VPC 1 Flashcards

1
Q

Security Groups

What’s the major limitation of SGs?

A

Can’t deny (other than implicit deny)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Groups

What do you attach Security Groups to?

A

ENIs, not instances!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security Groups

Can hosts in a SG talk to each other?

A

Not by default, need self-referenced SG to allow it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security Groups

Highest-level Use Cases for NACLs and SG?

A

SGs for expected app traffic, NACLs to deny bad actors or OOB traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security Groups

How do you setup a Security Group rule to deny access?

A

Can’t, SGs are inclusive only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security Groups

What permissions are on the default security group?

A

Allow all inbound traffic from the default sg, allow all outbound traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security Groups

What is the default permission for a custom security group you create?

A

No inbound traffic, allow all outbound traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security Groups

Can instances within the same security group communicate by default?

A

No, you have to enable this explicitly: source is the security group in question.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security Groups

Why can’t I ping my instance from another security group?

A

Prob. didn’t add explicit rule for ICMP Ping “Echo” type to the inbound rule of the sg.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security Groups

Which scales better, Security Groups or NACLs?

A

Security Groups: use logical names for groups of things, not IP-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Security Groups

How do you change an EC2 instance’s Role that it uses?

A

Just do it, change Role from console or elsewhere, disappears from inside EC2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly