VPC

Question 1

By default, instances in new subnets in a custom VPC can communicate with each other across Availability Zones.

Answer 1

True
Why is this correct?
In a custom VPC with new subnets in each AZ, there is a route within the route table that supports communication across all subnets/AZs. Additionally, it has a Default SG with an “allow” rule: all traffic, all protocols, all ports, from resource using this default security group.

why not false
In a custom VPC with new subnets in each AZ, there is a route within the route table that supports communication across all subnets/AZs. Additionally, it has a Default SG with an “allow” rule: all traffic, all protocols, all ports, from resource using this default security group.

Question 2

Having just created a new VPC and launching an instance into its Public Subnet, you realize that you have forgotten to assign a Public IP to the instance during creation. What is the simplest way to make your instance reachable from the outside world?

Answer 2

Create an Elastic IP address and associate it with your instance

Creating an Elastic IP address and associate it with your instance would be the simplest way to make your instance reachable from the outside world. A public subnet doesn’t necessarily mean that the auto-assign a public IP is set for your VPC.

Although creating a new NIC & associating an EIP also results in your instance being accessible from the internet, it leaves your instance with 2 NICs & 2 private IPs as well as the Public Address and is therefore not the simplest solution. By default, any user-created VPC subnet WILL NOT automatically assign Public IPv4 Addresses to instances – the only subnet that does this is the “Default” VPC subnets automatically created by AWS in your account.

Question 3

In Amazon VPC, an instance retains its public IP when stopped and started. t or F?

Answer 3

Any public IP address of an EBS backed instance is released and a new one re-assigned when the instance is stopped and started. The private IP address is kept for any EBS backed EC2 instance. Note that an Elastic IP address is different, and an associated Elastic IP will remain on the instance, with the same IP address between power cycles.

Question 4

is NOT a component of the AWS Global Accelerator service?

Answer 4

CloudFront
AWS Global Accelerator and Amazon CloudFront are separate services that use the AWS global network and its edge locations around the world. CloudFront improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery). Global Accelerator improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions.

Question 5

true for security groups?

Answer 5

Security groups operate at the instance level.

Security groups evaluate all rules before deciding whether to allow traffic.

Security groups support “allow” rules only.

Question 6

What is the purpose of an egress-only internet gateway?

Answer 6

Prevents IPv6 based internet resources to initiate a connection into a VPC

Allows VPC based IPv6 traffic to communicate to the internet

Question 7

At which of the following levels can VPC Flow Logs be created?

Answer 7

B
VPC Level

C
Network Interface Level

D
Subnet Level

Question 8

What is the name given to an isolated unit with its own set of physical infrastructure which is used to provide global accelerator services?

Answer 8

Network Zone

Question 9

By default, how many VPCs am I allowed in each AWS Region?

Answer 9

5

Question 10

True or False: An Application Load Balancer must be deployed into at least two Availability Zone subnets.

Answer 10

True