway - Allows IPSec tunnel connectivity.
Direct Connect Gateway - leased line connected to AWS.
Customer Gateway - customer device.

Question 8

Why is AWS TGW better than VPC peering?

Answer 8

AWS Transit Gateway is transitive while VPC peering is not. VPC peering requires full mesh peering with other VPC.

Question 9

How many VPC attachments per TGW?

Answer 9

5000 VPC attachments per TGW

Question 10

What is the TGW attachment bandwidth?

Answer 10

50 Gbps at burst not sustained.

Question 11

What are the TGW limitations?

Answer 11

• Route table configurations on VPCs.
• No overlapping IP support.
• IPSec tunnel is limited to 1.25Gbps.

Question 12

What is the maximum BGP routes per routing table?

Answer 12

100