Knowledge Check: Networking (CLF-C01) Flashcards
A(n) _____ is useful when you need to allow the instances in a private subnet of an Amazon VPC to connect to the Internet to perform tasks like downloading patches and updates, while still preventing any inbound connections from being initiated to these instances via the Internet.
A. Internet gateway
B. NAT gateway
C. Bastion Host
D. AWS Site-to-Site VPN
B. NAT gateway
Explanation
You can allow the instances in your private subnets to have outbound access to the Internet by placing a NAT gateway inside of a public subnet and then configuring a route from your private subnet to the NAT gateway. And this is useful when you need to allow the instances in your private subnet to connect to the Internet to do things like download patches and updates, while still preventing any inbound connections from being initiated to these instances via the Internet.
You want to allow an on-premises network to connect to multiple separate VPCs within your AWS network through a central network hub. What service would you need to provide thecentralizednetwork hubbetween multiple VPCs and your on-premises network?
A. VPC peering
B. AWS VPN
C. AWS Direct Connect
D. AWS Transit Gateway
D. AWS Transit Gateway
Explanation:
The central connection point or hub between the multiple VPCs and the hybrid connection to an on-premises network will be AWS Transit Gateway. The network suggested in this scenario would certainly include VPC peering connections and either VPNs or Direct Connect, but the component that connects them all is AWS Transit Gateway.
All statements regarding VPC peering connections below are correct except:
A. You can configure a peering connection between VPCs in separate regions.
B. Peering connections are establishedusingvirtual private networks (VPN).
C. Peering connections establisha one-to-one connection only.
D. Peering connections arenot possible between VPCs with an IP address overlap.
B. Peering connections are establishedusingvirtual private networks (VPN).
Explanation:
VPC peering connects two separate VPCs, either in the same region or different regions. That connection is a one-to-one connection only, and cannot be established between VPCs with an IP address overlap. The connectionis made over AWS infrastructure, not through a Direct Connect co-location or a virtual private network (VPN). This offers high availability, and avoids a bandwidth bottleneck.
Which of the following is true of public subnets?
A. They have an internal IP address only.
B. They have a public IP address only.
C. They have both an internal and a public IP address.
D. They have routeless access to an Internet gateway.
C. They have both an internal and a public IP address.
Explanation:
Public subnets have both an internal and a public IP address so that they will be both in the range of the internal network and accessible from the Internet. A public subnet with a size /24 IPv4 CIDR block (example: 10.0. 0.0/24). Thisprovides 256 private IPv4 addresses. A public subnet is a subnet that’s associated with a route table that has a route to an internet gateway.
When specifying a CIDR block address for your VPC, what is the range of netmasks allowed?
A. From a /16 netmask to a /28 netmask
B. From a /8 netmask to a /30 netmask
C. From a /20 netmask to a /28 netmask
D. From a /16 netmask to a /24 netmask
A. From a /16 netmask to a /28 netmask
Explanation:
When creating a CIDR block address range, you can select a netmask from /16 to /28, which offers roughly as many as 65,000 assignable IP address within a VPC to as few as 16.
What does a local route within a route table enable?
A. It enables communication between VPC subnets.
B. It enables communication only within each VPC subnet, not between subnets.
C. It enables communication between a VPC and external public IP addresses.
D. It enables an administrator to SSH directly into any VPC resource.
A. It enables communication between VPC subnets.
Explanation:
Now, by default, when your subnet’s created, it will have a default route in it, and this is a local route. Let’s take a look. Now, your route table will contain a destination field and also a target field. Now, the destination field is the destination address that you’re trying to get to. The target essentially specifies the route to that destination. Now, within every route table that’s created, there will be this local route here. Now, what this enables your subnets to do is simply talk to each other. So any subnet within your VPC is able to communicate with each other without you having to configure any routes. It’s there by default. Every route table has this local route. It can’t be deleted, and it simply allows all subnets within your VPC to communicate with each other.
Global Accelerators reduce the latency of which type of AWS traffic?
A. Traffic from the application to the end user
B. Traffic between AWS resources within a single application
C. Traffic from an edge location to an end user
D. Traffic from the end user to the application
D. Traffic from the end user to the application
Explanation:
The ultimate aim of the AWS Global Accelerator is to get UDP and TCP traffic from your end user clients to your applications faster and quicker and more reliably, through the use of the AWS global infrastructure and specified endpoints, instead of having to traverse the public internet, which is not as reliable and carries a higher security risk.
Amazon Route 53 is a service that helps you _____.
A. scale VPC and account connections
B. register a domain name and manage it worldwide
C. create and manage scalable blockchain networks
D. monitor and control microservices
B. register a domain name and manage it worldwide
Explanation
In this course, you will be introduced to Amazon Route 53 and learn how the service helps you register a domain name and manage it worldwide.
A(n) _____ connection creates a secure tunnel between your on-site networks and your AWS networks.
A. VPN
B. elastic
C. VPC
D. paired region
A. VPN
Explanation
You might also think about how you can connect your on-site networks with your networks within the cloud. This is also easily achievable and can be done using a VPN connection, which will create a secure tunnel between your on-premises environment and AWS.
You can connect to a VPC in AWS from an on-premises environment by leveraging your existing Internet connection and creating a(n) _____.
A. AWS Site-to-Site VPN
B. VPC peering connection
C. jump box
D. AWS Direct Connect resource
A. AWS Site-to-Site VPN
Explanation:
Now that you’ve seen how to set up a VPC within AWS, let’s talk about how to connect to that VPC from your on-premises environment. So you have a couple of options here. You can leverage your existing Internet connection and create an AWS Site-to-Site VPN, or Virtual Private Network.
Within a VPC public subnet, what function does a public IP address provide?
A. A central target where route tables direct all VPC egress traffic to the Internet
B. Set a specific resource’s network location to support communication with the Internet
C. Allow or restrict external traffic from entering the subnet based on a series of rules
D. Serve as an anchor on the customer side of a VPN connection to a VPC
B. Set a specific resource’s network location to support communication with the Internet
Explanation
A public IP address is essentially the location for any external messages to reach resources in your VPC subnet. Without it, external resources would not know how to reach you. The other choices are the services provided by internet gateways, network ACLs, and customer gateways.
_____ is a networking connection between two VPCs that enables you to route traffic privately between them, even if those VPCs are in two different regions or AWS accounts.
A. AWS CloudFront
B. VPC Bridging
C. VPC Peering
D. AWS Transit Gateway
C. VPC Peering
Explanation
In the last example, we talked about creating separate private subnets within the same VPC for your development, testing, and production systems. But you could actually separate these private subnets out across multiple VPCs. And suppose you still needed to communicate between these VPCs. In that case, you could use VPC Peering, which is a networking connection between two VPCs that enables you to route traffic privately between them, even if those VPCs are in two different regions or, as we’ll see in a moment, two different AWS accounts.
Which statements regarding VPC subnets are correct? (Choose 2 answers)
A. A route to an internet gateway means the subnet is public.
B. A route to a virtual private gateway means that the subnet is public.
C. A route to a NAT instance indicates VPN communication with on-premises servers.
D. No route to an internet gateway or virtual private gateway indicates a private subnet.
A. A route to an internet gateway means the subnet is public.
D. No route to an internet gateway or virtual private gateway indicates a private subnet.
Explanation;
Your VPC has an implicit router and a main route table that you can modify. Each subnet you create must be associated with a route table. Adding an internet gateway and adding a route to that IGW facilitates traffic out to the Internet for a public subnet. NAT instance and NAT gateways are provided to allow instances in private subnets to gain internet access.
_____ is a dedicated connection between an on-premises network and AWS.
A. AWS Transit Hub
B. AWS Direct Connect
C. VPC Peering
D. AWS Site-to-Site VPN
B. AWS Direct Connect
Explanation
Your other option for connecting to a VPC from your on-premises environment is to use AWS Direct Connect, which is a dedicated connection between your network and AWS.
Within AWS, what is an accurate description of a Virtual Private Cloud (VPC)?
A. An AWS user’s separate network segment within the AWS cloud
B. An AWS user’s connection between two remote networks via the public internet
C. An AWS user’s connection between two remote networks via private AWS infrastructure
D. an isolated segment of an AWS network that cannot receive inbound traffic from the internet
A. An AWS user’s separate network segment within the AWS cloud
Explanation
A Virtual Private Cloud can be described as an AWS user’s network segment of the AWS cloud. The other statements describe a virtual private network connection, a connection via AWS Direct Connect, and a private subnet within a VPC.
