Network - VPC - Introduction and Overview Flashcards

1
Q

Think of VPC as…

A

…a logical datacenter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where do you deploy a VPC?

A

Region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

T/F: VPCs can span regions.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

T/F: VPCs can span Availability Zones.

A

True; all availability zone within that region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

According to the AWS definition, what does Amazon VPC allow you to provision?

A

Amazon VPC lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

According to the AWS definition, how much control do you have over your networking environment?

A

You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

T/F: You can easily customize the network configuration for your Amazon VPC.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an example of how you can customize the network configuration for VPC?

A

Create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems (e.g. databases, application servers) in a private-facing subnet with no internet access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You can leverage multiple layers of security, including…

A

…security groups and Network ACLs to help control access to EC2 instances in each subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

T/F: You can create a Hardware VPN connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Private IP address ranges

A
  1. 10.0.0.0-10.255.255.255 (10/8 prefix)
  2. 172.16.0.0-172.31.255.255 (172.16/12 prefix)
  3. 192.168.0.0-192.168.255.255 (192.168/16 prefix)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Maximum addressable size in AWS

A

/16

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the two routes of entry into VPC?

A

Internet Gateway, Virtual Private Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the purpose of the Internet Gateway?

A

Allows you to connect to the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the purpose of the Virtual Private Gateway?

A

Allows you to terminate VPN connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the purpose of the Router?

A

It routes traffic based on what is defined in the route tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a Public subnet?

A

Internet-accessible subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a Private subnet?

A

Not Internet-accessible subnet

19
Q

What do you normally put in public subnets?

A

Webservers, bastion host

20
Q

What do you normally put in private subnets?

A

Database servers, application servers

21
Q

Can security groups span subnets or availability zones?

A

Yes

22
Q

Can network ACLs span subnets or availability zones?

A

Yes

23
Q

How many subnets per availability zone?

A

One or more

24
Q

Can route tables span subnets or availability zones?

A

Yes

25
Q

Can a subnet span multiple availability zones?

A

No

26
Q

What can you do with a VPC?

A
  1. Launch instances into a subnet of your choosing
  2. Assign custom IP address ranges in each subnet
  3. Configure route tables between subnets
  4. Create internet gateway and attach it to our VPC
  5. Much better security control over your AWS resources
  6. Instance security groups
  7. Subnet network access control lists (ACLs)
27
Q

What does a route table define?

A

Whether a subnet is public or private

28
Q

How many internet gateways can you have per VPC?

A

One

29
Q

Example question: if Internet connection is running slow, how can you boost Internet speed?

A

If one of the answers is “attach another IGW to the VPC,” DON’T PICK THAT ONE!

30
Q

T/F: Security groups are stateful.

A

True

31
Q

What does “stateful” mean?

A

If you create a rule allowing traffic in, it automatically allows traffic out.

32
Q

T/F: Network ACLs are stateless.

A

True

33
Q

What does “stateless” mean?

A

If you create a rule allowing traffic in, you need to create a rule allowing the traffic back out.

34
Q

Default VPC properties:

A
  1. User friendly, allowing you to immediately deploy instances
  2. All subnets in default VPC have a route out to the internet
  3. Each EC2 instance has both a public and private IP address
  4. Once deleted, you can create a new default VPC directly from the VPC Console or by using the CLI.
35
Q

What does VPC Peering allow you to do?

A

Allows you to connect one VPC with another via a direct network route using private IP addresses

36
Q

Example: VPC Peering Use Case

A

Connect: VPC for monitoring services, VPC for Active Directory, Administration VPC, Production VPC, Dev VPC, Test VPC

37
Q

T/F: When VPC Peering, instances behave as if they were on the same private network

A

True

38
Q

T/F: You can peer VPCs with other AWS accounts as well as with other VPCs in the same account.

A

True

39
Q

Example: peer VPCs with other accounts use case

A

Peer VPCs with Dev account, Test account, Production account

40
Q

What is the configuration of VPC Peering?

A

Star configuration (1 central VPC peers with 4 other VPCs)

41
Q

T/F: Transitive peering is allowed.

A

False

42
Q

What does a VPC consist of?

A
  1. IGWs (or Virtual Private Gateways)
  2. Route Tables
  3. Network Access Control Lists
  4. Subnets
  5. Security Groups
43
Q

What does a non-default VPN consist of default?

A
  1. IGW
  2. Routing Table (IPV4)/not IPV6
  3. ?
44
Q

Which 5 IP are reserved by default in a VPC?

A
  1. 0/24 Network address
  2. 1/24 Reserved by AWS for the VPC Router
  3. 2/24 Reserved by AWS for Amazon DNS
  4. 3/24 Reserved by AWS for future use
  5. 255/24 VPCs don’t support broadcast, so AWS reserves this address