VPC

Question 1

VPC Components

There are 11 elements in the answer

Answer 1

• Internet Gateway (IGW)
• Virtual Private Gateway
• Routing tables
• Network Access Control Lists (NACLs)
• Security Groups (SG)
• Public Subnets
• Private Subnets
• Nat Gateway
• Customer Gateway
• VPC Endpoints
• VPC Peering

Question 2

How many VPCs per region can you create?

Answer 2

5

Question 3

How many subnets per VPC can you have?

Answer 3

200

Question 4

In VPC, What elements can you use for free?

There are 6 elements in the answer

Answer 4

• Route tables
• NACLs
• Internet Gateway
• Security groups
• Subnets
• VPC Peering

Question 5

In VPC, What elements can you use paying some money?

There are 4 elements in the answer

Answer 5

• NAT gateway
• VPC Endpoints
• VPN Gateway
• Customer Gateway

Question 6

What can you set when creating a VPC?

There are 4 fields

Answer 6

• Name tag
• IPv4 CIDR Block (10.0.0.0/16)
• IPv6 CIDR Block (The adress of the VPC)
• Tenacy (Default or dedicated hardware)

Question 7

What does it come with a default VPC?

Answer 7

• A subnet in each AZ
• Internet Gateway
• Security group
• NACLS
• DHCP
• Route Table

Question 8

What is the purpose of the default VPC in each region?

Answer 8

You can start deploying your instances immediately

Question 9

What does VPC Peering allow you to do?

Answer 9

Securely connect multiple VPCs together over a direct route

No Transitive Peering (peering must take place directly between VPCs)

Question 10

This VPC feature lets you connect one VPC with another, over a direct network route using private IP addresses

Answer 10

VPC Peering

Question 11

This VPC component is used to determine where network traffic is directed

dəˈtɜrmən

Answer 11

Route Tables

Question 12

In VPC, What do you have to associate with your route table?

Route Tables are used to determine where network traffic is directed

Answer 12

Subnets

Question 13

In VPC, How many subnets can have a route table?

Answer 13

As much as you want

Question 14

In VPC, How many route tables can be associated with a subnet?

Answer 14

One route table at a time

Question 15

This VPC component allows your VPC to access the internet

Answer 15

Internet Gateway (IGW)

Question 16

What does an Internet Gateway do?
It does two things

It provides a …
It performs …

Answer 16

• It provide a target in your route tables for internet traffic
• It performs network address translation (NAT)

Question 17

In VPC, Should a bastion host be located in a Public, or Private subnet?

Answer 17

Public

Question 18

Which AWS service removes the need for bastion hosts?

Answer 18

• System Manager
• Amazon EC2 Systems Manager.

Systems Manager allows you to remotely execute commands on managed hosts without using a bastion host (you might know this feature as EC2 Run Command). A host-based agent polls Systems Manager to determine whether a command awaits execution.

Question 19

In VPC, This type of host is a security hardened image used for secure SSH or RDP access to a private subnet

Answer 19

Bastion Host / Jump Box

Question 20

What is a Bastion or Jumpbox?

Answer 20

Bastions are EC2 instances which are security harden.

They are designed to help you gain access to your EC2 Instances via SSH or RCP That are in a private subnet.

Question 21

AWS solution for establishing dedicated network connections from on-premises locations to AWS.

Answer 21

AWS Direct Connect

On-Premise > 1GB to 10GB

Helps reduce network costs and increase bandwidth throughput. (great for high traffic networks)
Fast -> Amazon S3

Question 22

What are the 2 types of VPC Endpoints?

Answer 22

Gateway Endpoints

Interface Endpoints

Question 23

What do VPC endpoints allow you to do?

Answer 23

Keep all traffic between your VPC and other AWS services inside of the AWS network

Question 24

True or False, a VPC endpoint eliminates the need for an internet gateway, NAT device, VPN, or DirectConnect Connection

Answer 24

True

If you have an instance inside a VPC and you want to connect to a S3, you could do that through the internet gateway but it would be more convenient if you access to it using a Router > VPC Endpoint > S3 without the need for an internet gateway

Question 25

In VPC, Interface Endpoints are…

Answer 25

Elastic Network Interfaces (ENI) with a private IP address.
They serve as an entry point for traffic going to a supported service.

If an instance fails you can disconnect that ENI from your failed instance and attach it to the new instance

ENI is like a network card

Question 26

In VPC, Which AWS service powers interface endpoints?

Answer 26

Interface Endpoints are powered by AWS PrivateLink

ˈpraɪvɪt lɪŋk

Question 27

In VPC, What is a Gateway Endpoint?

Answer 27

It is for supported AWS services only. You specify a gateway endpoint as a route table target for traffic destined to the following AWS services:
S3 and DynamoDB

Question 28

In VPC, How much do VPC Gateway Endpoints cost?

Answer 28

Free

Question 29

In VPC, What are the only supported 2 services VPC Gateway Endpoints?

Answer 29

S3

DynamoDB

Question 30

VPC Private gateway and your on premise network

Answer 30

You can connect your VPC with your On-Premise network and you can access your resources because you’d be within your VPC

Question 31

What is VPC?

Answer 31

It’s a service that enables you to launch AWS resources into a virtual network that you’ve defined