Network - VPC - Introduction and Overview

Question 1

Think of VPC as…

Answer 1

…a logical datacenter.

Question 2

Where do you deploy a VPC?

Answer 2

Region

Question 3

T/F: VPCs can span regions.

Answer 3

False

Question 4

T/F: VPCs can span Availability Zones.

Answer 4

True; all availability zone within that region

Question 5

According to the AWS definition, what does Amazon VPC allow you to provision?

Answer 5

Amazon VPC lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define.

Question 6

According to the AWS definition, how much control do you have over your networking environment?

Answer 6

You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

Question 7

T/F: You can easily customize the network configuration for your Amazon VPC.

Answer 7

True

Question 8

What is an example of how you can customize the network configuration for VPC?

Answer 8

Create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems (e.g. databases, application servers) in a private-facing subnet with no internet access

Question 9

You can leverage multiple layers of security, including…

Answer 9

…security groups and Network ACLs to help control access to EC2 instances in each subnet.

Question 10

T/F: You can create a Hardware VPN connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.

Answer 10

True

Question 11

Private IP address ranges

Answer 11

1. 10.0.0.0-10.255.255.255 (10/8 prefix)
2. 172.16.0.0-172.31.255.255 (172.16/12 prefix)
3. 192.168.0.0-192.168.255.255 (192.168/16 prefix)

Question 12

Maximum addressable size in AWS

Answer 12

/16

Question 13

What are the two routes of entry into VPC?

Answer 13

Internet Gateway, Virtual Private Gateway

Question 14

What is the purpose of the Internet Gateway?

Answer 14

Allows you to connect to the Internet

Question 15

What is the purpose of the Virtual Private Gateway?

Answer 15

Allows you to terminate VPN connections

Question 16

What is the purpose of the Router?

Answer 16

It routes traffic based on what is defined in the route tables

Question 17

What is a Public subnet?

Answer 17

Internet-accessible subnet

Question 18

What is a Private subnet?

Answer 18

Not Internet-accessible subnet

Question 19

What do you normally put in public subnets?

Answer 19

Webservers, bastion host

Question 20

What do you normally put in private subnets?

Answer 20

Database servers, application servers

Question 21

Can security groups span subnets or availability zones?

Answer 21

Yes

Question 22

Can network ACLs span subnets or availability zones?

Answer 22

Yes

Question 23

How many subnets per availability zone?

Answer 23

One or more

Question 24

Can route tables span subnets or availability zones?

Answer 24

Yes

Question 25

Can a subnet span multiple availability zones?

Answer 25

No

Question 26

What can you do with a VPC?

Answer 26

1. Launch instances into a subnet of your choosing
2. Assign custom IP address ranges in each subnet
3. Configure route tables between subnets
4. Create internet gateway and attach it to our VPC
5. Much better security control over your AWS resources
6. Instance security groups
7. Subnet network access control lists (ACLs)

Question 27

What does a route table define?

Answer 27

Whether a subnet is public or private

Question 28

How many internet gateways can you have per VPC?

Answer 28

One

Question 29

Example question: if Internet connection is running slow, how can you boost Internet speed?

Answer 29

If one of the answers is “attach another IGW to the VPC,” DON’T PICK THAT ONE!

Question 30

T/F: Security groups are stateful.

Answer 30

True

Question 31

What does “stateful” mean?

Answer 31

If you create a rule allowing traffic in, it automatically allows traffic out.

Question 32

T/F: Network ACLs are stateless.

Answer 32

True

Question 33

What does “stateless” mean?

Answer 33

If you create a rule allowing traffic in, you need to create a rule allowing the traffic back out.

Question 34

Default VPC properties:

Answer 34

1. User friendly, allowing you to immediately deploy instances
2. All subnets in default VPC have a route out to the internet
3. Each EC2 instance has both a public and private IP address
4. Once deleted, you can create a new default VPC directly from the VPC Console or by using the CLI.

Question 35

What does VPC Peering allow you to do?

Answer 35

Allows you to connect one VPC with another via a direct network route using private IP addresses

Question 36

Example: VPC Peering Use Case

Answer 36

Connect: VPC for monitoring services, VPC for Active Directory, Administration VPC, Production VPC, Dev VPC, Test VPC

Question 37

T/F: When VPC Peering, instances behave as if they were on the same private network

Answer 37

True

Question 38

T/F: You can peer VPCs with other AWS accounts as well as with other VPCs in the same account.

Answer 38

True

Question 39

Example: peer VPCs with other accounts use case

Answer 39

Peer VPCs with Dev account, Test account, Production account

Question 40

What is the configuration of VPC Peering?

Answer 40

Star configuration (1 central VPC peers with 4 other VPCs)

Question 41

T/F: Transitive peering is allowed.

Answer 41

False

Question 42

What does a VPC consist of?

Answer 42

1. IGWs (or Virtual Private Gateways)
2. Route Tables
3. Network Access Control Lists
4. Subnets
5. Security Groups

Question 43

What does a non-default VPN consist of default?

Answer 43

1. IGW
2. Routing Table (IPV4)/not IPV6
3. ?

Question 44

Which 5 IP are reserved by default in a VPC?

Answer 44

0. 0/24 Network address
1. 1/24 Reserved by AWS for the VPC Router
2. 2/24 Reserved by AWS for Amazon DNS
3. 3/24 Reserved by AWS for future use
4. 255/24 VPCs don’t support broadcast, so AWS reserves this address