Technical Essentials - Networking Flashcards
IPv4 notation
CIDR notation
192.168.1.30 is a single IP address. If you want to express IP addresses between the range of 192.168.1.0 and 192.168.1.255, how can you do that?
One way is to use CIDR notation. CIDR notation is a compressed way of representing a range of IP addresses. Specifying a range determines how many IP addresses are available to you.
A ____ is an isolated network that you create in the AWS Cloud, similar to a traditional network in a data center.
virtual private cloud (VPC)
When you create an Amazon VPC, you must choose three main factors:
- Name of the VPC
- Region where the VPC will live (A VPC spans all the Availability Zones within the selected Region)
- IP range for the VPC in CIDR notation – This determines the size of your network. Each VPC can have up to five CIDRs: one primary and four secondaries for IPv4. Each of these ranges can be between /28 (in CIDR notation) and /16 in size.
In AWS, ____ are used to provide high availability and connectivity options for your resources.
subnets
Use a ____ subnet for resources that must be connected to the internet.
Use a ____ subnet for resources that won’t be connected to the internet.
public
private
When you create a subnet, you must specify the following:
- VPC that you want your subnet to live in—in this case: VPC (10.0.0.0/16)
- Availability Zone that you want your subnet to live in
- IPv4 CIDR block for your subnet, which must be a subset of the VPC CIDR block
When you launch an EC2 instance, you launch it inside a ____, which will be located inside the Availability Zone that you choose.
subnet
When you create your subnets, keep high availability in mind. To maintain redundancy and fault tolerance, create at least ____ subnets configured in ____ Availability Zones.
two
two
For AWS to configure your VPC appropriately, AWS reserves five IP addresses in each subnet. These IP addresses are used for routing, Domain Name System (DNS), and network management.
To activate internet connectivity for your VPC, you must create an internet ____.
gateway
A ____ connects your VPC to another private network.
virtual private gateway
When you create and attach a virtual private gateway to a VPC, the gateway acts as anchor on the AWS side of the connection.
On the other side of the connection, you will need to connect a customer gateway to the other private network.
A customer gateway device is a physical device or software application on your side of the connection.
When you have both gateways, you can then establish an encrypted ____ connection between the two sides.
virtual private network (VPN)
To establish a secure physical connection between your on-premises data center and your Amazon VPC, you can use ____.
AWS Direct Connect
With AWS ____, your internal network is linked to an AWS Direct Connect location over a standard Ethernet fiber-optic cable.
Direct Connect
A ____ contains a set of rules, called routes, that are used to determine where network traffic is directed.
route table
When you create a VPC, AWS creates a route table called the main route table.
AWS assumes that when you create a new VPC with subnets, you want traffic to flow between them.
Therefore, the ____ configuration of the main route table is to allow traffic between all subnets in the local network.
default
The following rules apply to the main route table:
- You cannot delete the main route table.
- You cannot set a gateway route table as the main route table.
- You can replace the main route table with a custom subnet route table.
- You can add, remove, and modify routes in the main route table.
- You can explicitly associate a subnet with the main route table, even if it’s already implicitly associated.
The main route table is used implicitly by subnets that do not have an explicit route table association.
However, you might want to provide different routes on a per-subnet basis for traffic to access resources outside of the VPC.
If you associate a subnet with a custom route table, the subnet will use it instead of the main route table.
Each custom route table that you create will have the local route already inside it, allowing communication to flow between all resources and subnets inside the VPC.
You can protect your VPC by explicitly associating each new subnet with a custom route table and leaving the main route table in its original default state.
A ____ lets you control what kind of traffic is allowed to enter or leave your subnet.
You can configure this by setting up rules that define what you want to filter.
It acts as a virtual firewall at the subnet level.
Network ACLs are considered ____.
network ACL
stateless
The ____ network ACL allows all traffic in and out of the subnet. To allow data to flow freely to the subnet, this is a good starting place.
default
Because network ACLs are configured by default to allow incoming and outgoing traffic, you don’t need to change their initial settings unless you need additional security layers.
You can secure EC2 instances with ____ groups.
It acts as a virtual firewall at the instance level.
security
The default configuration of a security group ____ all inbound traffic and ____ all outbound traffic.
blocks
allows
Security groups are ____.
That means that they will remember if a connection is originally initiated by the EC2 instance or from the outside, and temporarily allow traffic to respond without modifying the inbound rules.
stateful
If you want your EC2 instance to accept traffic from the internet, you must ____.
open up inbound ports
A common design pattern is to organize resources into different groups and create ____ for each to control network communication between them.
security groups
