VPC

Question 1

How many IP addresses does AWS reserve in a subnet

Answer 1

First 4 and last 1 IP address in each subnet’s CIDR block

Question 2

How many IP addresses are available in /28 CIDR Block range?

Answer 2

16

Question 3

How to allow instances in Private Subnet to be able to connect to the internet

Answer 3

Attach a NAT Gateway in Public Subnet
& add path in Route Table to internet to point to NAT Gateway

Question 4

Scalability of NAT Gateway

Answer 4

5 Gbps - 45 Gbps

Question 5

Outside traffice hits what items in VPC first

Answer 5

Internet Gateway or VPN
Router
Route Table
ACL
Security Group
Instances

Question 6

Security Groups are Stateful or Stateless

Answer 6

Stateful (allows communication back and forth outbound open by default)

Question 7

Max number of NACLs can a subnet be associated with at a time

Answer 7

1

Question 8

NACLs are Stateful or Stateless

Answer 8

Stateless (have to set both inbound and outbound)

Question 9

Here are my NACL rules

100 Port 80 Allow
200 Port 443 Allow
300 Port 80 Deny
* All. 0.0.0.0/0 Deny

What will happen with Port 80 access

Answer 9

Still will have access since Allow is lowest #

Lowest #s evaluated first

Question 10

How to connect to AWS services without an internet gateway or NAT Gateway

Answer 10

VPC Endpoints

Question 11

TRUE or FALSE VPC peering allows transitive peering

Answer 11

FALSE, hub and spoke model only

Question 12

TRUE or FALSE VPC peering can be done across regions AND AWS accounts

Answer 12

TRUE

Question 13

TRUE or FALSE VPC Peering must be done over overlapping CIDR ranges

Answer 13

FALSE, Cannot overlap CIDR ranges

Question 14

3 options to share applications across VPCs

Answer 14

1. Open VPC up to Internet
   - big security no-no
   - lots to manage
2. VPC Peering
   - manage all the peering relationships
   - whole network will be accessible, even if you have multiple apps on VPC
3. PrivateLink
   - no internet tables or nat gateways
   - only expose application to 100s or 1000 of customer VPCs

Question 15

AWS resources needed for Private Link

Answer 15

Network Load Balancer in service VPC
ENI on customer VPC

Question 16

How to connect sites together that each have their own VPN

Answer 16

AWS VPN CloudHub

Question 17

TRUE or FALSE VPN CloudHub is used for customers that don’t have access to the internet

Answer 17

FALSE, internet is required for VPN CloudHub (all traffic is encrypted)

Question 18

Service to connect On-Premise directly to AWS Cloud

Answer 18

AWS Direct Connect

Question 19

True or False: Does AWS Direct Connect require a VPN or Internet

Answer 19

FALSE, Direct Connect even increase bandwith throughput because don’t have to go over internet

Question 20

2 Types of AWS Direct Connections

Answer 20

Dedicated Connection:
physical ethernet requested through AWS console

Hosted Connection:
physical ethernet that an AWS Direct Connection Partner sets up. e.g Verizon

Question 21

AWS Service to simplify VPN connections that are complicated

Answer 21

Transit Gateway

Question 22

Allows AWS Devices/servers to connect to 5G network and mobile edge computing

Answer 22

AWS Wavelength

Question 23

An EC2 instance is removed from an EC2 instance pool but the instance continues to direct the traffic to the instance. What can you do to fix this?

Answer 23

Disable Sticky Sessions.

Question 24

Load Balancers - How to keep connections open to instances that become unhealthy

Answer 24

Enable Deregistration delays