CPC Prep Virtual Private Cloud Flashcards
Which AWS service provides customers complete control over the virtual networking environment including selection of IP ranges, creation of subnets, and configurations of route tables and gateways?
Virtual Private Cloud
Which service must you specify a range of IPv4 addresses in the form of a Classless Inter-Domain Routing (CIDR) block?
Virtual Private Cloud
Which part of the AWS Global Infrastructure does the Virtual Private Cloud operate in?
Region
How many VPCs can you create per region by default?
Up to 5
What are the default creation Virtual Private Cloud AWS Global Infrastructure layout?
A VPC is created in each region and a subnet in each Availability Zone
What are the two methods of connecting to your VPC?
- AWS Managed VPN
2. AWS Direct Connect
What is alternate method to using the Internet to connect customer’s data center to the Virtual Private Cloud?
AWS Direct Connect
What are some of the benefits of AWS Direct Connect?
Predictable performance
Predictable bandwidth
Decreased latency
What is used for connecting multiple sites to AWS?
VPN CloudHub
Which AWS service enables customers to connect their Amazon VPC and their on-premises networks to a single gateway?
AWS Transit Gateway
Which AWS service enables customers to only manage a single connection from the central gateway in to each Amazon VPC, on-premises data center, or remote office across the network?
AWS Transit Gateway
Which AWS service acts as a hub that controls how traffic is routed among all the connected networks which act like spokes?
AWS Transit Gateway
What is a segment of a VPCs IP address range where you can place groups of isolated resources?
Subnet
What is the Amazon side of a connection to the public internet for IPv4/IPv6?
Internet Gateway
What is used to interconnect subnets and direct traffic between internet gateways, virtual private gateways, NAT gateways, and subnets?
Router
What is used as a direct connect between two VPCs?
Peering Connection
What is a private connection to public AWS services?
VPC endpoints
What enables internet access for EC2 instance in private subnets that are managed by the customer where they need to assign security groups?
NAT Instance
What enables Internet access to EC2 instances in private subnets and is managed by AWS and does not have security groups?
NAT Gateway
What is the customer side of a VPN connection
Customer Gateway
What operates as an instance level firewall, supports allow rules, is stateful, evaluates all rules, and applies only if associated with a group?
Security Group
What operates as a subnet level firewall, supports allow and deny rules, is stateless, processes rules in order, and is automatically applied to all instances in the subnet its associated with?
Network Access Control List (NACL)
Which IP address type is lost when an instance is stopped, used in public subnets at no charge, and cannot be moved between instances?
Public IP address
Which IP address is retained when the instance is stopped and is used in public and private subnets?
Private IP Address
Which IP address is a static public IP address, is associated with a private IP address on the instance, and can be moved between instances and Elastic Network Adaptors?
Elastic IP Addresses
What service connects VPCs and on-premises networks through a central hub?
AWS Transit Gateway
Which service acts as a cloud router, ends complex peering relationships, automatically encrypts data, and data never travels over the public internet?
AWS Transit Gateway