NS6 AWS FORTINET

Question 1

ENI

Answer 1

Virtual network interface, elastic network interface

Question 2

Public subnet

Answer 2

Internet gateway connected
Doesn’t mean public addressing within the subnet

Question 3

Private subnet

Answer 3

Internal subnet without an Internet GW
They follow the affording space defined on the VPC

Question 4

Reserved IP addresses

Answer 4

Fist IP address X.x.x.1 Intrinsic Router
Second IP address X.X.X.2 AWS DNS
Third address X.X.X.3. Reserved for future

Question 5

Intrinsic router

Answer 5

Service in hypervisor
All subnets are connected to a intrinsic router that resides a VPC level

The default Gw or intrinsic router is always the first IP address of the subnet.

Question 6

Internet Gateway

Answer 6

Allow communication between instances in your VPC an the internet, It is a redundant.

Question 7

Two purposes of INTERNET GW

Answer 7

Provides a target in you VPC route tables for internet - routable traffic

Performs NAT for instances that have been assigned public IPv4

Question 8

What do you need to enable communication over the internet and your instance

Answer 8

A IPv4 address or an Elastic IP that’s associated with a private UPv4 address on your instance

Question 9

Routing table

Answer 9

By default, subnets are associate with a main routing table.

You can create more Routing tables and explicitly associate then with subnets

EC2 instances always use the intrinsic router as the default GW, but they are then redirected to each gateway defined in the routing table.

Question 10

AWS NAT Gateway

Answer 10

Allows instances in a private subnet to connect to the internet or other services without using NAT instance.

Main routing table sends internet traffic from the private subnet instance to the NAT GW.

NAT GW sends traffic to the IGW using the source IP address of the elastic IP address.

Question 11

EIP

Answer 11

It is a static address, public IPv4.
You can associate with any instance or network interface.

Question 12

Route 53

Answer 12

AWS DNS service, for public and private.
You can buy or transfer domains in it.
Implicit DDoS protection.

Question 13

VPC peering

Answer 13

It is a networking connection between two VPCs, enables you to route traffic between them using private addresses.

The VPCs can be in different regions.
It is a one to one relationship between two VPCs.

Question 14

Transit VPC

Answer 14

It is a reference architecture that you can use multiple products to achieve.

Good solution to reduce the complexity of the VPC peering but huge administrative work in central VPC.

Question 15

VPC peering complexity

Answer 15

In order to achieve full mesh connectivity between VPCs you will need to connect each one to each one.

Question 16

AWS TRANSIT GW

Answer 16

Solves most of the problems introduces by VPC peering, transit gateway is similar to transit VPC hub and spoke technology.

You can create multiple transit GW route tables inside transit GW for better traffic control.

It support multicast

Question 17

Transit gateway connect

Answer 17

Provides a way to connect customer SD-WAN infrastructure with AWS.

Transit GW connect extends SD-WAN into AWS without the need to set up IPSEC VPNs between SD-WAN networks device and transit GW.

Supports BGP

Question 18

SG SECURITY GROUP

Answer 18

a SG acts as a virtual firewall. SGs are associate with network interfaces. SGs allow all outbound traffic.

Question 19

Network Access Lists NACL

Answer 19

It is an optional layer of security for your VPC that acts as a FW for controlling traffic in and out of one or more subnets. Each custom NACL denies all inbound and outbound traffic until you add rules.

Question 20

VPC flow logs

Answer 20

It is a feature that enables you to capture information about the IP traffic going to and from network interface in your VPC. Flow log data is published to a log group in cloud watch logs.

Question 21

Amazon GuardDuty

Answer 21

It is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS account and workloads

Monitors for activity such as unusual API calls.

It uses machine learning, anomaly detection, and integrated threat intelligence.

Question 22

AWS WAF

Answer 22

web application firewall monitors the http and https requests that are forwarded to Amazon cloudfront or an application load balancer.