Section 15 - VPC & Networking

Question 1

EC2 instance will get (the same static/a new) –public– IP address each time it has been stopped and then has to start again

Answer 1

A new IP address

Question 2

EC2 instance will get (the same static/a new) –private– IP address (ie 192.168.x.x) each time it has been stopped and then has to start again

Answer 2

will remain static

Question 3

What purpose does the elastic IP address serve?
It can grow and shrink to accommodate the number of users
Can only be used for elastic auto scaling
allows you to attach a -fixed- -public- IPv4 address to an EC2 instance
Is the preferred IP address for Mr. Stretch from the Fantastic Four

Answer 3

allows you to attach a -fixed- -public- IPv4 address to an EC2 instance

Question 4

When will you incur costs for an elastic IPv4 address? (select two)
1 - if not attached to an EC2 instance
2 - will always incur a cost
3 - if the EC2 instance is stopped
4 - will never incur a cost

Answer 4

1 & 3

Question 5

IPv4 has how many addresses?
15,653,178
256
4.3 billion
3.4 x 10 to the 38th addressess

Answer 5

4.3 billion

Question 6

IPv6 has how many addresses?
15,653,178
256
4.3 billion
3.4 x 10 to the 38th addressess

Answer 6

3.4 x 10 to the 38th addressess

Question 7

True or False: You can enable your VPC to utilize IPv6 instead of IPv4.

Answer 7

True

Question 8

Every IPv6 address is:
Private
Can be either private or public
Named Fred
Public

Answer 8

Public

Question 9

VPC is linked to a specific:
Edge location
Local Zone
Region
Availability zone

Answer 9

Region

Question 10

Subnets in a VPC are associated with
Fred
the time of day
a region
an availability zone

Answer 10

an availability zone

Question 11

To define access to the internet and between subnets, we use:
Switch tables
Route tables
Subnet tables
VPC tables

Answer 11

route tables

Question 12

In a VPC, by default you (do/do not) have a private subnet

Answer 12

do not

Question 13

In order for an EC2 instance to access the internet using a public IP address, we need to use:
a gaternet interway
a firewall
a NAT
an internet gateway

Answer 13

an internet gateway

Question 14

In order for an EC2 instance to access the internet using a public IP address, we need to use:
a gaternet interway
a firewall
a NAT gateway
an internet gateway

Answer 14

an internet gateway

Question 15

This will allow your instances in your private subnetsto access the internet while remaining private
a gaternet interway
a firewall
a NAT gateway (AWS-managed) / NAT instances (self managed)
an internet gateway

Answer 15

a NAT gateway (AWS-managed) / NAT instances (self managed)

Question 16

When a private subnet is connected to a NAT gateway, what is the NAT gateway then attached to, to then allow traffic to the internet

a freeip freeway
a data bus
an internet gateway
a gatenet freeway

Answer 16

an internet gateway

Question 17

NACL operates at which level
Region
Availability zone
subnet
gateway

Answer 17

subnet

Question 18

The NACL filters traffic in/out of the subnet (after/before) it reaches the EC2 instance

Answer 18

before

Question 19

a NACL can have what types of rules?
Red light green light rules
network rules
ALLOW & DENY rules
Rules? We don’t need no stinkin’ rules

Answer 19

ALLOW / DENY

Question 20

A security group can have what kind of rule?
DENY
ALLOW and DENY
FORBID
ALLOW

Answer 20

ALLOW

Question 21

NACL rules can only include this
IP addresses
subnet maskes
DHCP names
permissions

Answer 21

IP addressess

Question 22

Rules associated with a Security Group can include the following (choose two)
DHCP addresses
IP addresses
other security groups
names of regions

Answer 22

IP addressess
other security groups

Question 23

Security group rules are considered to be (stateful/stateless) and NACL rules are considered to be (stateful/stateless)

Answer 23

Security group - stateful
NACL - stateless

Question 24

VPC peering (does/does not) support transitive peering

Answer 24

does not

Question 25

When creating a VPC peering connection, can you a VPC request a peering connection to a VPC in another account?

Answer 25

yes

Question 26

When creating a VPC Peering connection, you must edit the Route Table for
- none of the VPCs
- the Requestor VPC
- the Accepter VPC
- both, the Requester and Accepter VPC

Answer 26

both, the Requester and Accepter VPC

Question 27

Creating a VPC Peering connection (just review, no question to answer)

Create VPC Peering connection
– select the Requestor VPC
– select the Accepter VPC
– Accept the Peering request
Add route to Route table for BOTH affected VPCs
Create a Security group to allow inbound traffic

Answer 27

n/a

Question 28

where can you find the CIDR block of a VPC

Answer 28

go to the VPC service, select the desired VPC and scroll to the right until you see the “CIDR” column

Question 29

1 - Stateful
2 - Stateless

A - return traffic is automatically allowed, regardless of any rules
B - return traffic must be explicitly allowed by rules

Answer 29

1A
2B

Question 30

Enables private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies.
VPC peering
Transit Gateway
VPC Endpoints
PrivatePoint

Answer 30

VPC Endpoints

Question 31

What are stateless and stateful rule groups?
Network Firewall rule groups are either stateless or stateful. (stateless/stateful) rule groups evaluate packets in isolation, while (stateless/stateful) rule groups evaluate them in the context of their traffic flow.

Answer 31

stateless/stateful

Question 32

This is for information only. There is not a question that needs to be answered

89

I went to a movie with my son. During the film, he needed to go to the restroom.

The staff member at the door let him leave the theater and allowed him to re-enter afterwards. This is an example of a stateful request – he went out and was allowed back in. However, somebody who simply tried to get into the theater would be rejected.

Similarly, your computer at home is connected to a router. The router protects it from the evils of the Internet. Traffic can’t come through your router to your computer. However, if you make a request to go to a website, that request goes out of your router and the response is allowed back in because it is stateful. That is, the router remembers that you made the request to that website and it permits the response to come back to your computer.

Answer 32

n/a

Question 33

Capture IP traffic going into your interface
Traffic Capture
TrafMon
VPC Flow logs
Traffic Monitor

Answer 33

VPC flow logs

Question 34

Type of flow logs created by VPC Flow logs (choose three)
Regional flow logs
VPC flow logs
subnet flow logs
endpoint flow logs
elastic network interface flow logs

Answer 34

vpc flow logs
subnet flow logs
elastic network interface flow logs

Question 35

VPC flow logs can go to (choose three)
S3
EBS store
Cloud Watch logs
Kinesis Data Firehose
EFS

Answer 35

S3
Cloud Watch logs
Kinesis Data firehose

Question 36

This is an example of a transitive connection. Are VPC Peering connections transitive?

1 - VPC A is connected to VPC B. VPC B is connected to VPC C. Therefore VPC A is also connected to VPC C.

2 - 1 - VPC A is connected to VPC B. VPC B is connected to VPC C. VPC A is not connected to VPC C.

Answer 36

1

No.

Question 37

Allows you to connect to AWS Services using a private network instead of the public www network
PrivatePoint
Private Lane
endpoint
Fast Lane

Answer 37

endpoint

Question 38

Two benefits are endpoints

It’s what the cool kids are doing
lower latency
more secure
it’s ends are points

Answer 38

lower latency
more secure

Question 39

If you want to connect your S3 with a DynamoDB using the AWS private network, use this.
NAT Gateway
Internet Gateway
Black Hole
VPC Endpoint Gateway

Answer 39

VPN Endpoint Gateway

Question 40

A VPC Endpoint Gateway works to connect only these two services
S3
DynamoDB
RDS
EBS
EFS

Answer 40

S3, DynamoDB

Question 41

If you want to connect an service other than S3 or DynamoDB using the private AWS network instead of public WWW traffic, use this
VPC Endpoint Gateway
VPC Endpoint Interface
VPC Endgate Interface
VPC Edgepoint Gateway

Answer 41

VPC Endpoint interface

Question 42

A scalable method that allows you to share an application across other VPCs of other accounts (from AWS customers) using only private network, not public WWW
AWS PrivateLink (VPC Endpoint Services)
AWS FastTrack
AWS DirectAccess
AWS Zippy

Answer 42

AWS PrivateLink (VPC Endpoint services)

Question 43

Two options for to establish a connection between your on-prem and AWS VPC
Site to Site VPN
Direct Connect
AWS Connect VPN
Direct VPN Site

Answer 43

Site to Site VPN
Direct Connect

Question 44

1. Site to Site VPN
2. Direct Connect (DX)

A. establish physical connection between on-prem and AWS, connection is private, secure, and fast, take at least a month to establish
B. connection is automatically encrypted, goes over the public internet, less secure

Answer 44

1B
2A

Question 45

For a site to site VPN, these two components must be established first and then connected via a Site-to-Site VPN (choose two)
AWS - Virtual Private Gateway
AWS - Customer Gateway
On-prem - Customer Gateway
On-prem - Virtual Private Gateway

Answer 45

AWS Virtual Private Gateway
On-Prem - customer gateway

Question 46

Allows your computer to connect to a private VPC and through that, to your organization’s on-prem org if a site-to-site VPN connection exists as well
AWS Client to Site VPN
AWS Client VPN (Open VPN)
AWS Site4Client
AWS ConnectGo

Answer 46

AWS Client VPN (Open VPN)

Question 47

A ways to connect hundreds of thousands of VPCs together along with on-prem infrastructure
TransitStation
Connect4andMore
Transit Gateway

Answer 47

transit gateway

Question 48

VPC Peering will not work if you have this
More than three VPCs
A VPC on the darkside
IP freely
IP ranges that are overlapping

Answer 48

ip ranges that are overlapping