VPC

Question 1

What is a VPC and is it global, region, or AZ locked?

Answer 1

It is a private cloud that is region locked

Question 2

What are route tables used for within a VPC?

Answer 2

To define access to the internet and between subnets

Question 3

What does an internet gateway do within a VPC?

Answer 3

Allows VPC instances to connect with the internet. Public subnets have a route to the internet. NAT gateways and NAT instances allow private subnets to access the internet while remaining private.

Question 4

What does a NACL do?

Answer 4

It is a stateless (traffic in doesn’t imply responses are allowed) firewall that can have allow and deny rules for IP address that are attached to a subnet

Question 5

What does a security group?

Answer 5

It is a stateful (traffic in allows for responses) firewall that controls traffic to an ENI or EC@ instance that can only contain allow rules and may include IP address and other security groups

Question 6

How can you monitor and troubleshoot connectivity issues for a VPC?

Answer 6

VPC flow logs

Question 7

What does VPC peering do?

Answer 7

Allows you to connect two VPCs privately using AWS network as if they were in the same network. Note: VPC peering is not transitive, A -> B and B -> C does not imply A -> C.

Question 8

What are VPC endpoints?

Answer 8

Endpoints that allow you to connect to AWS services using a private network instead of www network which gives enhanced security and lower latency.

Question 9

What are the two options to connect to a VPC from on-premises?

Answer 9

1. Site to site VPN - Via public internet
2. Direct connect (DX) - Via private physical connection

Question 10

What are the tiers in the typical 3 tier solution architecture?

Answer 10

1. Public subnets that contain an ELB
2. Private subnets that contain an ASG
3. Private data subnet that contains ElastiCache and RDS