AWWSS

Question 1

This is ultimately about transporting data to and from your AWS resources. How you achieve this depends on many factors including

Answer 1

Networking
-type of data, the speed of data, transport, your security requirements, who or what will be accessing that data and how they’ll be accessing it.

Question 2

AWS’s Core Networking Services

Answer 2

• Virtual Private Cloud
• Route 53
• CloudFront

Question 3

Provides the network backbone for many AWS services. A private virtual cloud is a virtual network in the cloud that’s logically isolated from other networks.

Answer 3

Amazon Virtual Private Cloud (VPC) service

Question 4

The most well-known use of VPCs

Answer 4

Connecting EC2 instances together and to other AWS services and networks, including the internet.

Question 5

Each VPC requires this to define the range of IP version 4 (IPv4) addresses that resources within the VPC can use.

Answer 5

Classless Inter-Domain Routing (CIDR) block

Must choose a size between /16 and /28. The smaller the CIDR size, the greater the number of IP addresses available to the VPC.

The IPv6 CIDR will be a global unicast IPv6 address with a size of /56.

Question 6

Provides logical separation and isolation of resources within the same VPC. Like a VPC, you must define a CIDR for each subnet.

Answer 6

Subnet

• Each subnet exists only within a single Availability Zone.
• Each EC2 instance exists within a subnet.

Question 7

A VPC resource that allows EC2 instances to obtain a public IP address and access the internet.

Answer 7

Internet Gateway

Question 8

A subnet with a default route to an internet gateway

Answer 8

Public Subnet

• Each instance must also have a public IP Address.
• Elastic IP Address can be reassigned to different instances.

Question 9

A firewall that determines what network traffic can pass into and out of an instance. Consists of inbound and outbound rules.

Answer 9

Security Group

• Inbound Rules: Control what IP address can send traffic to an instance. By default, security groups do not contain inbound rules.
• Outbound Rules: Control what IP address an instance may send traffic to.

Question 10

A firewall that operates at the subnet level. Consists of inbound and outbound rules that by default allow all traffic. It cannot restrict traffic between instances in the same subnet, BUT it can prevent traffic from entering or leaving a subnet. Each VPC has a default NACL that can be associated with one or more subnets.

Answer 10

A network access control list (NACL)

Question 11

A private point-to-point connection between only two VPCs. Allows resources in different VPCs to communicate with each other over the private AWS network instead of internet.

Answer 11

VPC peering connection

Question 12

Allows you to connect a VPC to an external network, such as a data center via a secure connection that transverses the public internet.

Answer 12

Virtual Private Network (VPN)

-To set up a VPN connection, you create a virtual private gateway and attach it to a VPC. You then configure your customer gateway- a physical or virtual router or firewall on your network - to connect to the virtual private gateway. IP routing can be configured statically or you can use the Border Gateway Protocol (BGP)

Question 13

Provides private network connectivity to your VPC and public services such as Amazon S3 and Glacier

Answer 13

Direct Connect

• This does not provide internet access. These links are offered through APN partners. If you need fast, consistent connectivity to AWS, this is a good option versus connecting via the internet, but more expensive.
• You need less than 1 Gbps of bandwidth, you can obtain a hosted Direct Connect connection from a APN partner.

Question 14

is Amazon’s global Domain Name System (DNS) service. The primary purpose is to translate human-readable domain names into IP addresses.

Answer 14

Route 53

Question 15

The process of translating a domain name to an IP address is called

Answer 15

Name Resolution

Question 16

DNS can store mappings for different types of data including

Answer 16

IPv6 addresses, mail servers and even arbitrary text.

Question 17

A resource record consists of several fields

Answer 17

name, type and value

Question 18

To ensure that no two entities try to use the same domain name, anyone who wants to have a public domain name, must register with this_____. When you register a domain name, you must do so under a top-level domain (TLD) such as .com, .net.

Answer 18

Domain Registrar

-Route 53 is a domain registrar for hundreds of TLDS. Route 53 is both a registrar and a DNS hosting provider.

Question 19

To have Route 53 host the DNS for a public domain name, you need to create this

Answer 19

a public hosted zone and specify the domain name.

Question 20

Provide DNS resolution for a single domain name within multiple VPCs. This is useful for assigning user-friendly domain names to VPC resources such as EC2 instances or application load balancers. Because private domain names aren’t accessible from the internet, there are no registrars, so you can pick any domain name you want.

Answer 20

Route 53 Private Hosted Zones

Question 21

Routing Polices for Resource Records: are used to make routing decisions based on policies set by the network administrator. When you want the value of a resource record to change dynamically to work around failures or ensure users get pointed to the least busy server.

Answer 21

1. Simple Routing Policy - default
2. Weighted Routing Policy
3. Latency Routing Policy
4. Failover Routing Policy
5. Geolocation Routing Policy
6. Multivalue Answer Routing Policy

Question 22

Default. It lets you map a domain name to a single static value, such as an IP address. It doesn’t check whether the resource the record points to is available.

Answer 22

Simple Routing Policy

Question 23

Distributes traffic across multiple resources according to a ratio.

Answer 23

Weighted Routing Policy

Question 24

Sends users to resources in the AWS Region that’s closest to them.

Answer 24

Latency Routing Policy

Question 25

Lets you route traffic to a primary resource unless it’s unavailable. Then it will be redirected to a secondary resource.

Answer 25

Failover Routing Policy

Question 26

Lets you route users based on their specific continent, country or state

Answer 26

Geolocation Routing Policy

Question 27

Allows you to evenly distribute traffic across multiple resources.

Answer 27

Multivalue Answer Policy

Question 28

What is the difference between Weighted policies and a Multivalue Answer Policy

Answer 28

weighted return a single record, while multi-value answer policy returns all records, sorted in a random order

Question 29

Route 53: All routing policies with the exception of Simple, can use health checks to determine whether they should route users to a given resource. All health checks occur every 10 sec or 30 sec. A health check can check one of three things:

Answer 29

1. An Endpoint: Work by connecting to the endpoint you want to monitor via HTTP, HTTPS or TCP. Route53 can have health checks in several AWS Region. This ensures that an end point is reachable from various locations around the world.
2. A CloudWatch alarm: A route 53 health check can monitor the status of a CloudWatch alarm. Useful if you want to consider a resource unhealthy if it’s experiencing high latency or is serving a high number of connections.
3. Calculated: This type of health check monitors the status of other health checks. Can calculate multiple health checks.

Question 30

Traffic Flow for Route 53: To create a diagram to represent the desired routing. The diagram you create represents a traffic policy that you can save and associate with a domain name by creating a policy record. Route 53 doesn’t create the individual resource records but instead hides the routing behind the single policy record.

Answer 30

Route 53 Traffic Flow Visual Editor

Question 31

Traffic Flow Routing Policies

Answer 31

1. Simple
2. Weighted
3. Latency
4. Failover
5. Geolocation
6. Multivalue
7. Geoproximity routing policy - only available for Traffic Flow. Let’s you direct users to a resource based on how close they are to a geographic location.

Question 32

A content delivery network (CDN) that helps deliver static and dynamic web content to users faster than just serving it out of an AWS Region. This solves it by caching your content in a number of data centers called edge locations. By putting your content in edge locations, it increases the availability of your content because copies of it are stored in multiple edge locations.

Answer 32

CloudFront

Question 33

To make your content available via CloudFront, you must create a distribution. A distribution defines the type of content you want CloudFront to cache, as well as the contents orgin -where CloudFront should retrieve the content from. There are two types of distributions

Answer 33

1. Web: Most common type. Used for static/dynamic content use as web pages, graphic files and live or on demand streaming videos.
2. Real-Time Messaging Protocol (RTMP)

Question 34

Used for static and dynamic content such as web pages, graphic files and live or on demand streaming videos. Users can access these via HTTP or HTTPS. To create this you must specify an orgin to act as the authoritative source for your content. An orgin can be a web server or a public S3 bucket. You can’t use nonpublic S3 Buckets.

Answer 34

Web Distribution

-most common type of distribution for cloudfront.

Question 35

Used to deliver streaming video or audio content to end users. To set up this you must provide both a media player and media files to stream, and these must be stored in S3 buckets.

Answer 35

Real-Time Messaging Protocol (RTMP)

Question 36

Provides the virtual network infrastructure for many AWS resources, must notably EC2.

Answer 36

Virtual Private Cloud (VPC)

Question 37

VPCs can connect to other networks, including the following

Answer 37

• The internet via an internet gateway
• External, private networks via Direct Connect or a Virtual Private Network (VPN)
• Other VPCs using VPC peering

Question 38

To use Route 53 for name resolution within a VPC, you must create a

Answer 38

Private Hosted Zone

Question 39

To use Route 53 with a public domain you must create a

Answer 39

Public Hosted Zone

Question 40

Amazon’s content delivery network (CDN). It improves delivery of data to end users by storing content in edge locations around the world. When a user connects to a ___distribution to retrieve content, ____serves the content from the edge location that will give them the best performance

Answer 40

CloudFront

Question 41

What are the key components of VPC

Answer 41

at least 1 subnet, security groups, network access control lists (NACLs) and internet gateways

Question 42

Allows anyone on the internet to resolve records for the associated domain name

Answer 42

Public Hosted Zone

Question 43

Allows resolution only from resources within the associated VPCs

Answer 43

Private Hosted Zone

Question 44

If you need to direct users based on their specific location, use this Route 53 routing policy

Answer 44

Geolocation Routing Policy

Question 45

Designed to give users the fastest possible access to content regardless of their physical location. Helps ensure that your content is always close to your users

Answer 45

CloudFront

Question 46

What are Route 53 Services

Answer 46

1. Register new domain names

2. Provide DNS Hosting

Question 47

What is true of a default VPC

Answer 47

• AWS creates a default VPC in each Region.

- By default, each default VPC is available to one AWS Account.

Question 48

What is true about a subnet

Answer 48

• A subnet must have a CIDR that’s a subset of the CIDR of the VPC in which it resides.
• A subset spans one Availability zone

Question 49

What is true of a new security group

Answer 49

It contains an outbound rule allowing access to any IP address

Question 50

Whats the difference between a security group and a network access control list

Answer 50

bd

• A security group operates at the instance level.
• A network access control list operates at the subnet level.

Question 51

What is true about a VPC peering connection

Answer 51

It’s a private connection between two VPCs.

Question 52

Difference between Virtual Private Network (VPN) connection and a Direct Connect connection

Answer 52

• A Direct Connect connection offers predictable latency because it doesn’t traverse the internet
• A VPN connection uses the internet for transport

Question 53

What is true about registering a domain name with Route 53

Answer 53

• You can register a domain name for a term of up to 10 years.
• Route 53 creates a public hosted zone for the domain.

Question 54

What Route 53 policy does not use health checks

Answer 54

Simple Routing Policy

Question 55

What type of Route 53 health checks work by making a test connection to a TCP port

Answer 55

Endpoint

Question 56

You want to provide private name resolutions for two VPCs using the domain name ddd.pri. How many private hosted zones do you need to create

Answer 56

1

Route 53 private hosted zones provide DNS resolution for a single domain name within multiple VPCs.

Question 57

From where does CloudFront retrieve content to store for caching

Answer 57

CloudFront Orgin

Question 58

What are valid origins for a CloudFront distribution

Answer 58

EC2 instance and a Public S3 Bucket