Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

My AWS Solutions Architect Associate And Developper > VPC > Flashcards

VPC Flashcards

1
Q

What is VPC ?

A

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is NAT ?

A

Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the two different NAT in AWS ?

A

NAT instance, NAT Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What need to be done on creation of NAT instance ?

A

Disable source/destination check

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Does NAT instance need to be in a private subnet ?

A

It need to be in a public subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What minimum you need from a private subnet to work with a NAT instance in a public subnet ?

A

Need at least a route from the private subnet to the NAT instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What can cause a bottlenecking NAT instance ?

A

The instance size is too small.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How to create High avaibility for NAT instance ?

A

Use autoscalling Groups in multiple subnet in different AZ and script to automate failover. If you have to do this just use NAT Gateway =)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Does a NAT instance need to seat behing a security group ?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What the automatic scale up bandwith limit for NAT Gateways

A

10 Gbps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the benefit of using NAT Gateways ? (5)

A

Auto scalling, No need for patch or antivirus, not assoicated with security groups, no need to disable source/check destination, more secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What you need to do after creating NAT Gateways ?

A

Update route tables (10/15mn).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Network ACL ? what’s for ?

A

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the difference between Network ACL and Security group ? (5).

A

Security Group

  1. Operates at the instance level (first layer of defense)
  2. Supports allow rules only
  3. is stateful: Return traffic is automatically allowed, regardless of any rules
  4. We evaluate all rules before deciding whether to allow traffic
  5. Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on

Network ACL

  1. Operates at the subnet level (second layer of defense)
  2. Supports allow rules and deny rules
  3. Is stateless: Return traffic must be explicitly allowed by rules
  4. We process rules in number order when deciding whether to allow traffic
  5. Automatically applies to all instances in the subnets it’s associated with (backup layer of defense, so you don’t have to rely on someone specifying the security group)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

By default when creating VPC what the status of outbound and inbound traffic?

A

allows all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What the status of outbound and inbound traffic when creating a custom network ACL ?

A

Denies all

17
Q

If subnet not explicitly associated with Network ACL what happen ?

A

Subnet is by default associate to default network ACL.

18
Q

Can you associate a network ACL to many subnet ?

A

yes

19
Q

Can you associate a subnet to many network ACL ?

A

no. the previous one will be remove.

20
Q

How the different rules are evaluated in network ACL ?

A

By order (not true for security group).

21
Q

Can network ACL have inbound and outbound rule that can deny and allow traffic ?

A

yes

22
Q

Can block of IP can be block in security group ?

A

No but with Network ACL it’s possible.

23
Q

How many subnet you need to deploy ALB ?

A

at least 2 PUBLIC subnet

24
Q

What is VPC flow log ?

A

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. After you’ve created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.

25
Q

What is the limit to be able to enable VPC flow log ?

A

Make sure you are the owner of the VPC(s).

26
Q

Can you tag a VPC flow log ?

A

No

27
Q

Can you change configuration of a previously created VPC flow log ?

A

No, You can’t associate a different IAM role for exemple.

28
Q

What is the traffic not monitored by VPC flow log ? (5)

A

DHCP traffic
Traffic generate by the instance to amazon DNS server
Traffic generate by Windows instance for license activation
Traffic to and from 169.254.169.254 for instance metadata
Traffic to reserved IP address for default VPC routeur

29
Q

What is VPC endpoint ?

A

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. … Traffic between your VPC and the other service does not leave the Amazon network.

30
Q

How many VPC’s am I allowed in each AWS Region by default ?

A

5

31
Q

How many internet gateways can I attach to my custom VPC ?

A

1

32
Q

When using a custom VPC and placing an EC2 instance in to a public subnet, it will be automatically internet accessible (ie you do not need to apply an elastic IP address or ELB to the instance).

A

False

33
Q

What is the underlying Hypervisor for EC2?

A

XEN

34
Q

The AWS platform consists of how many regions currently?

A

14

35
Q

When I create a new security group, all outbound traffic is allowed by default ?

A

True

36
Q

What do you need to do to change a type of EC2 in a launch configuration group used via autoscalling ?

A

Recreate a launch configuration group and replace the existing one in the autoscaling group.

37
Q

A company want to connect on their premise their AWS system, they need to be able to connec with a VPN connection, what need to be done ?

A

Assign a static routable adress to the customer gateway.

38
Q

Is an instance member of an auto scaling group can be used in to another Auto scaling group ?

A

NO

My AWS Solutions Architect Associate And Developper (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions