Section 27: Networking and VPC

Question 1

What does CIDR stand for?

Answer 1

CIDR = Classless Inter-Domain Routing

Question 2

What is CIDR?

Answer 2

CIDR is a method for allocating IP addresses

Question 3

What are the two components of a CIDR?

Answer 3

1) Base IP
2) Subnet mask

Question 4

What does a Subnet Mask do?

Answer 4

A subnet mask defines how many bits can change in the IP (like /0, /24/ /32)

Question 5

What is a Base IP

Answer 5

A Base IP = IP contained in the range of (xx.xx.xx.xx), for example 10.0.0.0

Question 6

What is a subnet?

Answer 6

A subnet is a range of IP addresses in your VPC.

Question 7

What is the point of VPC Subnets?

Answer 7

You launch AWS resources into subnets

Question 8

Can subnets connect to the internet?

Answer 8

Yes, a subnet can connect to the internet (and thus all the resources in that subnet), without connecting the VPC to the internet

Question 9

How do you route traffic to and from subnets?

Answer 9

Using route tables

Question 10

What are the 5 reserved IP addresses in each subnet?

Answer 10

The first 4 and last 1 IP address in each subnet is reserved by AWS

Question 11

What number do subnet sizes start at?

Answer 11

they start at 32. For example: 10.0.0.0/32

Question 12

What is a Bastion Host

Answer 12

Special purpose computer on a network, designed to withstand attacks by connecting a private subnet to the internet

Question 13

Bastion host architecture: describe the main architectural pattern

Answer 13

EC2 instance (Bastion Host) sits in public subnet, receives user traffic, and then talks to EC2s in the private subnet

Question 14

Important for the exam: What is the only port number for the Bastion Host traffic

Answer 14

Port 22

Question 15

Can VPCs be public?

Answer 15

No, VPCs are private resources

Question 16

How many addresses does subnet size of /26 get you?

Answer 16

64 - 5 = 59, (keep in mind it starts at /32, which is equal to 1 IP)

Question 17

What is the purpose of Internet Gateway (IGW)?

Answer 17

Internet Gateway allows resources in a VPC to connect to the internet

Question 18

You are trying to connect a VPC to the internet with an Internet gateway. What else do you need to do?

Answer 18

Route tables must also be edited, as internet gateways do not allow internet access on their own

Question 19

How many VPCs can be attached to an internet gateway?

Answer 19

Just one. And vice versa

Question 20

What does a NAT gateway do?

Answer 20

Allows a private subnet to access the internet

Question 21

Do NAT gateways need static or elastic IPs?

Answer 21

NAT Gateways need to be assigned Elastic IPs

Question 22

What happens if resources in multiple AZs share a NAT gateway, and the gateway goes down?

Answer 22

All the resources lose internet access

Question 23

If you have resources in multiple AZs, all in private subnets, how should you configure your NAT gateways?

Answer 23

Every AZ should have its own NAT gateway, and resources should have routing configured to the gateway in their AZ

Question 24

Do NAT connections enable inbound and outbound connection?

Answer 24

No, they only enable outbound connection. Your devices can outbound connect with the internet, but receive nothing inbound.

Question 25

What does NACL stand for?

Answer 25

Network Access Control List (network ACL)

Question 26

What are NACLs?

Answer 26

They are akin to firewalls that control traffic to and from subnets

Question 27

How many NACLs per subnet?

Answer 27

one

Question 28

How are rule precedents determined in NACL rules?

Answer 28

Lower the number, higher the rule precedent

Question 29

How does AWS recommend adding NACL rules?

Answer 29

in increments of 100

Question 30

How do default NACLs treat inbound / outbound traffic?

Answer 30

Default NACLs allow all inbound and outbound traffic

Question 31

Should you modify the default NACL?

Answer 31

NO. Do not modify the default NACL, just create new ones.

Question 32

What are Ephemeral Ports?

Answer 32

Short lived ports that are used on the server-end of communication

Question 33

What is the purpose of Ephemeral Ports?

Answer 33

Ephemeral ports allow continued communication with a client that initially connected using another port on the server

Question 34

What does NAT stand for?

Answer 34

Network Address Translation

Question 35

What is VPC peering?

Answer 35

Creating a private network connection between two VPCs. Makes them behave as if they were in the same network

Question 36

Can you peer VPCs with overlapping CIDR blocks?

Answer 36

No, you cannot.

Question 37

Can you peer VPCs transitively?

Answer 37

NO. Peering has to be from one VPC to another. VPC A cannot peer with VPC B and then be magically peered with VPCs C, D, E etc.

Question 38

What do you need to update in recently peered VPCs?

Answer 38

Route tables