Networking Flashcards
How are NACL rules evaluated? Ex:
100 All Traffic Allow
200 All Traffic Deny
* All Traffic Deny
NACL rules are evaluated by rule number from lowest to highest and executed immediately when a matching rule is found.
In this case All Traffic would be allowed
Can you update the default NACL?
Yes
You can both add and remove rules
Max # of security groups you can attach to 1 instance
5
Can you delete the default security group?
No
But you can change the rules
Using Route 53, which record type at the zone apex will you use to point the DNS name of the Application Load Balancer?
A and AAAA
What can you attach to VPC to only allow outbound connections of IPv6 between the instance and the internet but should prevent the internet from initiating an inbound IPv6 connection?
egress-only internet gateway
A managed service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (VPCs) traffic flows, like tracking connections and protocol identification, to enforce policies such as preventing your VPCs from accessing domains using an unauthorized protocol.
AWS Network Firewall
What needs to be configured outside of the VPC for them to have a successful site-to-site VPN connection?
- Create Customer Gateway (on customer network)
- Internet-routable IP address (static) of the customer gateway’s external interface.
- Virtual Private Gateway
How to create private access (not traversing public internet) to DynamoDB
Create a Gateway Endpoint and associate endpoint with correct route table
What AWS Services support Gateway Enpoints
DynamoDB
S3
Can you create an IPV6 subnet?
Yes and No
All subnets are IPv4 on creation, so would have to create an IPv4 subnet and then you can optionally assign IPv6 block to VPC and subnets
What is a bias in Route 53 geoproximity routing?
A bias expands or shrinks the size of the geographic region from which traffic is routed to a resource.
Max number of EFA you can attach to an instance
1
Does Direct Connect support VPC Peering Connection?
FALSE
When using VPC Peering, how can you connect each VPC to your local data center?
You have to attach your AWS VPN to each of the VPC’s individually
What resources can be connected to a Transit Gateway?
1+ VPC
1+ VPN connections
1+ Direct Connection gateways
1+ transit peering connections
Note if you have VPCs in different regions, you will need to create a Transit Gateway in each region and connect the Transit Gateways with transit peering connections.
If you need to upgrade the EC2 instance type (EC2 launched with Launch Configuration and connected to Autoscaling group) what steps can you do to change instance type easily?
Update New Launch Configuration with new instance type
Update Autoscaling group
Can Launch Configurations be changed after creation?
No
Should you use Launch Configuration or Launch template if you need versioning?
Launch Template
How to allow a private subnet to access the internet?
Create a NAT Gateway in a public subnet
Add Route to it in the private subnet
