Section 21: Networking - VPC Flashcards
What does this CIDR correspond to? 10.0.4.0/28 A) 10.0.4.0 to 10.0.4.15 B) 10.0.4.0 to 10.0.32.0 C) 10.0.4.0. to 10.0.4.28 D) 10.0.0.0 to 10.0.16.0
A) 10.0.4.0 to 10.0.4.15
/28 means 16 IPs (=2^(32-28) = 2^4), means only the last digit can change.
You have a corporate network of size 10.0.0.0/8 and a satellite office of size 192.168.0.0/16. Which CIDR is acceptable for your AWS VPC if you plan on connecting your networks later on? A) 172.16.0.0/12 B) 172.16.0.0/16 C)10.0.16.0/16 D)192.168.4.0/18
B) 172.16.0.0/16
CIDR not should overlap, and the max CIDR size in AWS is /16
You plan on creating a subnet and want it to have at least capacity for 28 EC2 instances. What's the minimum size you need to have for your subnet? A) /28 B) /27 C) /26 D) /25
C) /26
perfect size (64 IP)
You have set up an internet gateway in your VPC, but your EC2 instances still don’t have access to the internet. What is NOT a possible issue?
A) Route Tables are missing entries
B) The security group does not allow network in
C) The NACL does not allow network traffic out
B) The security group does not allow network in
security groups are stateful and if traffic can go out, then it can go back in
You would like to provide internet access to your instances in private subnets with IPv4, while making sure this solution requires the least amount of administration and scales seamlessly. What should you use?
A) NAT Instances with Source/Destination Chck flag off
B) NAT Gateway
C) Egress Only Internet Gateway
B) NAT Gateway
VPC Peering has been enabled between VPC A and VPC B, and the route tables have been updated for VPC A. Still, your instances cannot communicate. What is the likely issue? A) Check the NACL B) Check the route tables in VPC B C) Check teh instance security groups D) Check if DNS Resolution is enabled
B) Check the route tables in VPC B
Route tables must be updated in both VPC that are peered
You have set-up a direct connection between your Corporate Data Center and your VPC A. You need to access VPC B in another region from your Corporate Data Center as well. What should you do? A) Enable VPC Peering B) Use a Direct Connect Gateway C) Use a Direct Connect D) Sestup a NAT Gateway
B) Use a Direct Connect Gateway
This is the main use case of Direct Connect Gateways
Which are the only two services that have a Gateway Endpoint instead of an Interface Endpoint as a VPC endpoint?
A) Amazon S3 and Amazon SQS
B) Amazon S3 and DynamoDB
C) Amazon SQS and DynamoDB
B) Amazon S3 and DynamoDB
these two services have a Gateway endpoint (remember it), all the other ones have an interface endpoint (powered by Private Link - means a private IP)
Your company has created a REST API that it will sell to hundreds of customers as a SaaS. Your customers are on AWS and are using their own VPC. You would like to allow your customers to access your SaaS without going through the public internet while ensuring your infrastructure is not left exposed to network attacks. What do you recommend? A) Create a VPC Endpoint B) Createa a VCP peering connection C) Create a PrivateLink D) Createa a ClassicLink
C) Create a PrivateLink
Your company has several on-premise sites across the USA. These sites are currently linked using a private connection, but your private connection provider has been recently quite unstable, making your IT architecture partially offline. You would like to create a backup connection that will use the public internet to link your on-premise sites, that you can failover in case of issues with your provider. What do you recommend? A) Site-to-Site VPN B) Direct Connect C) VPN CloudHub D) PrivateLink
C) VPN CloudHub