Security Group

Question 1

What types of rules can be created?

Answer 1

Allow-based

Question 2

Default settings for new security group

Answer 2

Do not allow any inbound traffic while still allowing all types of outbound traffic to pass through

Question 3

What does it mean when we say security groups are stateful?

Answer 3

If you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound rules
Responses to allowed inbound traffic are allowed to flow out regardless of outbound rules

Question 4

Which address should you use to allow communication between VPC instances?

Answer 4

Private IP, nnot their public IP or Elastic IP address

Question 5

What are security groups associated with?

Answer 5

Network interfaces, not the instances themselves
When you change the security group of an instance, you ate changing the security groups associated with its network interface

Question 6

Does a newly created network interface have a security group associated with it?

Answer 6

Yes, it’s associated with the default security group for the VPC unless you specify a different one

Question 7

What ate network interfaces and security groups bound to?

Answer 7

The VPC they are launched in
They cannot be used for other VPCs
However, security groups belonging to a different VPC can be referenced as the origin and destination of a security group rule of peered VPCs

Question 8

At what layer do network ACLs operate?

Answer 8

They operate on the subnet layer which means they protect the whole subnet rather than individual instances