VPC Flashcards

1
Q

Wha is VPC?

A

Virtual Private Network

Page 315

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is SubNet

A

It’s a network in the VPC, which is the result of partitioning the VPC in several networks.

Page 315

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Public Subnet

A

A subnet that can be reached from internet

Page 315

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a Private Subnet

A

A Subnet that is not accessible from the Internet but only VPC.

Page 315

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which entity information is used to define the access between subnets?

A

Route Tables that are used in Routers (Lyr 3)

Pge 315

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What do you use to connect The internet to your VPC instance?

A

Internet Gateway?

Page 317

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the function of NAT Gateways and NAT Instances?

A

Provides internet acces to your **Private Subnets^^.

Page 317

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the diference between NAT Gateway and NAT Instance?

A

NAT Gateway is an AWS-Managed services and NAT Instances is a Self-managed service.

Page 317

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Does a PublicSubnet requires some device to connect to The Internet (Outpt traffic)

A

No, Public Subnets have access to the internet by default.

Page 317

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is NACL?

A

Network ACL
It’s a Firewall forSubnets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the main features of ACL?

A
  • Control the IN/Out Traffic of the Subnet.
  • The rule can be ALLOW or DENY.
  • Only works with the IP specified.

Page 318

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a Security Group?

A

A Firewall only for ENI (Elastic Network Interface) and EC2 instances.

Page 318

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the main features of Security Group?

A
  • It works at Instances level (EC2 or ENI).
  • it only can have ALLOW Rules.
  • The rules have IP and another security Groups.

Page 318

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is VPC Flow Logs?

A

it’s a service to capture all the traffic that going into the next interfaces:
* VPC Flow Logs
* Subnets
* Elastic Network Interface

Page 320

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Where Can the Log of VPC Flow Logger be stored?

A
  • CloudWatch Logs
  • S3

Page 320

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is VPC Peering?

A

A service to connect VPCs among them in a privately way making them working as they were in the same network.

Page 321

17
Q

Can two VPCs that are connected by a VPC Peering have the same IP Address Segments?

A

NO, the must have differents CIDR (IP Address Range)

Page 321

18
Q

Imagine havig three VPCs connected throght AWS Peerings with this topologic:

VPC B <-PEERING-> VPC A <-PEERING-> VPC C

Does VPC C can reach the VPC B and why?

A

NO, VPC Peering connections isn’t a Transitive Traffic
Using VPC Peerings only allows reach the other VPC connected. You need to create another VPC between VPC B and VPC C to have access each other.

Page 321

19
Q

What is VPC End Point?

A

Allow to connect AWS Services throught a Private Subnet, there is no a Public Subnet.

Page 322

20
Q

What are the two categories of VPC Endpoint:

A
  1. Endpoint Gateway, used for DynamoDB and S3.
  2. Endpoint Interface, for the remain services

Page 322

21
Q

What is VPC Private Link?

A

Privately connect to a service in a 3rd party VPC

private link among a 3th Party VPC and VPC.

Page 323

22
Q

What do you need to have a VPC Private Link?

A

You require connect a Load Balancer and an ENI as:

From 3rd PartyVPC:
+ AWS Load Balance
From AWS VPC:
+ Elastic Network Interface (ENI)

Page 323

23
Q

What can you use to connect an On-Premis VPN and AWS VPC throung the Public Internet?

A

Site-To-Site VPN

Page 324

24
Q

What can you use to connect an On-Premis VPN and to AWS VPC throung a Private Network?

A

Direct Connect
* It requieres a phisical connection between Your On-Premise and AWS.
* It requieres at last a month to stablish.

Page 324

25
Q

What are the part that comform a Site-To-Site VPN?

A
  • On-Premise: Customer Gateway (CGW)
  • AWS: Virtual Private Gateway (VGW), from AWS

Page 325

26
Q

What is AWS Client VPN?

A

OpenVPN Connection from your computer into your VPC

It’s a VPN Client over OpenVPN to connect to AWS or On-Premise Network.

Page 326

27
Q

What do you use to connect an EC2 instance over a private Network, if it was in a Private VPC network?

A

AWS VPN Client

Page 326

28
Q

What is the AWS VPN Client Topologic?

A
  1. Workstation with AWS VPN Client.
  2. AWS VPC
  3. OnPremise Network.

The AWS VPN Client must be used on the Public Internet.

Page 326

29
Q

What is Transit Gateway?

A

It’s a Special Peering where can be connected:
+ VPC
+ OnPremises networks
+ Direct Connect Gateways
+ VPN Connections

..under a STAR TOPOLOGIC

Page 328

30
Q

Can a Subnet be part of Multiple AZ?

A

NO, they belong to an unique AZ.

Page 329

31
Q

What is of this leves works Internet Gateway?
a. VPC Level
b. EC2 Instance Level.
c. Load Balancer Leve,

A

A
Gives the VPC access to the Internet and applys for all the Instanes in the Subnet.

Page 329

32
Q

What is of this leves works Security Group?
a. VPC Level
b. EC2 Instance Level.
c. Load Balancer Leve,

A

B
It control the traficthat IN, in a EC2 Instance.

Page 329

33
Q

Is NACL stateless of stateful?

A

NACL (Firewall) is a stateless service that control the IN/Out traffic in a subnet.

Page 329

34
Q

Is Security Group stateless of stateful?

A

Stateful, controll all the IN traffinc and allows all the Outbound traffic.

Page 329