NETWORK AND HYBRID Flashcards
1
Q
What does DHCP Mean?
A
Dynamic Host Configuration Protocol
2
Q
What does DHCP Provide?
A
Auto Config for Network Resources
3
Q
Can DHCP Option Sets be edited once created?
A
No they are Immutable
4
Q
How many VPCs can DHCP Option Sets be associated with?
A
0 or more VPC
5
Q
Whats the max number of Option Sets that can be attached to a vpc?
A
1
6
Q
Associating a new option set is immediate but changes take a DHCP Renew which takes time. True or False?
A
True
7
Q
Default Gateway is always subnet + what?
A
Subnet or VPC Router +1
8
Q
AWS Supply Public and Private what?
A
DNS Names
9
Q
To use custom domains, you need to use what in tandem?
A
Custom DNS Servers
10
Q
VPC Routers equals what?
A
Virtual Router within a VPC
11
Q
VPC Router is HA across what?
A
All Az’s in that Region
12
Q
VPC Routers route traffic between where?
A
subnets from external networks into vpc
13
Q
VPC Routers is controlled using what?
A
Route Table
14
Q
Every subnet has a what
A
VPC Router Interface
15
Q
VPC Router Interface uses what?
A
Subnet +1 Address
16
Q
Route Tables Control what?
A
Routing Decisions
17
Q
VPC Routers direct on premises traffic at what?
A
Gateway
18
Q
VPC Routers direct on premises traffic at what?
A
Gateway
19
Q
VPC Routers direct traffic at public what?
A
Public Network Gateways
20
Q
Every VPC is created with a what?
A
Main Route Table
21
Q
Route Table is default for every what?
A
Subnet in VPC
22
Q
Subnets are associated with what?
A
One RT Main or Custom
23
Q
RT’s are associated with how many subnets?
A
0 or more
24
Q
Subnet has to have what?
A
One RT Main or Custom
25
RT Controls what happens to what?? as it leaves subnets it is associated with?
Data
26
Local Route tables are always there. They are uneditable and match VPC IPv4 an IPv6 CIDR Ranges. True or False?
True
27
Higher Prefix Values are more specific and take what?
Higher Priority
28
Default Route is what happens if nothing else what?
Matches
29
Every Connection has 2 parts. which are these?
Request and Response
30
Stateless is what?
2 Rules inverse of each other
31
Requests always go to well know what?
Port
32
Both Request and Response can be what?
In and Out
33
Response will always be what of Request?
Inverse
34
Any rules created for response needs full range of what?
Ephemeral Ports
35
Stateful means?
Lower admin overhead
36
Every subnet has an associated what?
ACL
37
NACL Filter traffic crossing the subnet boundary where?
Inbound or Outbound
38
Connection within a subnet arent impacted by what?
NACL's
39
NACL are what?
Stateless
40
NACL Offer both what?
Explicit Deny and Allow
41
Rules are processed in what?
Order
42
Once rules are processed in order. What rule number is first?
Lowest rule number first
43
Once rule match occurs, what happens?
Processing Stops
44
If no rules match what happens?
Implicit Deny
45
Since NACL are stateless every request and response need a rule. What rule do they need?
1 Inbound and 1 Outbound
46
VPC are created with what by default? e.g rules etc...
NACL
47
Stateful detects response traffic what?
Automatically
48
Stateful has no explicit deny only what?
Allow and Implicit Deny
49
Stateful cant block what?
Specific Bad Actors
50
Stateful are attached to what?
ENI
51
Stateful allow rule cannot not be what?
Overwritten / no Explicit Deny
52
In Stateful how are IP changed handled?
Automatically
53
BGP AS System advertises the shortest path to a destination its aware of to all the other BGP routers its paired with.
True or False?
True
54
What does AWS Global Accelerator do?
Moves AWS network closer to customer
55
Customers enter the edge using what?
anycast IPs
56
AWS Global Accelerator transits over AWS Back to where?
1+ locations
57
AWS Global Accelerator can be use for NON what?
HTTP
58
AWS Global Accelerator works over what?
TCP/UDP
59
If you have any questions about caching what do you use instead of global accelerator?
Cloudfront
60
If you have any questions about UDP/TCP Global Performance Optimization you use what?
AWS Global Accelerator
61
VPN run over what?
Public Internet
62
VPN is what if you design and implement it correctly?
Highly Available
63
VPN are quick to provision. How long does it take?
less than a hour
64
This VPN has no loading balancing and multi connection failover
Static VPN
65
Has Multiple VPN connections Provide HA and traffic distribution
Dynamic VPN
66
In Dynamic VPN if route propagation is enabled means routes are added to RT... what?
Automatically
67
What is the VPN speed limitation?
1.25 GBPS
68
VPN Latency is what?
Inconsistent
69
VPN is used over the ?
Public Internet
70
VPN Speed of setup is
Hours
71
VPNs are how to connect one or more what?
Business Premises to AWS
72
AWS Transit Gateway supports?
Transitive Routing
73
AWS Transit Gateway is used to create?
Global Networks
74
Use AWS Transit Gateway to share between accounts using
AWS Resource Access Manager
75
AWS Transit Gateway is used to peer with different regions either?
Same or cross account
76
AWS Transit Gateway offers less what?
Complexity
77
A Transit Gateway has what by default?
Route Table (RT)
78
All attachments in the TGW use the what for routing purposes?
Default RT
79
All attachments in TGW propagate and add routes to what?
RT
80
What doesnt have route propagation?
Peering Attachments
81
What uses unique ASNs for future route propagation?
TGW
82
Public over Private IP resolution is not supported over what?
Peers
83
How many peering attachments per TWG?
50
84
what is required in TGW?
Static Routes
85
All attachments in TGW are associated with the same what?
Route Table
86
All attachments propagate to the same what?
Route Table
87
Attachments in TGW can only be associated with how many RTs?
1
88
In TGW Route Tables can be associated with many what?
attachments
89
Route Tables can be associated with what other gateways?
Internet Gateway and Virtual Private Gateway
90
What are handled seperatly in a RT?
IPv4 and IPv6
91
What is number 1 on priority of routes?
Longest Prefix
92
Whats number 2 on priority for routes?
Static Routes
93
whats number 3 on priority for routes?
Propagated Routes
94
Peering between overlapping CIDR isnt supported where?
VPC Routing
95
What is used to direct a IGW to take actions on inbound traffic such as forwarding it to a security appliance?
Gateway Route Table
96
Without Gateway RT the IGW would forward any return traffic directly using what?
10.16.0.0/16 local route
97
What is IPSEC?
A group of protocols
98
What sets up secure tunnels across insecure networks between two peers (local and remote)
IPSEC
99
IPSEC provides what?
Authentication and Encryption
100
The data inside tunnels are what?
Encrypted on secure connection
101
Asymmetric Encryption is what?
Slow but easy to exchange keys
102
Symmetric is what?
fast but hard to exchange public keys
103
What VPN has rule set match traffic?
Policy Based VPN
104
What VPN has target matching using prefix?
Route Based VPN
105
Site 2 Site has 2 Resilent what?
Public Space Endpoints
106
This has 2 IPSEC Tunnels that transit over the public internet
Site to Site VPN
107
Site to Site Acceleration can be enabled when creating a what?
TGW VPN Attachment
108
Site to Site Acceleration is not compatiable with VPNs using what?
Virtual Private Gateway
109
If deploying Site to Site VPN where possible use what?
TGW
110
When using Site to Site VPN while using Transit Gateway make sure to enable what?
Site 2 Site Accelerator
111
This is a managed implementation of OpenVPN
Client VPN
112
With Client VPN what is not the default?
Split Tunnel
113
With Client VPN this must be enabled or else all data goes via tunnel?
Split Tunnel
114
What are the speeds of DX Connection Physical Port?
1,10,100 g
115
What type of connection do you need for DX Port?
Single Mode fibre
116
If connecting at 1Gbps what tranceiver do you use?
1000 BASE-LX 1310nm
117
If connection at 10 gbps what transceiver do you use?
10 GBASE-LR (1310nm)
118
If connection at 100 gbps what transceiver do you use?
100 BASE-LR4
119
What needs to be disabled on DX Port?
Auto Negotiation
120
What do you need to manually set in DX Port?
Port Speed and Full Duplex
121
What does your router need to support in the DX Location?
BGP and BGP MDS Authentication
122
What uses a physical connection to a AWS Region?
AWS Direct Connect (DX)
123
How many gig for DX?
1 10 100 Gigs
124
The DX Connection is between what 3 things?
Business Premises, DX Location, and AWS Region
125
What does AWS Provide at DX Location?
Port allocation
126
What provides low and consistent latency + high speeds?
Direct Connect
127
Direct Connect is used to access what?
AWS Private Service in a VPC and AWS Public Service
128
DX cant access what?
Public Internet
129
Does AWS own the DX Location?
No they rent the space
130
How do you connect to AWS via port at DX Location?
Cross Connect
131
What does MACsec Provide?
Hop by Hop Encryption
132
What does Hop by Hop encrypt?
2 switches or routers
133
What 4 High Level features does MACSec Provide?
Confidentiality , Data Integrity, Data Origin Authenticity, Replay Protection
134
Since MACsec isnt end 2 end what does it not replace?
IPSec over DX
135
MACSec allows for what type of high speed?
Terabit Networks
136
Where does a DX Connection Begin?
DX location
137
What does DX Location contain?
AWS and Customer Equipment
138
Does AWS own DX Location?
No
139
Who connects things together at DX Location?
Data Center
140
How does the Data Center Staff get authorization to connect cables?
Letter of Authorization
141
Wha\t is needed for DC Staff to connect cables together with other entities?
Authorization from all parties
142
What are DX Connection?
Physical Connection
143
What is a VIF?
BGP Peering Session
144
What does VIF Mean?
Virtual Interface
145
Private Vif attach to how many VPC?
1
146
Private VIF attaches to one VPC via what?
VIrtual Private Gateway (VGW)
147
Private VIF and VGW can be used in same what only?
Region DX terminates on
148
To setup Private VIF you need one of each what?
P VIF, VGW, and VPC
149
Private VIF has no what?
Encryption
150
With Private VIF AWS will advertise what two things?
VPC CIDR and BGP Peer IPs
151
With Private VIF you can advertise?
default or specific corp prefixes (max 100)
152
Use Private VIF to access what?
Private AWS Services
153
VGW has AWS ASN or you can configure one.... True or False?
True
154
BGGGP can be either?
IPv4 or IPv6
155
You configure Your ____ on the VIF?
ASN
156
You configure your VIF on either a ?
Private ASN or Public owned one
157
Private ASN or Public owned use what Range?
64512-65535
158
What do you use Public VIFs for?
Public Zone Services
159
What doesnt Public VIF have access to?
Private VPC Services
160
Public VIFS can access all public zone region across what?
AWS Global Network
161
AWS advertise all what in public VIF?
AWS Public IP Ranges
162
You can advertise any public IPs you own over what?
BGP
163
Your prefixes dont leave what?
AWS example Public VIF
164
What does Public VIF add?
low and consistent latency
165
Direct Contact GW is a ?
Global Network device
166
DCG doesnt allow what?
Other VPCs to communicatte
167
How many VGW per DX Gateway?
10
168
1 DX can have how many private VIFs?
50
169
1 Private VIF =?
1 DX Gateway
170
1 DX can have up to how many VPCs?
500
171
How many Transit VIFs can you have per DX Connection?
One
172
Each transit VIF supports up to how many TGWs?
3
173
A DX gateway can be associated with VPCS and Private VIFS or TGW and Transit VIF but not what?
Not Both
174
TGW can be attached to up to how many Direct Connect Gateways (DXGW)?
20
175
DX Gateway doesnt support ( _____ ) what? ) between interfaces attached to the DX Gateway?
Routing
176
A TGW allows ______ across DX Gateway attachments allowing connectivity between DX enabled offices?
Routing
177
TGWs will route DX Gateway attachments even across TWG peers to where?
TO/From
