VPC Flashcards

1
Q

Vpc’s consist of

A
Subnets 
Route tables
Internet gateways
Virtual private gateways
Network access control lists
Security groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How many availability zones can one subnet be assigned to?

A

One

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security groups are……….whereas network access control list are……

A

Stateful

Stateless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vpc peering does not permit……….

A

Transitive peering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

By default when you create a new vpc, what are the following components that get created?

A

Default security group
Default NACL
Default route table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How many subnets can you assign to one network access control list.

A

As many as you need to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When creating any cider range in aws, how many is addresses does aws reserve, and what are their purposes?

A
Five 
Network broadcast address
DNS server address
The router address
The network address
One reserved for future usage.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How many internet gateways can you assign to a vpc?

A

Only one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the core difference between a Nat gateway and a Nat instance?

A

The Nat gateway is highly available service provided by Amazon whereas the Nat instance is an ec2 instance you need to maintain yourself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the reason we use Nat instances/gateways?

A

To enable route of public traffic into a private subnet without exposing it to the outside world.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Where must a Nat instance be deployed in a vpc architecture to work?

A

The a public subnet associated with the vpc to which the private subnet also belongs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Because Nat instances are essentially an ec2 instance do they sit in front or behind security groups?

A

Behind them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the two benefits a Nat gateway offers over a Nat instance?

A

High throughput and no maintenance or patching required unlike an ec2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Are Nat gateways associated with security groups?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or false, Nat gateways are always assigned a public in address?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Nat gateways are only single AZ, if you wanted to create a fault tolerant solution you should?

A

Deploy Nat gateways in other AZs for protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Why might you not choose a Nat instance?

A

They struggle with high throughput and are a single point of failure in a vpc architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Once you have set up your Nat instance/gateway, what must you do next in order for your private subnet to be able to contact the outside world?

A

Add a record to the route table to which the private subnet belongs and allow traffic from the Nat instance/gateway.

19
Q

When creating your Nat instance, what do you need to be mindful of when creating it?

A

You must ensure that source and destination checks are disabled.

20
Q

By default the default network access control list allows….

A

All inbound and outbound traffic.

21
Q

When creating a custom network access control list all traffic…

A

Inbound and outbound is denied.

22
Q

Which gets triggered first, the network access control list or the security group?

A

The network access control list

23
Q

When creating a subnet within your vpc, if you do not select a network access control list by default the one assigned is?

A

The default network access control list for that vpc.

24
Q

Which of the following services can ban an IP address; network access control lists or security groups?

A

Network access control lists.

25
You can associate multiple subnets to an NACL but you cannot...
Associate multiple NACLs to a subnet.
26
NACLs contain a numbered list of rules, they are executed in..
Order of smallest to highest.
27
Vpc flow logs allow you to..
Capture up address traffic going to and from network interfaces in your vpc.
28
Vpc flow logs can be stored in two locations these are..
Cloudwatch or s3
29
Vpc flow logs can be done at 3 different levels, these are..
Vpc level Subnet level Network interface level
30
What are the three type of traffic vpc flow logs can capture?
All Accepted Rejected
31
Before you set up a vpc flow log for cloudwatch, you must already have..
An existing log group created.
32
Vpc flow logs can be used for peered vpcs but only if?
They belong to the same account.
33
Bastions servers provide what role?
They route ssh or rds traffic into your private subnets from the public domain securely allowing you to administrate your private instances.
34
What is direct connect?
It is a service that allows you to setup a secure and dedicated connection from on premises to aws.
35
Where might you use direct connect over other forms of connections to your vpc?
When you require a stable and reliable and secure connection. Where high throughput is being throttled by connection dropouts.
36
What is global accelerator?
It is a service in which you create accelerators to improve availability and performance of your applications for local and global users.
37
How is traffic controlled in global accelerator?
Using traffic dials and is configured within endpoint groups.
38
How many static IPs are you given when setting up global accelerator and if you don’t want those you can....
Two | Bring your own ip addresses.
39
What are the SEVEN key steps to creating a direct connect connection?
1 create a virtual interface in the direct connect console (this is a public virtual interface). 2 go to the vpc console and then to vpn connections and create a customer gateway. 3 create the virtual private gateway. 4 attach the virtual private gateway to the desired vpc. 5 select vpn connections and create a new vpn connection. 6 select the virtual private gateway and the customer gateway. 7 once the vpn is available, setup the vpn on the customer gateway or firewall.
40
Vpc endpoints, what are they?
They allow you to privately connect your vpc to aws services using ‘private link’ without requiring a internet gateway, a Nat device, a vpn connection or a direct connect connection. Once they are established the traffic between your vpc and the aws service does not leave the Amazon network.
41
What are the two types of vpc endpoints?
Interface endpoints and gateway endpoints.
42
Aws private link allows you to..
Expose a service vpc to tens, hundreds or thousands of customer vpcs.
43
What are the two components which enable aws private link between the service vpc and a customer vpc?
A network load balancer on the service vpc. | A elastic network interface (eni) on the customer vpc.
44
Wha is an aws transit gateway and what problems does it solve, and what is the network topology it provides?
Transitive peering between thousands of vpcs and on premises data centres. Is the only aws service that supports IP multicast. Simplify complex network topology. Works in a hub and spoke topology.