Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

solutions architect associate > VPC > Flashcards

VPC Flashcards

1
Q

Vpc’s consist of

A 
Subnets 
Route tables
Internet gateways
Virtual private gateways
Network access control lists
Security groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How many availability zones can one subnet be assigned to?

A

One

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security groups are……….whereas network access control list are……

A

Stateful

Stateless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vpc peering does not permit……….

A

Transitive peering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

By default when you create a new vpc, what are the following components that get created?

A

Default security group
Default NACL
Default route table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How many subnets can you assign to one network access control list.

A

As many as you need to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When creating any cider range in aws, how many is addresses does aws reserve, and what are their purposes?

A 
Five 
Network broadcast address
DNS server address
The router address
The network address
One reserved for future usage.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How many internet gateways can you assign to a vpc?

A

Only one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the core difference between a Nat gateway and a Nat instance?

A

The Nat gateway is highly available service provided by Amazon whereas the Nat instance is an ec2 instance you need to maintain yourself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the reason we use Nat instances/gateways?

A

To enable route of public traffic into a private subnet without exposing it to the outside world.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Where must a Nat instance be deployed in a vpc architecture to work?

A

The a public subnet associated with the vpc to which the private subnet also belongs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Because Nat instances are essentially an ec2 instance do they sit in front or behind security groups?

A

Behind them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the two benefits a Nat gateway offers over a Nat instance?

A

High throughput and no maintenance or patching required unlike an ec2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Are Nat gateways associated with security groups?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or false, Nat gateways are always assigned a public in address?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Nat gateways are only single AZ, if you wanted to create a fault tolerant solution you should?

A

Deploy Nat gateways in other AZs for protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Why might you not choose a Nat instance?

A

They struggle with high throughput and are a single point of failure in a vpc architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Once you have set up your Nat instance/gateway, what must you do next in order for your private subnet to be able to contact the outside world?

A

Add a record to the route table to which the private subnet belongs and allow traffic from the Nat instance/gateway.

19
Q

When creating your Nat instance, what do you need to be mindful of when creating it?

A

You must ensure that source and destination checks are disabled.

20
Q

By default the default network access control list allows….

A

All inbound and outbound traffic.

21
Q

When creating a custom network access control list all traffic…

A

Inbound and outbound is denied.

22
Q

Which gets triggered first, the network access control list or the security group?

A

The network access control list

23
Q

When creating a subnet within your vpc, if you do not select a network access control list by default the one assigned is?

A

The default network access control list for that vpc.

24
Q

Which of the following services can ban an IP address; network access control lists or security groups?

A

Network access control lists.

25
Q

You can associate multiple subnets to an NACL but you cannot…

A

Associate multiple NACLs to a subnet.

26
Q

NACLs contain a numbered list of rules, they are executed in..

A

Order of smallest to highest.

27
Q

Vpc flow logs allow you to..

A

Capture up address traffic going to and from network interfaces in your vpc.

28
Q

Vpc flow logs can be stored in two locations these are..

A

Cloudwatch or s3

29
Q

Vpc flow logs can be done at 3 different levels, these are..

A

Vpc level
Subnet level
Network interface level

30
Q

What are the three type of traffic vpc flow logs can capture?

A

All
Accepted
Rejected

31
Q

Before you set up a vpc flow log for cloudwatch, you must already have..

A

An existing log group created.

32
Q

Vpc flow logs can be used for peered vpcs but only if?

A

They belong to the same account.

33
Q

Bastions servers provide what role?

A

They route ssh or rds traffic into your private subnets from the public domain securely allowing you to administrate your private instances.

34
Q

What is direct connect?

A

It is a service that allows you to setup a secure and dedicated connection from on premises to aws.

35
Q

Where might you use direct connect over other forms of connections to your vpc?

A

When you require a stable and reliable and secure connection.
Where high throughput is being throttled by connection dropouts.

36
Q

What is global accelerator?

A

It is a service in which you create accelerators to improve availability and performance of your applications for local and global users.

37
Q

How is traffic controlled in global accelerator?

A

Using traffic dials and is configured within endpoint groups.

38
Q

How many static IPs are you given when setting up global accelerator and if you don’t want those you can….

A

Two

Bring your own ip addresses.

39
Q

What are the SEVEN key steps to creating a direct connect connection?

A

1 create a virtual interface in the direct connect console (this is a public virtual interface).
2 go to the vpc console and then to vpn connections and create a customer gateway.
3 create the virtual private gateway.
4 attach the virtual private gateway to the desired vpc.
5 select vpn connections and create a new vpn connection.
6 select the virtual private gateway and the customer gateway.
7 once the vpn is available, setup the vpn on the customer gateway or firewall.

40
Q

Vpc endpoints, what are they?

A

They allow you to privately connect your vpc to aws services using ‘private link’ without requiring a internet gateway, a Nat device, a vpn connection or a direct connect connection.
Once they are established the traffic between your vpc and the aws service does not leave the Amazon network.

41
Q

What are the two types of vpc endpoints?

A

Interface endpoints and gateway endpoints.

42
Q

Aws private link allows you to..

A

Expose a service vpc to tens, hundreds or thousands of customer vpcs.

43
Q

What are the two components which enable aws private link between the service vpc and a customer vpc?

A

A network load balancer on the service vpc.

A elastic network interface (eni) on the customer vpc.

44
Q

Wha is an aws transit gateway and what problems does it solve, and what is the network topology it provides?

A

Transitive peering between thousands of vpcs and on premises data centres.
Is the only aws service that supports IP multicast.
Simplify complex network topology.
Works in a hub and spoke topology.

solutions architect associate (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions