Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS NETWORKING-SC > NACLs & Security Groups > Flashcards

NACLs & Security Groups Flashcards

1
Q

True or false: NACLs are stateless.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

True or false: Security groups are stateful.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True or false: Security groups are placed directly behind the internet gateway (IGW).

A

False, they are attached to vpcs. NACLs are placed directly behind the IGW.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the ephemeral port range?

A

1024 - 65535

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Is there an implicit deny in NACLs?

A

Yes, it’s denoted by an *.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The default VPC will have two NACL rules. What are they?

A

The two rules are in the following order:
1) All traffic is allowed within the vpc.
2) Implicit deny.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or false: NACLs work just like ACLs on router and switches.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True or false: NACLs only affect traffic between different subnets.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True or false: NACLs and Security Groups are typically used together.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

True or false: In most designs, NACLs are used to deny traffic, and Security Groups are used to allow traffic.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How many NACLs can be associated with one vpc?

A

Only one NACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

At what OSI layer does security groups operate?

A

Layer 7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

If you want to block a single client ip, which would work: NACL or Security Group?

A

NACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

If NACLs are attached to subnets, what are Security Groups attached to?

A

ENIs - elastic network interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Security Groups are used to allow access to what? Give examples.

A

VPC based resources
- EC2 instances
- Lambda
- Variety other AWS services within a VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the two things that Security Groups can reference if permitting traffic?

A

1) CIDR, protocol, and ports
2) Security group ID

17
Q

Can one security group reference another security group?

A

Yes, it uses the security group’s id.

18
Q

True or false: Security groups in once vpc can reference another security in another vpc.

A

True

19
Q

True or false: security groups block inbound traffic by default.

A

True

20
Q

True or false: security groups block all outbound traffic by default.

A

False, all outbound traffic is permitted by default.

21
Q

What is a Security Group attached to?

A

An ENI

22
Q

When bringing up a secondary ENI on a VPC, how many Security Groups can be attached?

A

Only one can be attached to an ENI.

AWS NETWORKING-SC (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions