Networking Services Flashcards

1
Q

What is a public subnet?

A

A subnet with a default route to an internet gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How are AZs, subnets, VPCs, and instances related to each other?

A

EC2 instance > subnet > AZ > VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a security group?

A

A firewall that determines what network traffic can pass into and out of an instance

Each instance must have at least one security group attached.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an internet gateway?

A

A VPC resource that allows EC2 instances to obtain a public IP address and access the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the defaults for security groups?

A

They DON’T contain INBOUND rules, so that no unsolicited traffic can reach the instance. They DO contain one OUTBOUND rule that allows access to any IP address.

Security groups can only permit access and not deny it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a NACL?

A

A network access control list that provides security at the subnet level (as opposed to a security group which provides security at the instance level). Basically, it prevents traffic from entering or exiting a subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the defaults for NACLs?

A

A NACL consists of inbound and outbound rules that, by default, allow all traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is VPC peering?

A

It allows resources in different VPCs to communicate with each other over the private AWS network instead of the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do you configure a VPN?

A

Create a virtual private gateway and attach it to your VPC, then configure your customer gateway (i.e. a router or firewall) to connect to the private gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some pros/cons of Direct Connect?

A
  • It provides network connectivity to your VPC and services such as S3
  • it doesn’t provide internet access
  • links are offered through APN partners
  • the link operates at 1 or 10 Gbps
  • it’s a good option for fast, consistent connectivity to AWS
  • it’s expensive
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does CloudFront do?

A

It sends users to the edge location that will give them the best performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What kinds of networks can VPCs connect to?

A
  • the internet via an internet gateway
  • external, private networks via Direct Connect or a virtual private network (VPN)
  • other VPCs using VPC peering
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a private hosted zone (in relation to Route 53)?

A

A private hosted zone allows resolution only from resources within the associated VPCs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the two services that Route 53 provides?

A
  • DNS hosting

- register your TLDs (top level domain names)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the various Route 53 policies?

A

Failover, Weighted, and Multivalue Answer will direct traffic to any available resource.

Latency is good for performance.

Geolocation is good for directing users to a specific location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Does CloudFront enable dynamic caching?

A

YES