VPC

Question 1

VPC. What does it mean. What is it.

Answer 1

Virtual Private Cloud.

It’s your own little bit of the AWS network.

Question 2

VPC Limit Per Account

Answer 2

5 VPCs, per region, per account.

Question 3

What’s a subnet?

Answer 3

Subnets allow you to split your VPC into networks.

Question 4

True or false. Subjects must reside in the CIDR block of their parent VPC?

Answer 4

True

Question 5

CIDR block means.

Answer 5

Classless inter domain routing.

Question 6

True or false. Public subnets will have a public and private IP.

Answer 6

True.

Question 7

For a subnet to be made public. You must carry out two action. What are they?

Answer 7

Add an internet gateway

Add a record to the routes table referring to said internet gateway.

Question 8

The two types of subnet are.

Answer 8

Public

Private

Question 9

IGW stands for?

Answer 9

Internet gateway.

Question 10

True or false. To make a application highly available. Resources should be in subnets split across multiple AZ’s.

Answer 10

True.

Question 11

All subnets have a default route that can not be deleted. It allows all the subnets to talk to each other. What is this route?

Answer 11

10.0.0.0/16

Question 12

1st address in an AWS subnet is reserved for…

Answer 12

Network

Question 13

2nd address in an AWS subnet is reserved for…

Answer 13

Routing

Question 14

3rd address in an AWS subnet is reserved for…

Answer 14

DNS

Question 15

4th address in an AWS subnet is reserved for…

Answer 15

AWS future use

Question 16

Last address in an AWS subnet is reserved for…

Answer 16

Broadcasting

Question 17

NACL stands for

Answer 17

Network access control list

Question 18

What is the purpose of a NACL?

Answer 18

Network firewalls for subnets.

Question 19

True or false. NACLs contain a numbered list of rules that run sequentially

Answer 19

True

Question 20

What’s the purpose of a security group?

Answer 20

Firewall / access control at the resource level.

Question 21

Security groups are state full. What doss this mean?

Answer 21

You don’t have to configure rules to allow for return traffic.

Question 22

NACLs are stateless. What does this mean?

Answer 22

You will have to configure rules for how to handle return traffic.

Question 23

What’s the purpose of a NAT gateway?

Answer 23

It allows resources from a private subnet to make requests out to the internet.

Question 24

True or false. NAT gateways do not respond to incoming requests from the internet?

Answer 24

True.

Question 25

Steps that must be taken to get a NAT gateway up and running?

Answer 25

Create the Nat gateway.

Add a route to the gateway in the routes table.

Question 26

NAT gateway stands for.

Answer 26

Network Address Translator.

Question 27

What’s the purpose in a bastion host?

Answer 27

It allows you to access subnets from external hosts.

Eg connect to an EC2 in a private subnet, from your home computer.

Question 28

What resource is used to create a bastion host on AWS?

Answer 28

EC2

Question 29

Keys to other servers should never be kept on a bastion server. How do you get around this?

Answer 29

SSH agent forwarding.

Question 30

What does the transit gateway do?

Answer 30

It’s one hub that can centralise all data in all VPCs.

Question 31

If your VPN decice DOES support BGP (Border Gateway Protocol) you should enable…

Answer 31

Dynamic routing

Question 32

If your VPN decice DOES NOT support BGP (Border Gateway Protocol) you should specify.

Answer 32

Static Routing.

Question 33

True or false. A subnet is automatically created when you create a VPC?

Answer 33

False.

Question 34

When creating a VPC. AWS automatically creates three things.

Answer 34

A DHCP options set
A route table
A network ACL

Question 35

True or false. An internet gateway is highly available, redundant and horizontally scaleable.

Answer 35

True.

Question 36

An ENI can be attached directly to a running instance. What is this practise known as?

Answer 36

A hot attatch

Question 37

Attaching an ENI to an instance during launch, is known as

Answer 37

A cold attatch

Question 38

Where are VPC flowlogs stored

Answer 38

Cloudwatch Logs

Question 39

Once a VPC flow log has been created. Can it be modified.

Answer 39

Nope

Question 40

VPC flow logs. Can capture info from…

Answer 40

A network interface for an instance
A subnet
The VPC

Question 41

Each VPC flow log. Is made up with data from a time window. How long is this time window?

Answer 41

15 mins

Question 42

A route table can be assigned to how many subnets?

Answer 42

One

Question 43

Can a subnet be assigned to multiple routes tables?

Answer 43

Yes

Question 44

Within a VPC public subnet. What function does the IP address provide?

Answer 44

To allow communication with external resources via the internet.

Question 45

What does the local route on a routes table enable?

Answer 45

Communication between VPC subnets.

Question 46

Security groups support allow rules only. True or false.

Answer 46

True

Question 47

You launch a dedicated EBS-Backed EC2 instance. Does the EBS run on the single tennant hardware with the EC2 instance?

Answer 47

No.

Question 48

What RDS service uses mirroring, instead of multi AZ deployment

Answer 48

Microsoft sql server

Question 49

IAM policy logic always starts with…

Answer 49

A default deny.

Question 50

Are network ACLs stateless or stateful

Answer 50

Stateful

Question 51

Can instances in a custom security group, communicate with each other by default?

Answer 51

No. You must give explicit permission.

Question 52

Can instances in the default security group, communicate with each other by default?

Answer 52

Yes

Question 53

Are EIPs region specific?

Answer 53

Yes

Question 54

Can EIPs be moved between VPCs in the same region

Answer 54

Yes

Question 55

What does a VPC end point allow for?

Answer 55

To establish a private connection between a VPC and other AWS resources.

Eg an EC2 instance in a private subnet and s3

Question 56

To make different resources talk to each other. Always use …. never ….

Answer 56

IAM roles

Access keys

Question 57

You can not use NAT gateways on private subnets. What must you use instead?

Answer 57

VPC end points

Question 58

The two types of VPC endpoint are

Answer 58

Gateway endpoint

Interface endpoint

Question 59

When to use a gateway endpoint?

Answer 59

For s3 and Dynamo

Question 60

When to use an interface endpoint?

Answer 60

When it’s not for s3 or Dynamo

Question 61

Want to secure your VPC. Use what two things?

Answer 61

Network ACLs

Security groups

Question 62

If you add a rule to a network ACL. Does it effect all instances in the related subnet?

Answer 62

Yes

Question 63

You detect a malicious set of IPs attacking your VPC. Where best to apply a block on the IP range?

Answer 63

The network ACL

Question 64

NAT instances. Who is responsible for security, scalability and health checks?

Answer 64

You are.

Question 65

What is NAT gateway?

Answer 65

Fully managed service for NAT instances

Question 66

How to make NAT gateways HA?

Answer 66

Place them in multiple AZ’s

Question 67

True or false. NAT gateways are a good choice where a NAT instance is a bottle neck?

Answer 67

True

Question 68

Is Amazon direct connect encrypted by default?

Answer 68

No

Question 69

How to encrypt data sent over direct connect?

Answer 69

Use a VPN

Question 70

Is direct connect considered low latency?

Answer 70

Yes

Question 71

What does direct connect do?

Answer 71

Managed connectivity between multiple VPCs

Question 72

What is flat network architecture in AWS

Answer 72

Single account with a single VPC

Question 73

What is seven enter network architecture in AWS?

Answer 73

Multiple accounts in multiple VPCs

Question 74

Is transistive routing supporting in VPC peering?

Answer 74

No

Question 75

Does VPC Peering work cross region?

Answer 75

Yes

Question 76

Site to site VPN connections require

Answer 76

A pupbloc IP address on the customer gateway of the on premisises network
A virtual gateway attatched to the VPC

Question 77

Can you share a NAT instance across a VPC?

Answer 77

No

Question 78

You have a direct connect connection. But you need it to be highly available. How do you do this?

Answer 78

Have a redundant connection fallback from another location.