VPC

Question 1

What is the difference between a NAT instance and a Bastion Server

Answer 1

A Nat instance is used to provide internet access to servers in a private subnet
A Bastion is used to securely administer instances in a private subnet

Question 2

What is VPC peering?

Answer 2

Allows you to connect VPCs using private IPs

Question 3

At what level do security groups operate at?

Answer 3

Instance level

Question 4

At what level do ACLs operate at?

Answer 4

subnet level

Question 5

How many Internet Gateways per VPC can you have?

Answer 5

One

Question 6

Do default VPC subnets have access to the internet?

Answer 6

Yes, private subnets need to be created

Question 7

What is created by default when you create a new VPC?

Answer 7

Route Table
Network ACL
Security Group

Question 8

What is the difference between Egress only internet gateways and Nat Gateways?

Answer 8

Nat Gateways operate on IPv4, Egress Only operate on IPv6

Question 9

What is the default setting for the default Network ACL?

Answer 9

Allows all inbound/outbound traffic

Question 10

What is the default setting for a custom Network ACL?

Answer 10

All inbound/outbound traffic is denied

Question 11

What subnet should a Nat Instance be in?

Answer 11

A public subnet

Question 12

What conditions apply to use VPC peering?

Answer 12

No matching CIDR block
Must be in same region
No transitive peering

Question 13

What setting should you disable on a Nat Instance?

Answer 13

Source/destination checks

Question 14

How many Nat Gateways do you need?

Answer 14

One per Availability Zone

Question 15

What are sticky sessions?

Answer 15

When a client is associated with a specific server using cookies

Question 16

Can Network ACLs span AZs?

Answer 16

Yes

Question 17

How do you create High Availability for Nat Instances?

Answer 17

Auto Scaling Groups
Multi AZ in different Regions
Script to automate failover

Question 18

What are ingress/egress rules?

Answer 18

Firewalls to protect the network from incoming traffic and to prevent traffic from leaving

Question 19

How many VPCs per region can you have?

Answer 19

5

Question 20

How many Network ACLs can a subnet be associated with?

Answer 20

Just One

Question 21

How many subnets can a Network ACL be associated with?

Answer 21

Multiple

Question 22

What are the 9 steps to create a VPC?

Answer 22

Create VPC
Create subnets
Add Internet Gateway
Attach Internet Gateway to VPC
Create new Route Table
Add new route for internet access
Update Subnet Association
Auto Assign IP addresses
Launch instances

Question 23

What does a security group do?

Answer 23

Defines what protocols are allowed communicate with the resources behind it

Question 24

How many subnets in an availability zone

Answer 24

One subnet per AZ

Question 25

What is a subnet?

Answer 25

A CIDR address range - equates to one availability zone