Virtual Private Cloud (VPC) Networking Flashcards

1
Q

What does a NAT gateway do?

A

It allows resources in a private subnet to access the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does a NAT gateway work?

A

It takes outbound traffic, changes the source IP address to its own public IP, and sends the traffic over the internet.

Responses can flow back through the NAT Gateway to the original instance in the private subnet, because the NAT Gateway keeps a record of the traffic it has translated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Is an Elastic IP address public or private?

A

Public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the pricing for an Elastic IP?

A

A small hourly charge when not in use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Are Elastic IP addresses single or multi-region?

A

Single region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TRUE or FALSE?
When you disassociate an Elastic IP from a resource, it automatically gets removed from your account.

A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can an Elastic IP help with the failure of an instance?

A

By rapidly remapping the address to another instance in your account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

TRUE or FALSE?
Elastic IPs are accessible from the internet.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How is an Elastic IP address different to a traditional static IP address?

A

It’s not associated with a specific instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Is a NAT Gateway provisioned in the public or private subnet?

A

Public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

TRUE or FALSE?
NAT Gateways are automatically assigned a public IP address

A

TRUE
An elastic ip

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

TRUE or FALSE?
A NAT Gateway needs to be associated with a security group in order to work.

A

FALSE
You don’t need to worry about opening up ports on your security group to a NAT Gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

TRUE or FALSE?
A NAT Gateway needs to be associated with an Elastic IP in order to work.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In what situation would you use a NAT Gateway?

A

To allow instances in private subnets to access the internet for software updates, downloading patches, etc., while keeping them protected from inbound internet traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Security Groups are stateful. What does this mean in practice?

A

This means that they keep track of the connections that are allowed. Once a connection is allowed in one direction (either inbound or outbound), the return traffic is automatically allowed, regardless of the inbound or outbound rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your VPC automatically comes with a default ACL. What traffic does this ACL allow by default?

A

All traffic

17
Q

What traffic does a custom ACL allow by default?

A

None

18
Q

Do you block an IP address with:
a) a network ACL?
b) a security group?

A

a network ACL

19
Q

TRUE or FALSE?
A network ACL can be associated with multiple subnets, and a subnet can be associated with multiple ACLs.

A

FALSE
A network ACL can be associated with multiple subnets, but a subnet can only be associated with one ACL at a time.

20
Q

Are Network ACLs stateful or stateless?

A

Stateless

21
Q

What are 3 advantages of Direct Connect over internet-based connections?

A
  • Reduced network costs
  • Increased bandwidth throughput
  • More consistent
22
Q

Is it possible to do VPC peering across regions?

A

Yes

23
Q

What does PrivateLink do?

A

Opens up your VPC to many customer VPCs.

Kind of like VPC peering, but at scale.

24
Q

PrivateLink requires _________ on the service VPC and _______ on the customer VPC.

A

Network Load Balancer (service)
ENI (Elastic Network Interface) (customer)

25
Q

TRUE or FALSE?
A subnet is limited to one AZ.

A

TRUE

26
Q

What is the default IP addressing system in a VPC?

A

IPv4

27
Q

What’s the difference between a NAT Gateway and an Internet Gateway?

A

A NAT Gateway is for providing access to instances in private subnets, Internet Gateway for instances in public subnets.

28
Q

What happens if you don’t explicitly associate a subnet with a network ACL?

A

It gets associated with the default one.

29
Q

When evaluating rule for network ACLs, is it the lowest or highest numbered rule that is evaluated first and therefore has preference?

A

Lowest

30
Q

What does Direct Connect do?

A

It connects on-prem datacenters with AWS.

31
Q

What is the use case for VPC Endpoints?

A

For when you want to connect AWS services without leaving the AWS internal network.

32
Q

Which services does a Gateway VPC endpoint support?

A

S3 and DynamoDB

33
Q

What are the two types of VPC endpoint?

A

Interface endpoint
Gateway endpoint

34
Q

What is the use case for VPC Peering?

A

For when you have multiple VPCs for different environments and need to connect them.

35
Q

TRUE OR FALSE:
When using VPC Peering, the two VPCs cannot have overlapping CIDR Blocks

A

TRUE

36
Q

Does VPC Peering support transitive peering relationships?

A

No