aws_networking

Question 1

What is a Virtual Private Cloud (VPC)?

Answer 1

isolated network environment in AWS
launch and manage resources like EC2 instances

Question 2

What is a subnet in a VPC?

Answer 2

A subnet is a range of IP addresses within a VPC, where resources like EC2 instances can be placed. Subnets can be designated as public or private based on their accessibility.

Question 3

What is the difference between a public and a private subnet?

Answer 3

A public subnet has a route to the internet via an Internet Gateway, while a private subnet has no direct internet access and is typically used for backend resources.

Question 4

What is an Internet Gateway in AWS?

Answer 4

An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between resources in a VPC and the internet.

Question 5

What is a NAT Gateway, and why is it used?

Answer 5

A NAT Gateway enables resources in a private subnet to access the internet while blocking inbound traffic, enhancing security by not exposing these resources directly to the internet.

Question 6

What is VPC Peering?

Answer 6

VPC Peering allows two VPCs to communicate directly using private IP addresses, enabling seamless communication across VPCs in the same or different AWS accounts.

Question 7

What is a Transit Gateway, and how is it different from VPC Peering?

Answer 7

A Transit Gateway allows multiple VPCs and on-premises networks to connect through a single point, offering a hub-and-spoke model that scales better than VPC Peering for complex networks.

Question 8

What are CIDR blocks in the context of VPCs?

Answer 8

CIDR blocks are IP address ranges assigned to VPCs, which determine the range of IP addresses available for resources within the VPC.

Question 9

Why is CIDR planning important in VPC design?

Answer 9

Proper CIDR planning ensures efficient use of IP addresses, minimizes the risk of overlapping IP ranges, and allows for future expansion.

Question 10

What factors should be considered when assigning CIDR blocks in VPC design?

Answer 10

number of expected resources
the need for private/public subnets
future growth when assigning CIDR blocks.

Question 11

How do security groups differ from Network ACLs (NACLs)?

Answer 11

Security groups act as virtual firewalls for instances, controlling inbound and outbound traffic at the instance level, while NACLs control traffic at the subnet level.

Question 12

What is a default security group?

Answer 12

A default security group is automatically created in each VPC and allows all inbound traffic from instances in the same security group, while outbound traffic is unrestricted by default.

Question 13

What is the purpose of Network ACLs?

Answer 13

Network ACLs (NACLs) are stateless filters that allow or deny traffic at the subnet level, providing an additional layer of security beyond security groups.

Question 14

Can NACLs be used to block specific IP addresses?

Answer 14

Yes, NACLs can be used to block or allow specific IP addresses, but they are stateless, meaning you need to add rules for both inbound and outbound traffic.

Question 15

What is subnetting?

Answer 15

Subnetting is dividing a larger network (e.g., a VPC) into smaller, logical sub-networks, or subnets, to control and organize resources.

Question 16

What is the advantage of having multiple Availability Zones (AZs) in subnet planning?

Answer 16

Using multiple AZs provides high availability and fault tolerance, ensuring that resources remain accessible even if an AZ experiences issues.

Question 17

What is the purpose of a route table in a VPC?

Answer 17

defines how traffic is directed within a VPC and between subnets, as well as how traffic reaches the internet via an Internet Gateway or NAT Gateway.

Question 18

How do you route traffic from a private subnet to the internet?

Answer 18

To route traffic from a private subnet to the internet, use a NAT Gateway in a public subnet and configure the route table to direct traffic through the NAT Gateway.

Question 19

What are the main limitations of VPC Peering?

Answer 19

VPC Peering does not support transitive routing, meaning you cannot route traffic from one VPC to another through an intermediary VPC.

Question 20

What is the pricing model for Transit Gateways?

Answer 20

Transit Gateways are billed based on the number of attachments (VPCs or VPNs) and data transfer, making it scalable but potentially costly for complex networks.

Question 21

How do you ensure high availability when configuring NAT Gateways?

Answer 21

Deploy NAT Gateways in multiple AZs and configure private subnets to route through the NAT Gateway in the same AZ, providing redundancy.

Question 22

What is the maximum number of IP addresses available in a VPC?

Answer 22

Each VPC can be assigned a CIDR block of up to /16, providing up to 65,536 IP addresses, though smaller blocks can be allocated for smaller VPCs.

Question 23

How many IP addresses are reserved in each subnet, and why?

Answer 23

AWS reserves five IP addresses in each subnet for internal purposes, such as network management and routing.

Question 24

What is a default VPC, and what are its characteristics?

Answer 24

A default VPC is created by AWS in each region with a /16 CIDR block, public subnets, an Internet Gateway, and default security groups for immediate use.

Question 25

What is the difference between stateful and stateless security in AWS?

Answer 25

Stateful security (e.g., security groups) tracks connection state and automatically allows return traffic, while stateless security (e.g., NACLs) does not track connection state.

Question 26

What does CIDR stand for and why is it used?

Answer 26

CIDR stands for Classless Inter-Domain Routing. It is used to allocate IP addresses more efficiently and reduce the size of routing tables.

Question 27

How is a CIDR notation written

Answer 27

CIDR notation is written as an IP address followed by a forward slash and a number, like 192.168.1.0/24

Question 28

What does the number after the slash in CIDR notation (e.g., /24) represent?

Answer 28

The number indicates the number of bits used for the network portion of the address.

Question 29

How many IP addresses are available in a /24 subnet?

Answer 29

A /24 subnet has 256 IP addresses (254 usable for hosts).

Question 30

What does a /32 CIDR notation represent?

Answer 30

A /32 CIDR notation represents a single IP address.