Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS TSA 2022 > VPC > Flashcards

VPC Flashcards

1
Q

What does CIDR stand for?

A

Classless Inter-Domain Routing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is CIDR used for?

A

It is used in Security Group Rules to allocate IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What 2 components make up a CIDR?

A
  • A Base IP like 12.34.56.78

- A Subnet Mask like /0, /24 or /32

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does a Subnet Mask do?

A

It defines how many bits can change in the IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does /8 Subnet Mask equal in IP?

A

255.0.0.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does /16 Subnet Mask equal in IP?

A

255.255.0.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does /24 Subnet Mask equal in IP?

A

255.255.255.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does /32 Subnet Mask equal in IP?

A

255.255.255.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an IP made up of?

A

Its made up of 4 octets: 0.0.0.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does /32 mean regarding octets?

A

That no octet can change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does /24 mean regarding octets?

A

That the last octet can change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does /16 mean regarding octets?

A

That the last 2 octets can change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does /8 mean regarding octets?

A

That the last 3 octets can change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does /0 mean regarding octets?

A

That all octets can change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What values can a private network have?

A

They can have 10.0.0.0/8

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does the AWS default VPC IP usually look like?

A

172.16.0.0/12

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What doe home network IPs look like?

A

192.168.0.0/16

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What IP addresses does AWS reserve in a subnet?

A

The first 4 and the last 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does AWS use the reserved IPs for?

A
  • 10.0.0.0 for Network Access
  • 10.0.0.1 for the VPC Router
  • 10.0.0.2 for mapping to Amazon provided DNS
  • 10.0.0.3 for future use
  • 10.0.0.255 for Network Broadcast Address
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How do you calculate how many IP addresses a CIDR block represents?

A

2^32-prefix, where prefix is the number after the slash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is an Internet Gateway used for?

A

It allows AWS resources in a VPC to access the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is required for an Internet Gateway to allow Internet access?

A

A Route Table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a Bastion Host used for?

A

It is used to ssh into an EC2 instance in a private subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are 3 important points about Bastion Hosts?

A
  • The bastion host is in a public subnet, which allows access to resources in a private subnet
  • The Bastion Host only requires SSH access on port 22
  • The Bastion Host should only have access to the IP address you need, not a security group etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

In NAT Instance, what does NAT stand for?

A

Network Address Translation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What does a Nat Instance do?

A

Allows EC2 instances in private subnets to connect to the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Should you choose NAT Instance or NAT Gateway?

A

NAT Gateway

28
Q

What are 4 things you must do when setting up a NAT Instance?

A
  • Must launch in a public subnet
  • Must disable EC2 Source/Destination Check
  • Must have Elastic IP attached to it
  • Must configure Route Table to route traffic from private subnets to the NAT instance
29
Q

What is a NAT Gateway?

A

An AWS managed NAT (Network Address Translation)

30
Q

Can a NAT Gateway be used by an EC2 instance in the same subnet?

A

No, they need to be in a different subnet

31
Q

Can a NAT Gateway work without an Internet Gateway?

A

No, Internet Gateway is required

32
Q

At what level is the Network Access Control List (NACL)?

A

It is at the Subnet Level

33
Q

At what level is the Security Group?

A

It is at the instance level

34
Q

Out of NACL and Security Groups, which are stateful?

A

NACLs are stateless and Security Groups are stateful

35
Q

What does stateful mean for Security Groups?

A

It means whatever rules permit traffic in, will also let traffic out

36
Q

What does stateless mean for NACLs?

A

It means that outbound traffic needs to pass outbound rule checks before its permitted

37
Q

What is a NACL?

A

Its like a firewall that controls traffic to/from subnets

38
Q

How many NACLs can a subnet have?

A

1, and new subnets are assigned the default

39
Q

What are 3 things to remember about defining NACL rules?

A
  • Rules have a number and the lower the number, the higher the precedence
  • The first rule match will drive the decision
  • The last rule is an asterisk and denies a request if no match
40
Q

What does the default NACL allow?

A

The default allows all inbound/outbound traffic

41
Q

What does newly created NACL allow?

A

The newly created NACL denies all inbound/outbound

42
Q

What is an Ephemeral Port?

A

Its a port that is open as long as the connection between client/server

43
Q

What is VPC Reachability Analyzer?

A

Its a network diagnostics tool that debugs network connectivity between endpoints

44
Q

Using VPC Peering, can I access VPC C from VPC A?

A

You must setup directly between the 2

45
Q

What is a VPC endpoint?

A

It allows your private AWS services to access other services without accessing the public internet

46
Q

What are the 2 types of VPC endpoints?

A
  • Interface Endpoints

- Gateway Endpoints

47
Q

Do both VPC endpoint types support most AWS services?

A

Gateway Endpoints support S3 and DynamoDB only, Interface Endpoints support most services

48
Q

What are VPC Flow Logs?

A

They capture information about IP traffic going into your interfaces

49
Q

What is Site to Site VPN?

A

It is a connection from AWS to on-site

50
Q

What 2 types of Site to Site VPN are there?

A
  • Virtual Private Gateway

- Customer Gateway

51
Q

What is the difference between Virtual Private Gateway and Customer Gateway?

A

The Virtual Private Gateway has a VPN concentrator on the AWS side. The Customer Gateway has a physical device on the Customer side

52
Q

If you’re using a Customer Gateway device, what IP address do you use?

A

Use the Public Internet-routable IP address or if its behind a NAT device, the public IP of the NAT

53
Q

What is an important step when using Virtual Private Gateway?

A

Enable Route Propagation for the Virtual Private Gateway in the route table associated with the subnet

54
Q

If you need to ping your EC2 instance from on-premises, what should you do?

A

Add ICMP protocol on the inbound of the security grooup

55
Q

What is DX (Direct Connect)?

A

It provides a dedicated private connection from a remote network into your VPC

56
Q

What are the 2 types of connections in Direct Connect?

A
  • Dedicated Connections (Physical ethernet connection)

- Hosted Connections (Connections made via AWS Direct Connect Partners)

57
Q

How long does it usually take a Direct Connect connection to establish?

A

Often longer than a month

58
Q

What is the difference between High Resiliency and Maximum Resiliency for Direct Connect?

A
  • High Resiliency has 2 separate AWS Direct Connect Locations, each with a single connection.
  • Maximum Resiliency also has 2 separate AWS lDirect Connect Locations but each has 2 connections
59
Q

What should I use if I want to expose a service to 1000’s of VPCs?

A

Use AWS PrivateLink

60
Q

What 2 things are required for AWS PrivateLink?

A
  • A Network Load Balancer (your side)

- An Elastic Network Interface (ENI) (customer side)

61
Q

What isTransit Gateway used for?

A

Connecting 1000’s of VPC and on-premise

62
Q

For Transit Gateway, how do you determine which VPC can talk to another?

A

VPC route tables

63
Q

What does ECMP for Transit Gateway stand for?

A

Equal cost, multi path routing

64
Q

Can Egress-Only Internet Gateways be used for IPv4 and IPv6?

A

No, only IPv6. Use NAT Gateway for IPv4

65
Q

What are the networking costs between using public or private IPs?

A
  • If traffic is within the same availability zone using private IP, its free
  • If traffic is not in the same availability zone using private IP, its $0.01 per gb
  • If traffic is within the same availability zone using public IP, its $0.02 per gb

AWS TSA 2022 (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions