VPC Flashcards

1
Q

VPCs can span Regions

A

False, they are Region specifics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Max allowed VPCs/Region

A

5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You must create a VPC/Region, no default VPCs are avaiable

A

False, each Region comes with a Default VPC, so that you can launch EC2 directly if you want

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Max Subnets/VPC

A

200

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Does DNS names disabled by default?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

VPC peering

A

lets you to connect one VPC with another over direct connect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

VPC peering can be used across Regions and accounts

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What configuration does VPC peering uses?

A

Star Config

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Does VPC peering allows Transitive peering?

A

No transitive peering allowed, it needs one to one connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

VPC peering may overlap CIDR blocks?

A

No overlapping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

_______ determines where network traffic is directing to

A

Route tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

It is not mandatory to associate each subnet with a route table?

A

False, it is mandatory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A subnet can be part of many route tables at any time

A

False, Subnet can be part of one route table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

One route table can have multiple subnets?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Internet Gateway performs Network Address Translation (NAT) for instances that have been assigned public IPV4 addresses?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Does AWS has any service to replace traditional Bastion Host/Jump servers?

A

Yes, System Manager -> Session Manager replaces them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

VPC endpoints?

A

Lets you privately connect your VPC to other AWS services and VPC endpoint services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Pros of VPC endpoints?

A

– Replaces IGW, NAT device, VPN connection, AWS direct connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Does instances in VPC needs public IP addresses to communicate AWS services?

A

No, it does required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Traffic will be sent to Internet to communicate with the services within AWS using VPC endpoints?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

VPC flow logs

A

Captures the IP traffic information in and out of network interfaces within your VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Flow logs can be created for _____?

A

VPC, Subnets and Network interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Where does VPC flow logs stored in AWS

A

Cloudwatch or S3

24
Q

You can’t enable flow logs for VPCs which are peered with your VPC unless they are in the same account?

A

True

25
Q

what Instance traffic is not monitored?

A
    • Instance traffic generated by contacting aws DNS servers
    • Windows Licence activation traffic from instances
    • Traffic to and/from the instance metadata addresses (165.254.169.254)
    • DHCP traffic
    • Any traffic to the reserved address of default VPC router
26
Q

NACLs acts as a Virtual firewall at subnet level?

A

True

27
Q

Does VPCs have default NACL which allow all inbound and out bound traffic?

A

True

28
Q

You can block a single IP address using NACL?

A

True

29
Q

You can block a single IP address using Security Group?

A

False

30
Q

You can only allow traffic using NACL but can not deny?

A

False, You can allow or deny using NACL

31
Q

You can only allow traffic using Security Group but can not deny?

A

True, all traffic is denied by default. You just need to allow what you need

32
Q

NACL order is determined by the Rule number highest to lowest?

A

false

33
Q

Subnets are associated with NACL and Subnets can only belong to a single NACL?

A

True

34
Q

If a subnet is not explicitly associated with a NACL, it automatically associated with Default NACL?

A

True

35
Q

NACLs are statefull?

A

False, they are stateless

36
Q

Security Groups are statefull?

A

True, they are statefull.

37
Q

When you create a NACL, all traffic is denied by default?

A

True

38
Q

Security Groups acts as ________

A

Virtual firewall at the instance level

39
Q

SGs are associated with EC2s?

A

True

40
Q

SGs provides security at protocal level and port level?

A

True

41
Q

Multiple instances across multiple subnets can belong to a security group?

A

True

42
Q

An Ec2 instance can have multiple SGs?

A

True

43
Q

you can have ___ inbound and ____ outbound rules in a SG by default?

A

60 and 60

44
Q

VPC security groups per Region by default

A

2500

45
Q

Security groups per network interface by default

A

5

46
Q

What is NAT (Network Address Translation)?

A

Method to re-map one IP to another

47
Q

If you’ve a private n/w and needs to gain outbound access to internet, what you should use to re-map the private IPs?

A

NAT Gateway

48
Q

You’ve two networks they are conflicting network addresses. what should you use?

A

NAT

49
Q

NAT Gateway has to run in public subnet?

A

True.

50
Q

NAT gateway is a managed service which launches redundant instances within the selected AZ

A

True.

51
Q

does Default NACL allow all in/outbound traffic by default?

A

True

52
Q

newly created NACL allow all in/outbound traffic by default?

A

False

53
Q

How to create VPC endpoints?

A
  1. Select the Service type (eg AWS s3)
  2. Select a VPC
  3. Select a subnet (mostly private)
  4. Accept/notice the route added to custom route table
  5. Specify the role policy to access S3
54
Q

How to setup NAT gateway?

A

1a.Create NAT gateway in public subnet
1b.Add an elastic IP to your NAT gateway
2.Edit route table for a private subnet
3.add the internet address to go thru NAT gateway as
destination 0.0.0.0/0 and target as NAT gateway

55
Q

How to setup VPC peering?

A

Both VPCs must be in same region (can be in other aws account as well)
No CIDR conflicts
Create VPC peering by select the local and other account VPC
add the route to another VPC’s address to VPC peer connection in route table in both the VPCs

56
Q

By default, outgoing traffic is allowed in Security Group regardless of any rules?

A

True