VIRTUAL PRIVATE CLOUD (VPC) BASICS Flashcards

1
Q

What are some considerations for VPC structure before creation ?

A

what size should the VPC be

Are there any networks we can’t use

VPC minimum /28(16 IPs) , maximum /16(65456 IPs)

Avoid common ranges

reserved 2+ networks per region being used per account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

your business Animals 4 Life has offices in 3 us regions regions, 1 Europe region, and 1 Australia region what would there total IP ranges be ?

A

40 IP Ranges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

custom VPC

A

regional service All AZ in the region

isolated network

Northing in or out without explicit configuration

Default or Dedicated Tenancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Default Tenancy

A

you can decide on a per resource level weather it goes on shared or dedicated hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Dedicated Tenancy

A

on a VPC level any resource that you create has to be on dedicated hardware which is a cost premium

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AWS configuration Custom VPC

A

IPv4 Private CIDR block and Public IPS

! Primary Private IPv4 CIDR Block

Min/28(16IP) Max /16 (55,536 IP)

optional secondary IPv4 Block

optional single assigned IPv6/56 CIDR Block(IPv6 are only public)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DNS in a AWS custom VPC

A

provided by R53

VPC Base IP +2 address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

enableDnsHostnames

A

gives instances DNS names

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

enableDnsSupport

A

enables DNS resolution in VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

VPC Subnets

A

subnets are what services run from inside VPC’s and their are how you add structure, functionality and resilience to VPC’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

VPC Subnet resiliency

A

AZ resilient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can a subnet be in Multiple AZ ?

A

No, one subnet is created in a specific AZ in a region and it can never be changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Auto Assign public IPv4

A

decided if the subnet assigns public IPv4 in addition to their private subnet automatically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

auto assign IPv6

A

decides if the subnet assigns IPV6 addresses the subnet and the VPC has to have that allocated also for to work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How many subnets can a AZ have ?

A

One AZ can have 0 to many Subnets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How does a subnet handle networking ?

A

By default the subnet is allocated an IPv4 CIDR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the constraints of a Subnet CIDR

A

has to be a subset of the VPC CIDR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Can the CIDR range of two subnets in the same VPC overlap?

A

no, subnets can’t overlap with other subnets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Can two subnets within a VPC communicate with each other ?

A

free communication between subnets by default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the 5 unusable addresses in a subnet ?

A
  1. Network Address (start of network)
  2. Network +1 - VPC Router
  3. Network +2 - Reserved(DNS*)
  4. Network +3 - Reserved Future Use
  5. Broadcast Address (Last IP in Subnet )
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

DHCP option set

A

Dynamic Host Configuration Protocol how computing devices receive IP addresses Automatically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Where is DHCP options sets applied ?

A

At the VPC level flows down through subnets

23
Q

How can you update the DHCP option set configurations?

A

you can create option sets but you can’t change them

if you want to change the option set you would have to make a new one and attach it to VPC

24
Q

VPC Router

A

Routes traffic between subnets controls by route table attached to subnet

25
VPC Route Table
the default route table that is attached to a subnet if one is not specified
26
How many route tables can be attached to a subnet ?
one route table
27
Can two subnets within a VPC have the same route table attached ?
yes, a route table can be associated with many subnets
28
What does a route table to ?
it controls what happens to data as it leaves the subnet or subnets that the route table is associated with.
29
How is data routed in a route table
The more specific the route the higher the priority
30
Internet Gateway
manages traffic between the VPC and the internet or AWS public zones
31
How are IPv4 public addresses handled through IGW ?
Public IPv4 address are attached on the IGW it maintains a record of the associated Private IPv4 address attached on a instance.
32
Is it possible to configure a public IPv4 address on an EC2 instance running from within a subnet ?
No, at no point is an EC2 instance aware of it's public IPv4 address.
33
Bastion Host/Jump Box
An EC2 instance in a public subnet allows connectivity to internal VPC resources
34
Stateless FireWall
doesn't understand the state of connection weather it's request or response because of this there needs to be two security rules (IN, Out)
35
Stateful FireWalls
knows which components are the request and response firewall automatically picks up which port is being used and allows it. lower admin overhead
36
What are NACLS?
Network Access Control List is a traditional stateless firewall within AWS
37
What Kind of traffic are impacted by NACLS ?
Traffic crossing the subnet boundary inbound or outbound
38
How are rules processed in NCAL
Rules are processed in order, lowest rule number first
39
What happens when the traffic entering the NACL doesn't match any of the rules ?
explicate deny
40
What are the requirements for creating a NACL rule?
Each communication needs 1 request rule and 1 Response rule (application port and ephemeral port) for each communication type that occurs within a VPC, to a VPC and from a VPC.
41
How is the Default NACL configured for VPC
inbound and Outbound Rules have the implicit deny(\*) and an Allow All rule. The result- all traffic is allowed, the NACL has no effect.
42
Could a NACL be attached to AWS renounces
No, there only can be attached to subnets
43
How many NACLS can be associated to a Subnet
each subnet can have one NACL(default or custom)
44
How many subnets can be associated with a NACL
A NACL can be associated with many subnets
45
What are security Groups ?
Stateful firewall that detect response traffic automatically allowed(in or out)
46
What can security groups be attached to ?
anything that has a Elastic Network
47
What is one of the limitations for security Groups?
No explicitly deny only allow or implicit Deny It can't block specific bad actors for that NACL's are used
48
What are 2 benefits of using a Security group ?
it can refence other SG in rules as well itself can be attached to logical resources
49
What is Network Address Translation (NAT)
give private CIDR range outgoing internet access
50
Can connections be initiated from a private EC2 instance after NAT is enabled ? If Not why ?
connection can received response data but you can not imitate connections from the public internet
51
Where is an NAT gateway run from ?
Runs from a public subnet
52
What is the resiliency of a NAT Gateway by default ?
53
Is a NAT gateway region resilient ? and if not how would you make it region resilient ?
NATGW in each AZ
54
Why were NAT Gateway's created ?
public IPv4 addressed running out NAT is a set of proccesses reampaping src or dist ips IP masquerading hiding CIDR Block behind IP