Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

*AWS -Study Group Cert -Solutions Architect Associate Vol 1* > AWS - VPC - Study Group 1 > Flashcards

AWS - VPC - Study Group 1 Flashcards

1
Q

How many internet gateways can I attach to my custom VPC

A

1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security groups act like a firewall at the instance level, whereas _________ are an additional layer of security that act at the subnet level

A

Network ACL’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

By default, how many VPCs am I allowed in each AWS Region?

A

5

The limit for internet gateways per region is directly correlated to this one. Increasing this limit increases the limit on internet gateways per region by the same amount.

The number of VPCs in the region multiplied by the number of security groups per VPC cannot exceed 5000.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

VPC stands for

A

Virtual Private Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Select the incorrect statement below.

  1. In Amazon VPC, an instance retains its private IP.
  2. It is possible to have private subnets in VPC.
  3. In Amazon VPC, an instance does NOT retain its private IP.
  4. You may have only 1 internet gateway per VPC.
A

In Amazon VPC, an instance does NOT retain its private IP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You are setting up a VPC and you need to set up a public subnet within that VPC. Which following
requirement must be met for this subnet to be considered a public subnet?

A. Subnet’s traffic is not routed to an internet gateway but has its traffic routed to a virtual private gateway.
B. Subnet’s traffic is routed to an internet gateway.
C. Subnet’s traffic is not routed to an internet gateway.
D. None of these answers can be considered a public subnet.

A

B. Subnet’s traffic is routed to an internet gateway.

Explanation:
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from
other virtual networks in the AWS cloud. You can launch your AWS resources, such as Amazon EC2
instances, into your VPC. You can configure your VPC: you can select its IP address range, create subnets,
and configure route tables, network gateways, and security settings.
A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a subnet that you
select. Use a public subnet for resources that must be connected to the internet, and a private subnet for
resources that won’t be connected to the Internet.
If a subnet’s traffic is routed to an internet gateway, the subnet is known as a public subnet.
If a subnet doesn’t have a route to the internet gateway, the subnet is known as a private subnet.
If a subnet doesn’t have a route to the internet gateway, but has its traffic routed to a virtual private gateway,
the subnet is known as a VPN-only subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What aspect of an Amazon VPC is stateful?

  1. Network ACLs
  2. Security groups
  3. Amazon DynamoDB
  4. Amazon S3
A

Security groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is the security protocol supported by Amazon VPC?

  1. SSH
  2. Advanced Encryption Standard (AES)
  3. Point-to-point Tunneling Protocol (PPTP)
  4. IPsec
A

IPSec is the security protocol supported by Amazon VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What properties of am Amazon VPC must be specified at the time of creation? (Choose 2)

  1. The CIDR block representing the IP address range
  2. One of more subnets for the Amazon VPC
  3. The region for the Amazon VPC
  4. Amazon VPC Peering relationships
A

A, C
The CIDR block is specified upon creation and cannot be changed. An Amazon VPC is associated with exactly one region which must be specified upon creation. You can add a subnet to an Amazon VPC any time after it has been created, provided its address range falls within the Amazon VPC CIDR block and does not overlap with the address range of any existing CIDR block. You can set up peering relationships between Amazon VPCs after they have been created.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the minimum sized subnet you can have in a Amazon VPC?

  1. /24
  2. /26
  3. /28
  4. /30
A

/28

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

List 5 Main Components of a VPC

A 
Internet Gateways (or Virtual Private Gateways) 
Route Tables 
NACLs 
Subnets 
Security Groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Are NACLs Stateless?

Yes or No?

A

yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When you create a VPC, what things are automatically created?

A

Default Route Table
Default NACL
Default VPC Security Group

no IGW
no Subnets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What’s the difference between

Egress Only Internet Gateway and NAT Gateway?

A

Egress only is for IPv6

NAT Gateway is for IPv4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How many public subnets do you need in order to deploy an application load balancer?

A

at least 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q 
Which of the following Amazon VPC resources would you use in order for EC2-VPC instances to send traffic directly to Amazon S3?
A. Amazon S3 gateway
B. IGW
C. CGW
D. VPC endpoint
A

D. An Amazon VPC endpoint enables you to create a private connection between your Amazon VPC and another AWS service without requiring access over the Internet or through a NAT device, VPN connection, or AWS Direct Connect.

17
Q

What properties of an Amazon VPC must be specified at the time of creation? (Choose 2 answers)
A. The CIDR block representing the IP address range
B. One or more subnets for the Amazon VPC
C. The region for the Amazon VPC
D. Amazon VPC Peering relationships

A

A, C. The CIDR block is specified upon creation and cannot be changed. An Amazon VPC is associated with exactly one region which must be specified upon creation. You can add a subnet to an Amazon VPC any time after it has been created, provided its address range falls within the Amazon VPC CIDR block and does not overlap with the address range of any existing CIDR block. You can set up peering relationships between Amazon VPCs after they have been created.

18
Q

How many subnets can I create per VPC?

A

Currently you can create 200 subnets per VPC. If you would like to create more, please submit a case at the support center.

19
Q

What is the subnet size for the IPv6?

A

/64

For IPv6, the subnet size is fixed to be a /64. Only one IPv6 CIDR block can be allocated to a subnet.

20
Q

If an Amazon EC2 instance is stopped within a VPC, can I launch another instance with the same IP address in the same VPC?

A

No.

An IP address assigned to a running instance can only be used again by another instance once that original running instance is in a “terminated” state.

21
Q

How many Elastic IP addresses per region are allowed in VPC?

A

5

This is the limit for the number of Elastic IP addresses for use in EC2-VPC. For Elastic IP addresses for use in EC2-Classic, see Amazon EC2 Limits in the “Amazon Web Services General Reference.”

22
Q

How many Customer gateways per region in the VPC?

A

50

AWS VPC has limits for various components in a region. Most of these are soft limits and can be increased by contacting AWS support from the AWS console and submitting a request by filling the Amazon VPC limits form available in the AWS console.

23
Q

How many Internet gateways per region are allowed in a VPC?

A

5

AWS VPC has limits for various components in a region. Most of these are soft limits and can be increased by contacting AWS support from the AWS console and submitting a request by filling the Amazon VPC limits form available in the AWS console.

24
Q

How many Network ACLs are allowed per VPC?

A

200

AWS VPC has limits for various components in a region. Most of these are soft limits and can be increased by contacting AWS support from the AWS console and submitting a request by filling the Amazon VPC limits form available in the AWS console.

25
Q

How many Route tables are allowed per VPC

A

200

AWS VPC has limits for various components in a region. Most of these are soft limits and can be increased by contacting AWS support from the AWS console and submitting a request by filling the Amazon VPC limits form available in the AWS console.

26
Q

Can I assign IP addresses for multiple instances simultaneously?

A

No. You can specify the IP address of one instance at a time when launching the instance.

27
Q

Can I assign multiple IP addresses to an instance?

A

Yes. You can assign one or more secondary private IP addresses to an Elastic Network Interface or an EC2 instance in Amazon VPC. The number of secondary private IP addresses you can assign depends on the instance type. See EC2 User Guide for more information on the number of secondary private IP addresses that can be assigned per instance type.

28
Q

Can I modify the VPC route tables?

A

Yes. You can create route rules to specify which subnets are routed to the Internet gateway, the virtual private gateway, or other instances.

29
Q

Can I specify which subnet will use which gateway as its default?

A

Yes. You may create a default route for each subnet. The default route can direct traffic to egress the VPC via the Internet gateway, the virtual private gateway, or the NAT gateway.

30
Q

Within Amazon VPC, can I use SSH key pairs created for instances within Amazon EC2, and vice versa?

A

Yes

31
Q

Can Amazon EC2 instances within a VPC communicate with Amazon EC2 instances not within a VPC?

A

Yes. If an Internet gateway has been configured, Amazon VPC traffic bound for Amazon EC2 instances not within a VPC traverses the Internet gateway and then enters the public AWS network to reach the EC2 instance. If an Internet gateway has not been configured, or if the instance is in a subnet configured to route through the virtual private gateway, the traffic traverses the VPN connection, egresses from your datacenter, and then re-enters the public AWS network.

32
Q

Can Amazon EC2 instances within a VPC communicate with Amazon S3?

A

Yes. There are multiple options for your resources within a VPC to communicate with Amazon S3. You can use VPC Endpoint for S3, which makes sure all traffic remains within Amazon’s network and enables you to apply additional access policies to your Amazon S3 traffic. You can use an Internet gateway to enable Internet access from your VPC and instances in the VPC can communicate with Amazon S3. You can also make all traffic to Amazon S3 traverse the Direct Connect or VPN connection, egress from your datacenter, and then re-enter the public AWS network.

33
Q

What can I use to monitor the network traffic in my VPC?

A

You can use the Amazon VPC Flow Logs feature to monitor the network traffic in your VPC.

34
Q

How many IPv6 CIDR blocks can I have per VPC?

A

1

This limit cannot be increased.

35
Q

How many IPv4 CIDR blocks can I have per VPC?

A

5 This limit is made up of your primary CIDR block plus 4 secondary CIDR blocks.

*AWS -Study Group Cert -Solutions Architect Associate Vol 1* (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions