Networking

Question 1

What does CIDR stand for?

Answer 1

Classless Inter-Domain Routing

Question 2

What does a /32 in a CIDR range represent? (198.123.0.0/32)

Answer 2

A single IP address

Question 3

What does a /0 in a CIDR range represent? (0.0.0.0/0)

Answer 3

All IPs

Question 4

What are the 2 components of a CIDR?

Answer 4

• A base IP xx.xx.xx

- A subnet mask /26

Question 5

What are the 9 steps to create a VPC?

Answer 5

Create VPC
Create subnets
Add Internet Gateway
Attach Internet Gateway to VPC
Create new Route Table
Add new route for internet access
Update Subnet Association
Auto Assign IP addresses
Launch instances

Question 6

How do you calculate the total number of IP addresses of a given CIDR Block

Answer 6

Subtract the mask number from 32, then raise 2 to the power of the result:
/27 = 32 - 27 = 5
2^5 = 32

Question 7

What does IANA stand for?

Answer 7

Internet Assigned Numbers Authority

Question 8

What are the 3 kinds of private IPs you can have?

Answer 8

• 10.0.0.0 for big networks
• 172.16.0.0 for default AWS
• 192.0.0.0 for home networks

Question 9

If you need 29 IP addresses, what Subnet/CIDR range do you choose?

Answer 9

/26 as this is 2^6 = 64 because AWS reserves 5 IPs

Question 10

How many Internet Gateways per VPC can you have?

Answer 10

1

Question 11

What are 4 basic steps to set up a Nat Instance?

Answer 11

• Must be launched in a public subnet
• Must disable EC2 Source / Destination check
• Must have an Elastic IP attached to it
• Route table must be configured to route traffic from private subnet to Nat Instance

Question 12

Given a choice between a Nat Instance and a Nat Gateway, which would you choose?

Answer 12

Nat Gateway

Question 13

For DNS Resolution in VPC, what does the enableDnsSupport setting do?

Answer 13

Helps decide if DNS resolution is supported for the VPC

Question 14

For DNS Resolution in VPC, what does the enableDnsHostName setting do?

Answer 14

Assigns a public hostname to the instance if enableDnsSupport is true and if it has a public IP

Question 15

At what level do security groups operate at?

Answer 15

Instance level

Question 16

At what level do ACLs operate at?

Answer 16

subnet level

Question 17

What is the default setting for the default Network ACL?

Answer 17

Allows all inbound/outbound traffic

Question 18

What is the default setting for a custom Network ACL?

Answer 18

All inbound/outbound traffic is denied

Question 19

Can Network ACLs span AZs?

Answer 19

Yes

Question 20

What does a security group do?

Answer 20

Defines what protocols are allowed communicate with the resources behind it

Question 21

How many subnets in an availability zone

Answer 21

One subnet per AZ

Question 22

What is a subnet?

Answer 22

A CIDR address range - equates to one availability zone

Question 23

What are 3 acceptable sources for a security group?

Answer 23

Specific IP
CIDR block
Another Security Group id

Question 24

How are security group rules evaluated?

Answer 24

All rules are evaluated before deciding what traffic to allow.

Question 25

How are NACL rules evaluated?

Answer 25

Rules are processed in number order when deciding what traffic to allow.

Question 26

What is VPC peering?

Answer 26

Allows you to connect VPCs using private IPs

Question 27

What conditions apply to use VPC peering?

Answer 27

No matching CIDR block Must be in same region No transitive peering

Question 28

How many VPCs per region can you have?

Answer 28

5

Question 29

What is a VPC endpoint?

Answer 29

Allows you to connect to AWS services in a private network instead of using Internet

Question 30

What is an ENI?

Answer 30

Private IP address

Question 31

If you have VPC issues, what 2 things should you check?

Answer 31

- Check DNS resolution setting in VPC | - Check Route Table

Question 32

What 2 services use Gateway VPC Endpoints?

Answer 32

- S3 | - DynamoDB

Question 33

What type of VPC endpoint does most services use?

Answer 33

Interface VPC Endpoint

Question 34

What 2 things should you do if you want to enable Private DNS Name for an Interface VPC Endpoint?

Answer 34

- EnableDnsHostnames | - EnableDnsSupport

Question 35

How do you analyze VPC flow logs?

Answer 35

Athena