NETWORK AND HYBRID

Question 1

What does DHCP Mean?

Answer 1

Dynamic Host Configuration Protocol

Question 2

What does DHCP Provide?

Answer 2

Auto Config for Network Resources

Question 3

Can DHCP Option Sets be edited once created?

Answer 3

No they are Immutable

Question 4

How many VPCs can DHCP Option Sets be associated with?

Answer 4

0 or more VPC

Question 5

Whats the max number of Option Sets that can be attached to a vpc?

Answer 5

1

Question 6

Associating a new option set is immediate but changes take a DHCP Renew which takes time. True or False?

Answer 6

True

Question 7

Default Gateway is always subnet + what?

Answer 7

Subnet or VPC Router +1

Question 8

AWS Supply Public and Private what?

Answer 8

DNS Names

Question 9

To use custom domains, you need to use what in tandem?

Answer 9

Custom DNS Servers

Question 10

VPC Routers equals what?

Answer 10

Virtual Router within a VPC

Question 11

VPC Router is HA across what?

Answer 11

All Az’s in that Region

Question 12

VPC Routers route traffic between where?

Answer 12

subnets from external networks into vpc

Question 13

VPC Routers is controlled using what?

Answer 13

Route Table

Question 14

Every subnet has a what

Answer 14

VPC Router Interface

Question 15

VPC Router Interface uses what?

Answer 15

Subnet +1 Address

Question 16

Route Tables Control what?

Answer 16

Routing Decisions

Question 17

VPC Routers direct on premises traffic at what?

Answer 17

Gateway

Question 18

VPC Routers direct on premises traffic at what?

Answer 18

Gateway

Question 19

VPC Routers direct traffic at public what?

Answer 19

Public Network Gateways

Question 20

Every VPC is created with a what?

Answer 20

Main Route Table

Question 21

Route Table is default for every what?

Answer 21

Subnet in VPC

Question 22

Subnets are associated with what?

Answer 22

One RT Main or Custom

Question 23

RT’s are associated with how many subnets?

Answer 23

0 or more

Question 24

Subnet has to have what?

Answer 24

One RT Main or Custom

Question 25

RT Controls what happens to what?? as it leaves subnets it is associated with?

Answer 25

Data

Question 26

Local Route tables are always there. They are uneditable and match VPC IPv4 an IPv6 CIDR Ranges. True or False?

Answer 26

True

Question 27

Higher Prefix Values are more specific and take what?

Answer 27

Higher Priority

Question 28

Default Route is what happens if nothing else what?

Answer 28

Matches

Question 29

Every Connection has 2 parts. which are these?

Answer 29

Request and Response

Question 30

Stateless is what?

Answer 30

2 Rules inverse of each other

Question 31

Requests always go to well know what?

Answer 31

Port

Question 32

Both Request and Response can be what?

Answer 32

In and Out

Question 33

Response will always be what of Request?

Answer 33

Inverse

Question 34

Any rules created for response needs full range of what?

Answer 34

Ephemeral Ports

Question 35

Stateful means?

Answer 35

Lower admin overhead

Question 36

Every subnet has an associated what?

Answer 36

ACL

Question 37

NACL Filter traffic crossing the subnet boundary where?

Answer 37

Inbound or Outbound

Question 38

Connection within a subnet arent impacted by what?

Answer 38

NACL’s

Question 39

NACL are what?

Answer 39

Stateless

Question 40

NACL Offer both what?

Answer 40

Explicit Deny and Allow

Question 41

Rules are processed in what?

Answer 41

Order

Question 42

Once rules are processed in order. What rule number is first?

Answer 42

Lowest rule number first

Question 43

Once rule match occurs, what happens?

Answer 43

Processing Stops

Question 44

If no rules match what happens?

Answer 44

Implicit Deny

Question 45

Since NACL are stateless every request and response need a rule. What rule do they need?

Answer 45

1 Inbound and 1 Outbound

Question 46

VPC are created with what by default? e.g rules etc…

Answer 46

NACL

Question 47

Stateful detects response traffic what?

Answer 47

Automatically

Question 48

Stateful has no explicit deny only what?

Answer 48

Allow and Implicit Deny

Question 49

Stateful cant block what?

Answer 49

Specific Bad Actors

Question 50

Stateful are attached to what?

Answer 50

ENI

Question 51

Stateful allow rule cannot not be what?

Answer 51

Overwritten / no Explicit Deny

Question 52

In Stateful how are IP changed handled?

Answer 52

Automatically

Question 53

BGP AS System advertises the shortest path to a destination its aware of to all the other BGP routers its paired with.

True or False?

Answer 53

True

Question 54

What does AWS Global Accelerator do?

Answer 54

Moves AWS network closer to customer

Question 55

Customers enter the edge using what?

Answer 55

anycast IPs

Question 56

AWS Global Accelerator transits over AWS Back to where?

Answer 56

1+ locations

Question 57

AWS Global Accelerator can be use for NON what?

Answer 57

HTTP

Question 58

AWS Global Accelerator works over what?

Answer 58

TCP/UDP

Question 59

If you have any questions about caching what do you use instead of global accelerator?

Answer 59

Cloudfront

Question 60

If you have any questions about UDP/TCP Global Performance Optimization you use what?

Answer 60

AWS Global Accelerator

Question 61

VPN run over what?

Answer 61

Public Internet

Question 62

VPN is what if you design and implement it correctly?

Answer 62

Highly Available

Question 63

VPN are quick to provision. How long does it take?

Answer 63

less than a hour

Question 64

This VPN has no loading balancing and multi connection failover

Answer 64

Static VPN

Question 65

Has Multiple VPN connections Provide HA and traffic distribution

Answer 65

Dynamic VPN

Question 66

In Dynamic VPN if route propagation is enabled means routes are added to RT… what?

Answer 66

Automatically

Question 67

What is the VPN speed limitation?

Answer 67

1.25 GBPS

Question 68

VPN Latency is what?

Answer 68

Inconsistent

Question 69

VPN is used over the ?

Answer 69

Public Internet

Question 70

VPN Speed of setup is

Answer 70

Hours

Question 71

VPNs are how to connect one or more what?

Answer 71

Business Premises to AWS

Question 72

AWS Transit Gateway supports?

Answer 72

Transitive Routing

Question 73

AWS Transit Gateway is used to create?

Answer 73

Global Networks

Question 74

Use AWS Transit Gateway to share between accounts using

Answer 74

AWS Resource Access Manager

Question 75

AWS Transit Gateway is used to peer with different regions either?

Answer 75

Same or cross account

Question 76

AWS Transit Gateway offers less what?

Answer 76

Complexity

Question 77

A Transit Gateway has what by default?

Answer 77

Route Table (RT)

Question 78

All attachments in the TGW use the what for routing purposes?

Answer 78

Default RT

Question 79

All attachments in TGW propagate and add routes to what?

Answer 79

RT

Question 80

What doesnt have route propagation?

Answer 80

Peering Attachments

Question 81

What uses unique ASNs for future route propagation?

Answer 81

TGW

Question 82

Public over Private IP resolution is not supported over what?

Answer 82

Peers

Question 83

How many peering attachments per TWG?

Answer 83

50

Question 84

what is required in TGW?

Answer 84

Static Routes

Question 85

All attachments in TGW are associated with the same what?

Answer 85

Route Table

Question 86

All attachments propagate to the same what?

Answer 86

Route Table

Question 87

Attachments in TGW can only be associated with how many RTs?

Answer 87

1

Question 88

In TGW Route Tables can be associated with many what?

Answer 88

attachments

Question 89

Route Tables can be associated with what other gateways?

Answer 89

Internet Gateway and Virtual Private Gateway

Question 90

What are handled seperatly in a RT?

Answer 90

IPv4 and IPv6

Question 91

What is number 1 on priority of routes?

Answer 91

Longest Prefix

Question 92

Whats number 2 on priority for routes?

Answer 92

Static Routes

Question 93

whats number 3 on priority for routes?

Answer 93

Propagated Routes

Question 94

Peering between overlapping CIDR isnt supported where?

Answer 94

VPC Routing

Question 95

What is used to direct a IGW to take actions on inbound traffic such as forwarding it to a security appliance?

Answer 95

Gateway Route Table

Question 96

Without Gateway RT the IGW would forward any return traffic directly using what?

Answer 96

10.16.0.0/16 local route

Question 97

What is IPSEC?

Answer 97

A group of protocols

Question 98

What sets up secure tunnels across insecure networks between two peers (local and remote)

Answer 98

IPSEC

Question 99

IPSEC provides what?

Answer 99

Authentication and Encryption

Question 100

The data inside tunnels are what?

Answer 100

Encrypted on secure connection

Question 101

Asymmetric Encryption is what?

Answer 101

Slow but easy to exchange keys

Question 102

Symmetric is what?

Answer 102

fast but hard to exchange public keys

Question 103

What VPN has rule set match traffic?

Answer 103

Policy Based VPN

Question 104

What VPN has target matching using prefix?

Answer 104

Route Based VPN

Question 105

Site 2 Site has 2 Resilent what?

Answer 105

Public Space Endpoints

Question 106

This has 2 IPSEC Tunnels that transit over the public internet

Answer 106

Site to Site VPN

Question 107

Site to Site Acceleration can be enabled when creating a what?

Answer 107

TGW VPN Attachment

Question 108

Site to Site Acceleration is not compatiable with VPNs using what?

Answer 108

Virtual Private Gateway

Question 109

If deploying Site to Site VPN where possible use what?

Answer 109

TGW

Question 110

When using Site to Site VPN while using Transit Gateway make sure to enable what?

Answer 110

Site 2 Site Accelerator

Question 111

This is a managed implementation of OpenVPN

Answer 111

Client VPN

Question 112

With Client VPN what is not the default?

Answer 112

Split Tunnel

Question 113

With Client VPN this must be enabled or else all data goes via tunnel?

Answer 113

Split Tunnel

Question 114

What are the speeds of DX Connection Physical Port?

Answer 114

1,10,100 g

Question 115

What type of connection do you need for DX Port?

Answer 115

Single Mode fibre

Question 116

If connecting at 1Gbps what tranceiver do you use?

Answer 116

1000 BASE-LX 1310nm

Question 117

If connection at 10 gbps what transceiver do you use?

Answer 117

10 GBASE-LR (1310nm)

Question 118

If connection at 100 gbps what transceiver do you use?

Answer 118

100 BASE-LR4

Question 119

What needs to be disabled on DX Port?

Answer 119

Auto Negotiation

Question 120

What do you need to manually set in DX Port?

Answer 120

Port Speed and Full Duplex

Question 121

What does your router need to support in the DX Location?

Answer 121

BGP and BGP MDS Authentication

Question 122

What uses a physical connection to a AWS Region?

Answer 122

AWS Direct Connect (DX)

Question 123

How many gig for DX?

Answer 123

1 10 100 Gigs

Question 124

The DX Connection is between what 3 things?

Answer 124

Business Premises, DX Location, and AWS Region

Question 125

What does AWS Provide at DX Location?

Answer 125

Port allocation

Question 126

What provides low and consistent latency + high speeds?

Answer 126

Direct Connect

Question 127

Direct Connect is used to access what?

Answer 127

AWS Private Service in a VPC and AWS Public Service

Question 128

DX cant access what?

Answer 128

Public Internet

Question 129

Does AWS own the DX Location?

Answer 129

No they rent the space

Question 130

How do you connect to AWS via port at DX Location?

Answer 130

Cross Connect

Question 131

What does MACsec Provide?

Answer 131

Hop by Hop Encryption

Question 132

What does Hop by Hop encrypt?

Answer 132

2 switches or routers

Question 133

What 4 High Level features does MACSec Provide?

Answer 133

Confidentiality , Data Integrity, Data Origin Authenticity, Replay Protection

Question 134

Since MACsec isnt end 2 end what does it not replace?

Answer 134

IPSec over DX

Question 135

MACSec allows for what type of high speed?

Answer 135

Terabit Networks

Question 136

Where does a DX Connection Begin?

Answer 136

DX location

Question 137

What does DX Location contain?

Answer 137

AWS and Customer Equipment

Question 138

Does AWS own DX Location?

Answer 138

No

Question 139

Who connects things together at DX Location?

Answer 139

Data Center

Question 140

How does the Data Center Staff get authorization to connect cables?

Answer 140

Letter of Authorization

Question 141

Wha\t is needed for DC Staff to connect cables together with other entities?

Answer 141

Authorization from all parties

Question 142

What are DX Connection?

Answer 142

Physical Connection

Question 143

What is a VIF?

Answer 143

BGP Peering Session

Question 144

What does VIF Mean?

Answer 144

Virtual Interface

Question 145

Private Vif attach to how many VPC?

Answer 145

1

Question 146

Private VIF attaches to one VPC via what?

Answer 146

VIrtual Private Gateway (VGW)

Question 147

Private VIF and VGW can be used in same what only?

Answer 147

Region DX terminates on

Question 148

To setup Private VIF you need one of each what?

Answer 148

P VIF, VGW, and VPC

Question 149

Private VIF has no what?

Answer 149

Encryption

Question 150

With Private VIF AWS will advertise what two things?

Answer 150

VPC CIDR and BGP Peer IPs

Question 151

With Private VIF you can advertise?

Answer 151

default or specific corp prefixes (max 100)

Question 152

Use Private VIF to access what?

Answer 152

Private AWS Services

Question 153

VGW has AWS ASN or you can configure one…. True or False?

Answer 153

True

Question 154

BGGGP can be either?

Answer 154

IPv4 or IPv6

Question 155

You configure Your ____ on the VIF?

Answer 155

ASN

Question 156

You configure your VIF on either a ?

Answer 156

Private ASN or Public owned one

Question 157

Private ASN or Public owned use what Range?

Answer 157

64512-65535

Question 158

What do you use Public VIFs for?

Answer 158

Public Zone Services

Question 159

What doesnt Public VIF have access to?

Answer 159

Private VPC Services

Question 160

Public VIFS can access all public zone region across what?

Answer 160

AWS Global Network

Question 161

AWS advertise all what in public VIF?

Answer 161

AWS Public IP Ranges

Question 162

You can advertise any public IPs you own over what?

Answer 162

BGP

Question 163

Your prefixes dont leave what?

Answer 163

AWS example Public VIF

Question 164

What does Public VIF add?

Answer 164

low and consistent latency

Question 165

Direct Contact GW is a ?

Answer 165

Global Network device

Question 166

DCG doesnt allow what?

Answer 166

Other VPCs to communicatte

Question 167

How many VGW per DX Gateway?

Answer 167

10

Question 168

1 DX can have how many private VIFs?

Answer 168

50

Question 169

1 Private VIF =?

Answer 169

1 DX Gateway

Question 170

1 DX can have up to how many VPCs?

Answer 170

500

Question 171

How many Transit VIFs can you have per DX Connection?

Answer 171

One

Question 172

Each transit VIF supports up to how many TGWs?

Answer 172

3

Question 173

A DX gateway can be associated with VPCS and Private VIFS or TGW and Transit VIF but not what?

Answer 173

Not Both

Question 174

TGW can be attached to up to how many Direct Connect Gateways (DXGW)?

Answer 174

20

Question 175

DX Gateway doesnt support ( _____ ) what? ) between interfaces attached to the DX Gateway?

Answer 175

Routing

Question 176

A TGW allows ______ across DX Gateway attachments allowing connectivity between DX enabled offices?

Answer 176

Routing

Question 177

TGWs will route DX Gateway attachments even across TWG peers to where?

Answer 177

TO/From