Virtual Private Cloud (VPC) Flashcards

1
Q

Using a Transit Gateway to integrate a third-party service has the following benefits:

A
  • Supports bidirectional traffic between your VPCs and the third-party network
  • Supports all types of IP traffic (both TCP and UDP)
  • Deploys a centralized traffic inspection point between your VPCs and the third-party network
  • Easily scales as the number of VPCs involved in the integration changes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The disadvantages of using a Transit Gateway solution include:

A
  • This option is typically more expensive than the direct peering options.
  • Overlapping CIDR blocks are not supported.
  • Many third-party providers do not support this solution because they want to maintain complete control and minimize sharing components with their customers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Virtual Private Gateway?

A

A virtual private gateway is the VPN endpoint on the Amazon side of your Site-to-Site VPN connection that can be attached to a single VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How to make an EC2 in a subnet to reach the internet

A

The network ACL associated with the subnet must allow inbound and outbound traffic on port 80 (for HTTP traffic) and port 443 (for HTTPs traffic).
A route table must contain routes from your subnet to the internet gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How does Site-to-Site VPN connection tunnels work?

A
  • Each Site-to-Site VPN connection has 2 tunnels
  • Traffic from the on-premises network to AWS uses both tunnels.
  • Traffic from AWS to the on-premises network prefers one of the tunnels,
  • Traffic from AWS automatically fail over to the other tunnel if there is a failure on the AWS side.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Site-to-Site VPN tunnel authentication options

A
  • A pre-shared key is the default authentication option / you can specify when you create a Site-to-Site VPN tunnel.
  • A pre-shared key is a string that you enter when you configure your customer gateway device.
  • If you do not specify a string, we auto-generate one for you.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a common strategy for connecting multiple, geographically disperse VPCs and remote networks in order to create a global network transit center.

A

A transit VPC, that simplifies network management and minimizes the number of connections required to connect multiple VPCs and remote networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If you launch an EC2 instance into a VPC that has an instance tenancy of dedicated:

A

the instance will always run as a Dedicated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly