VPC

Question 1

Wha is VPC?

Answer 1

Virtual Private Network

Page 315

Question 2

What is SubNet

Answer 2

It’s a network in the VPC, which is the result of partitioning the VPC in several networks.

Page 315

Question 3

What is a Public Subnet

Answer 3

A subnet that can be reached from internet

Page 315

Question 4

What is a Private Subnet

Answer 4

A Subnet that is not accessible from the Internet but only VPC.

Page 315

Question 5

Which entity information is used to define the access between subnets?

Answer 5

Route Tables that are used in Routers (Lyr 3)

Pge 315

Question 6

What do you use to connect The internet to your VPC instance?

Answer 6

Internet Gateway?

Page 317

Question 7

What are the function of NAT Gateways and NAT Instances?

Answer 7

Provides internet acces to your **Private Subnets^^.

Page 317

Question 8

What is the diference between NAT Gateway and NAT Instance?

Answer 8

NAT Gateway is an AWS-Managed services and NAT Instances is a Self-managed service.

Page 317

Question 9

Does a PublicSubnet requires some device to connect to The Internet (Outpt traffic)

Answer 9

No, Public Subnets have access to the internet by default.

Page 317

Question 10

What is NACL?

Answer 10

Network ACL
It’s a Firewall forSubnets

Question 11

What are the main features of ACL?

Answer 11

• Control the IN/Out Traffic of the Subnet.
• The rule can be ALLOW or DENY.
• Only works with the IP specified.

Page 318

Question 12

What is a Security Group?

Answer 12

A Firewall only for ENI (Elastic Network Interface) and EC2 instances.

Page 318

Question 13

What are the main features of Security Group?

Answer 13

• It works at Instances level (EC2 or ENI).
• it only can have ALLOW Rules.
• The rules have IP and another security Groups.

Page 318

Question 14

What is VPC Flow Logs?

Answer 14

it’s a service to capture all the traffic that going into the next interfaces:
* VPC Flow Logs
* Subnets
* Elastic Network Interface

Page 320

Question 15

Where Can the Log of VPC Flow Logger be stored?

Answer 15

• CloudWatch Logs
• S3

Page 320

Question 16

What is VPC Peering?

Answer 16

A service to connect VPCs among them in a privately way making them working as they were in the same network.

Page 321

Question 17

Can two VPCs that are connected by a VPC Peering have the same IP Address Segments?

Answer 17

NO, the must have differents CIDR (IP Address Range)

Page 321

Question 18

Imagine havig three VPCs connected throght AWS Peerings with this topologic:

VPC B <-PEERING-> VPC A <-PEERING-> VPC C

Does VPC C can reach the VPC B and why?

Answer 18

NO, VPC Peering connections isn’t a Transitive Traffic
Using VPC Peerings only allows reach the other VPC connected. You need to create another VPC between VPC B and VPC C to have access each other.

Page 321

Question 19

What is VPC End Point?

Answer 19

Allow to connect AWS Services throught a Private Subnet, there is no a Public Subnet.

Page 322

Question 20

What are the two categories of VPC Endpoint:

Answer 20

1. Endpoint Gateway, used for DynamoDB and S3.
2. Endpoint Interface, for the remain services

Page 322

Question 21

What is VPC Private Link?

Answer 21

Privately connect to a service in a 3rd party VPC

private link among a 3th Party VPC and VPC.

Page 323

Question 22

What do you need to have a VPC Private Link?

Answer 22

You require connect a Load Balancer and an ENI as:

From 3rd PartyVPC:
+ AWS Load Balance
From AWS VPC:
+ Elastic Network Interface (ENI)

Page 323

Question 23

What can you use to connect an On-Premis VPN and AWS VPC throung the Public Internet?

Answer 23

Site-To-Site VPN

Page 324

Question 24

What can you use to connect an On-Premis VPN and to AWS VPC throung a Private Network?

Answer 24

Direct Connect
* It requieres a phisical connection between Your On-Premise and AWS.
* It requieres at last a month to stablish.

Page 324

Question 25

What are the part that comform a **Site-To-Site VPN**?

Answer 25

* On-Premise: **Customer Gateway (CGW)** * AWS: **Virtual Private Gateway (VGW), from AWS** ## Footnote Page 325

Question 26

What is **AWS Client VPN**?

Answer 26

***OpenVPN* Connection** from your computer into your VPC It's a VPN Client **over OpenVPN** to connect to AWS or On-Premise Network. ## Footnote Page 326

Question 27

What do you use to connect an EC2 instance over a private Network, if it was in a Private VPC network?

Answer 27

AWS VPN Client ## Footnote Page 326

Question 28

What is the **AWS VPN Client** Topologic?

Answer 28

1. Workstation with **AWS VPN Client**. 2. **AWS VPC** 3. OnPremise Network. *The **AWS VPN Client** must be used on the Public Internet*. ## Footnote Page 326

Question 29

What is **Transit Gateway**?

Answer 29

It's a **Special Peering** where can be connected: + **VPC** + **OnPremises networks** + **Direct Connect Gateways** + **VPN Connections** ..under a **STAR TOPOLOGIC** | Page 328

Question 30

Can a *Subnet* be part of Multiple AZ?

Answer 30

NO, they belong to an unique AZ. ## Footnote Page 329

Question 31

What is of this leves works **Internet Gateway**? a. VPC Level b. EC2 Instance Level. c. Load Balancer Leve,

Answer 31

**A** Gives the VPC access to the Internet and applys for all the Instanes in the Subnet. ## Footnote Page 329

Question 32

What is of this leves works **Security Group**? a. VPC Level b. EC2 Instance Level. c. Load Balancer Leve,

Answer 32

**B** It control the traficthat IN, in a EC2 Instance. ## Footnote Page 329

Question 33

Is NACL **stateless** of **stateful**?

Answer 33

NACL (Firewall) is a **stateless** service that control the IN/Out traffic in a subnet. ## Footnote Page 329

Question 34

Is Security Group **stateless** of **stateful**?

Answer 34

Stateful, controll all the IN traffinc and allows all the Outbound traffic. ## Footnote Page 329