VPC Flashcards
what is an example of a netmask for vpc?
/24
/21
what is the netmask of a micro vpc
/24
what is the netmask of a small vpc
/21
what is the netmask of a medium vpc
/19
what is the netmask of a large vpc
/18
what is the netmask of an extra large vpc
/16
when determining VPC size what is necessary
How many subnets needed
How many total ips, and how many ip per subnet
Controls whether resources created inside the VPC are provisioned on shared hardware or dedicated hardware
Tenancy
Is DNS in a VPC provided by Route53?
Yes
Can a subnet be in multiple AZ?
No
Can an AZ have more than one subnet?
Yes
Can subnets overlap with eachother?
No
First IP in any subnet that is reserved (ex.10.16.16.0)
Networking Address
IP that is reserved after the Networking Address used by the VPC router, the Second address in a subnet (ex.10.16.16.1)
Network +1 Address
IP that is used for the DNS reservation, Third address in a subnet (ex.10.16.16.2)
Network +2 Address
IP that is used for reserved for future use. (ex.10.16.16.3)
Network +3 address
Ip that is used for broadcasting, Last IP in the subnet (ex.10.16.16.255)
Broadcast Address
Control the DNS servers, domain names, or Network Time Protocol (NTP) servers used by the devices in your VPC or disables DNS resolution completely in your VPC
DHCP Options Set
Can you edit the DHCP Options Set after applying?
No need to delete and create a new one
How to make a subnet public?
Auto assign public IPv4 addresses
Allows IPv4 private instances outgoing access to the internet
NAT
How can an Internet Gateway (IGW) be configured to be highly available
Highly Available by Default
Is /16 the max size of a VPC and /28 is the minimum size of a VPC?
Yes
can Default VPC’s be recreated?
Yes
Do you need an internet gateway per AZ
No
Is IPv4 configured in the OS with the public IP address
No, with it’s private IP
Are Bastion Host and Jumpbox the same thing?
Yes
Instance in a public subnet within a vpc using to allow incoming management connection
Bastion Host
Established connection between two devices using a random port on a client and known port on the server
TCP
Doesn’t understand the state of connections, requires 1 inbound and 1 outbound rule
Stateless Firewall
Can a request be inbound or outbound
Yes
intelligent enough to identify the request and response components of a connection as being related
Stateful Firewall
Allowing the request means that the response is allowed automatically
Stateful Firewall
Every subnet has an associated NACL
True
Contain rules grouped into inbound and outbound that controls traffic in and out of subnets
NACL
Rules are processed in order, lowest rule number first
NACL
Can NACL be assigned to AWS resources?
No only subnets
Is NACL stateless or stateful
Stateless
Are Security groups stateful or stateless
Stateful
Are security groups attached to network interfaces
Yes
process of remapping source ip’s and destination ips
Network Address Translation (NAT)
Where does a NAT Gateway run from
Public Subnet
NAT Gateway are an AZ resilent service, for region resilience NATGW needs to be in EACH AZ
True
Can security groups be used with NAT Gateways
No only NACL
