Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Gaukhar > Networking > Flashcards

Networking Flashcards

1
Q

VPC endpoints

A

Interface Endpoint is an ENI (think network card) within your VPC. It uses DNS record to direct your traffic to the private IP address of the interface. Gateway Endpoint uses route prefix in your route table to direct traffic meant for S3 or DynamoDB to the Gateway Endpoint (think 0.0.0.0/0 -> igw).

So to secure your Interface Endpoint, use Security Groups. But to secure Gateway Endpoint, use VPC Endpoint Policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

LAG

A

Is just a logical interface that uses the Link Aggregation Control Protocol (LACP) to aggregate multiple connections at a single AWS Direct Connect endpoint, allowing you to treat them as a single, managed connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

AWS Transit Gateway

A

Best suited to customers who want to leverage AWS-provided, automated high availability network connectivity features and also optimize their investments in third-party product licensing such as VPN software

  • Regional resource, can work cross-region
  • Share cross-account using Resource Access Manager (RAM)
  • You can peer Transit Gateways across regions
  • RouteTables:limitwhichVPCcantalkwithotherVPC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

VPC Peering

A
  • VPC peering can work inter-region, cross-account
  • You can reference a security group of a peeredVPC (works cross account)

You must update route tables in each VPC’s subnets to ensure instances can communicate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AWS PrivateLink

A
  • Most secure & scalable way to expose a service to 1000s ofVPC (own or other accounts)
  • Does not require VPC peering, internet gateway, NAT, route tables…
  • Requires a network load balancer (Service VPC) and ENI (Customer VPC)
  • If the NLB is in multiple AZ, and the ENI in multiple AZ, the solution is fault tolerant!
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Site to Site VPN and Internet Access

A
  • NOT OKAY (blocked by NAT Gateway restrictions)
  • OKAY (self managed NAT Instance – more control)
  • OKAY (alternative to NAT Instances / Gateway)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AWS VPN CloudHub

A
  • Can connect up to 10 Customer Gateway for eachVirtual Private Gateway (VGW)
  • Low cost hub-and-spoke model for primary or secondary network connectivity between locations
  • Provide secure communication between sites, if you have multiple VPN connections
  • It’s a VPN connection so it goes over the public internet
  • Can be a failover connection between your on-premise locations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AWS Client VPN

A

• Connect from your computer using OpenVPN to your private network in AWS and on-premise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ECS scalability

A

Your Amazon ECS service can optionally be configured to use Service Auto Scaling to adjust its desired count up or down in response to CloudWatch alarms. Service Auto Scaling leverages the Application Auto Scaling service to provide this functionality. Service Auto Scaling is available in all regions that support Amazon ECS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Gaukhar (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions