Section 15 - VPC & Networking Flashcards

1
Q

EC2 instance will get (the same static/a new) –public– IP address each time it has been stopped and then has to start again

A

A new IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

EC2 instance will get (the same static/a new) –private– IP address (ie 192.168.x.x) each time it has been stopped and then has to start again

A

will remain static

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What purpose does the elastic IP address serve?
It can grow and shrink to accommodate the number of users
Can only be used for elastic auto scaling
allows you to attach a -fixed- -public- IPv4 address to an EC2 instance
Is the preferred IP address for Mr. Stretch from the Fantastic Four

A

allows you to attach a -fixed- -public- IPv4 address to an EC2 instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When will you incur costs for an elastic IPv4 address? (select two)
1 - if not attached to an EC2 instance
2 - will always incur a cost
3 - if the EC2 instance is stopped
4 - will never incur a cost

A

1 & 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IPv4 has how many addresses?
15,653,178
256
4.3 billion
3.4 x 10 to the 38th addressess

A

4.3 billion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IPv6 has how many addresses?
15,653,178
256
4.3 billion
3.4 x 10 to the 38th addressess

A

3.4 x 10 to the 38th addressess

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or False: You can enable your VPC to utilize IPv6 instead of IPv4.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Every IPv6 address is:
Private
Can be either private or public
Named Fred
Public

A

Public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

VPC is linked to a specific:
Edge location
Local Zone
Region
Availability zone

A

Region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Subnets in a VPC are associated with
Fred
the time of day
a region
an availability zone

A

an availability zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

To define access to the internet and between subnets, we use:
Switch tables
Route tables
Subnet tables
VPC tables

A

route tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In a VPC, by default you (do/do not) have a private subnet

A

do not

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In order for an EC2 instance to access the internet using a public IP address, we need to use:
a gaternet interway
a firewall
a NAT
an internet gateway

A

an internet gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In order for an EC2 instance to access the internet using a public IP address, we need to use:
a gaternet interway
a firewall
a NAT gateway
an internet gateway

A

an internet gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This will allow your instances in your private subnetsto access the internet while remaining private
a gaternet interway
a firewall
a NAT gateway (AWS-managed) / NAT instances (self managed)
an internet gateway

A

a NAT gateway (AWS-managed) / NAT instances (self managed)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When a private subnet is connected to a NAT gateway, what is the NAT gateway then attached to, to then allow traffic to the internet

a freeip freeway
a data bus
an internet gateway
a gatenet freeway

A

an internet gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

NACL operates at which level
Region
Availability zone
subnet
gateway

A

subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The NACL filters traffic in/out of the subnet (after/before) it reaches the EC2 instance

A

before

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

a NACL can have what types of rules?
Red light green light rules
network rules
ALLOW & DENY rules
Rules? We don’t need no stinkin’ rules

A

ALLOW / DENY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A security group can have what kind of rule?
DENY
ALLOW and DENY
FORBID
ALLOW

A

ALLOW

21
Q

NACL rules can only include this
IP addresses
subnet maskes
DHCP names
permissions

A

IP addressess

22
Q

Rules associated with a Security Group can include the following (choose two)
DHCP addresses
IP addresses
other security groups
names of regions

A

IP addressess
other security groups

23
Q

Security group rules are considered to be (stateful/stateless) and NACL rules are considered to be (stateful/stateless)

A

Security group - stateful
NACL - stateless

24
Q

VPC peering (does/does not) support transitive peering

A

does not

25
Q

When creating a VPC peering connection, can you a VPC request a peering connection to a VPC in another account?

A

yes

26
Q

When creating a VPC Peering connection, you must edit the Route Table for
- none of the VPCs
- the Requestor VPC
- the Accepter VPC
- both, the Requester and Accepter VPC

A

both, the Requester and Accepter VPC

27
Q

Creating a VPC Peering connection (just review, no question to answer)

Create VPC Peering connection
– select the Requestor VPC
– select the Accepter VPC
– Accept the Peering request
Add route to Route table for BOTH affected VPCs
Create a Security group to allow inbound traffic

A

n/a

28
Q

where can you find the CIDR block of a VPC

A

go to the VPC service, select the desired VPC and scroll to the right until you see the “CIDR” column

29
Q

1 - Stateful
2 - Stateless

A - return traffic is automatically allowed, regardless of any rules
B - return traffic must be explicitly allowed by rules

A

1A
2B

30
Q

Enables private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies.
VPC peering
Transit Gateway
VPC Endpoints
PrivatePoint

A

VPC Endpoints

31
Q

What are stateless and stateful rule groups?
Network Firewall rule groups are either stateless or stateful. (stateless/stateful) rule groups evaluate packets in isolation, while (stateless/stateful) rule groups evaluate them in the context of their traffic flow.

A

stateless/stateful

32
Q

This is for information only. There is not a question that needs to be answered

89

I went to a movie with my son. During the film, he needed to go to the restroom.

The staff member at the door let him leave the theater and allowed him to re-enter afterwards. This is an example of a stateful request – he went out and was allowed back in. However, somebody who simply tried to get into the theater would be rejected.

Similarly, your computer at home is connected to a router. The router protects it from the evils of the Internet. Traffic can’t come through your router to your computer. However, if you make a request to go to a website, that request goes out of your router and the response is allowed back in because it is stateful. That is, the router remembers that you made the request to that website and it permits the response to come back to your computer.

A

n/a

33
Q

Capture IP traffic going into your interface
Traffic Capture
TrafMon
VPC Flow logs
Traffic Monitor

A

VPC flow logs

34
Q

Type of flow logs created by VPC Flow logs (choose three)
Regional flow logs
VPC flow logs
subnet flow logs
endpoint flow logs
elastic network interface flow logs

A

vpc flow logs
subnet flow logs
elastic network interface flow logs

35
Q

VPC flow logs can go to (choose three)
S3
EBS store
Cloud Watch logs
Kinesis Data Firehose
EFS

A

S3
Cloud Watch logs
Kinesis Data firehose

36
Q

This is an example of a transitive connection. Are VPC Peering connections transitive?

1 - VPC A is connected to VPC B. VPC B is connected to VPC C. Therefore VPC A is also connected to VPC C.

2 - 1 - VPC A is connected to VPC B. VPC B is connected to VPC C. VPC A is not connected to VPC C.

A

1

No.

37
Q

Allows you to connect to AWS Services using a private network instead of the public www network
PrivatePoint
Private Lane
endpoint
Fast Lane

A

endpoint

38
Q

Two benefits are endpoints

It’s what the cool kids are doing
lower latency
more secure
it’s ends are points

A

lower latency
more secure

39
Q

If you want to connect your S3 with a DynamoDB using the AWS private network, use this.
NAT Gateway
Internet Gateway
Black Hole
VPC Endpoint Gateway

A

VPN Endpoint Gateway

40
Q

A VPC Endpoint Gateway works to connect only these two services
S3
DynamoDB
RDS
EBS
EFS

A

S3, DynamoDB

41
Q

If you want to connect an service other than S3 or DynamoDB using the private AWS network instead of public WWW traffic, use this
VPC Endpoint Gateway
VPC Endpoint Interface
VPC Endgate Interface
VPC Edgepoint Gateway

A

VPC Endpoint interface

42
Q

A scalable method that allows you to share an application across other VPCs of other accounts (from AWS customers) using only private network, not public WWW
AWS PrivateLink (VPC Endpoint Services)
AWS FastTrack
AWS DirectAccess
AWS Zippy

A

AWS PrivateLink (VPC Endpoint services)

43
Q

Two options for to establish a connection between your on-prem and AWS VPC
Site to Site VPN
Direct Connect
AWS Connect VPN
Direct VPN Site

A

Site to Site VPN
Direct Connect

44
Q
  1. Site to Site VPN
  2. Direct Connect (DX)

A. establish physical connection between on-prem and AWS, connection is private, secure, and fast, take at least a month to establish
B. connection is automatically encrypted, goes over the public internet, less secure

A

1B
2A

45
Q

For a site to site VPN, these two components must be established first and then connected via a Site-to-Site VPN (choose two)
AWS - Virtual Private Gateway
AWS - Customer Gateway
On-prem - Customer Gateway
On-prem - Virtual Private Gateway

A

AWS Virtual Private Gateway
On-Prem - customer gateway

46
Q

Allows your computer to connect to a private VPC and through that, to your organization’s on-prem org if a site-to-site VPN connection exists as well
AWS Client to Site VPN
AWS Client VPN (Open VPN)
AWS Site4Client
AWS ConnectGo

A

AWS Client VPN (Open VPN)

47
Q

A ways to connect hundreds of thousands of VPCs together along with on-prem infrastructure
TransitStation
Connect4andMore
Transit Gateway

A

transit gateway

48
Q

VPC Peering will not work if you have this
More than three VPCs
A VPC on the darkside
IP freely
IP ranges that are overlapping

A

ip ranges that are overlapping