Networking Flashcards
Q: Which solution will meet the requirement of allowing Amazon EC2 instances in a private subnet to access an Amazon S3 bucket without using the public internet?
A: Create a gateway VPC endpoint for Amazon S3. Configure the route table for the private subnet to use the gateway endpoint as the route for all S3 traffic.
Q: How should a solutions architect design a secure network architecture to allow communication between two VPCs in different AWS accounts?
A: Set up a VPC peering connection between the VPCs. Update the route tables of each VPC to use the VPC peering connection for inter-VPC communication.
Q: What should a solutions architect do to enable secure communication between an on-premises data center and resources in a VPC without exposing the on-premises network to the public internet?
A: Configure an AWS Direct Connect connection from the on-premises data center to the VPC.
Q: How should a solutions architect design a highly available and fault-tolerant network architecture for an application that requires internet access from instances in private subnets?
A: Deploy a NAT gateway in a public subnet. Modify the route table for the private subnets to use the NAT gateway as the default route for internet access.
Q: What should a solutions architect do to allow an Amazon EC2 instance in a private subnet to access an on-premises database securely without using the public internet?
A: Configure a VPC peering connection between the VPC and the on-premises network. Update the route tables accordingly to enable the private subnet access.
Q: How should a solutions architect design a network architecture to connect multiple VPCs across AWS Regions in the most operationally efficient way?
A: Use AWS Transit Gateway to manage VPC communication in a single Region and enable Transit Gateway peering across Regions.
Q: What should a solutions architect do to ensure that network traffic between Amazon EC2 instances in a VPC and an external application does not traverse the public internet?
A: Create a VPC endpoint for the external service and update the route tables to route the traffic through the VPC endpoint.