Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Certified Cloud Practitioner 2022 > VPC and Networking > Flashcards

VPC and Networking Flashcards

1
Q

Your private subnets need to connect to the Internet while still remaining private. Which AWS-managed VPC component allows you to do this?

a) NAT Instances
b) Internet Gateway
c) Security Groups
d) NAT Gateways

A

d) NAT Gateways

NAT Gateways allow your instances in your private subnets to access the Internet while remaining private, and are managed by AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A public subnet is accessible from the Internet while a private subnet is not accessible from the Internet.

a) Yes
b) No, all subnets are accessible from the Internet
c) No, all subnets are not accessible from the Internet

A

a) Yes

A public subnet is accessible from the Internet while a private subnet is not accessible from the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of firewall has both ALLOW and DENY rules and operates at the subnet level?

a) Network Access Control List (NACL)
b) Web Application Firewall (WAF)
c) Security Groups
d) GuarDuty

A

a) Network Access Control List (NACL)

A network access control list (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. They have both ALLOW and DENY rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You would like to connect hundreds of VPCs and your on-premises data centers together. Which AWS service allows you to do link all these together efficiently?

a) Site-to-Site VPN
b) Transit Gateway
c) Internet Gateway
d) Direct Connect

A

b) Transit Gateway

Transit Gateway connects thousands of VPC and on-premises networks together in a single gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company needs two VPCs to communicate with each other. What can they use?

a) VPC Endpoints
b) AWS Direct Connect
c) Internet Gateway
d) VPC Peering

A

d) VPC Peering

VPC Peering connection is a networking connection between two VPCs using AWS’ network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You need a logically isolated section of AWS, where you can launch AWS resources in a private network that you define. What should you use?

a) Subnets
b) Availability Zones
c) A VPC
d) NAT Instances

A

c) A VPC

A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company needs to have a private, secure and fast connection between its on-premises data centers and the AWS Cloud. Which connection should they use?

a) AWS Connect
b) Site-to-Site VPN
c) VPC Peering
d) AWS Direct Connect

A

d) AWS Direct Connect

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated private network connection from your premises to AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your VPC needs to connect with the Internet. Which VPC component can help?

a) NAT Gateways
b) NAT Instances
c) Network ACL
d) Internet Gateway

A

d) Internet Gateway

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a VPC (Virtual Private Cloud)?

A

Is a private network for deploying resources, like EC2 instances.

VPCs are linked to a specific region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What subnets allow to do?

A

Subnets allow to partition the network inside a VPC (Availability Zone resource)

These are divided as public and private subnets.

Public subnets are accessible from the internet while private subnets are not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Elements that are used to define access to the internet and between subnets.

A

Route Tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are Internet Gateways used for?

A

Internet Gateways are used for allowing VPC instances to connect to the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What you could use to allow your instances in your Private Subnets to access the internet while remaining private.

A

NAT Gateways which are AWS-managed and NAT Instances which are self-managed.

The NAT Gateway/Instance has to be created on a public subnet and then a route from the private subnets to the NAT Gateway and from the NAT Gateway to the Internet Gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a NACL?

A

A firewall which controls traffic from and to subnet

  • It can have ALLOW and DENY rules
  • Operates at subnet level
  • Rules only include IP addresses
  • Is stateless: Return traffic must be explicity allowed by the rules
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In difference with NACL, what is a Security Group?

A

A firewall that controls traffic to and from an ENI (Elastic Network Interface) or EC2 instance.

  • Can olnly have ALLOW rules
  • Operates at the instance level
  • Rules include IP addresses and other security groups
  • Is stateful: Return traffic is automatically allowed, regardless of any rules
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What can cause a VPC peering to not stablish connection?

A

When the IP addresses between the VPCs to connect ovelarp the CIDR the VPC peering connection cannot be stablished.

17
Q

Are VPC connections transitive?

A

NO, VPC peering connections must be stablished for each VPC that is required to communicate to each other.

18
Q

What are VPC Endpoints used for?

A

Endpoints are used for connecting to AWS services using a private network, this gives enhanced security and lower latency.

19
Q

Which services can be accessed by creating a VPC Endpoint Gateway?

A

S3 and Dynamo DB, for all other services are available through a VPC Endpoint Interface

20
Q

What is a Transit Gateway used for?

A

It is used for having a transitive peering between thousands of VPC and on-premises, hub-and-spoke (star) connection.
This means one single gateway to provide this functionality, it works with Direct Connect Gateway and VPN connections.

21
Q

What is a Site to Site VPN?

A

It is a VPN that allows to connect on-premises Data Centers to AWS.

The connection goes through public internet and is automatically encrypted, which makes it have limited bandwith.

22
Q

What is Direct Connect (DX)

A

Is a physical connection between on-premises datacenter and AWS.
The connection is private, secure and fast and it goes over a private network.

It requires at least one month to establish the communication.

23
Q

What elements are required to stablish a Site to Site VPN?

A

It is necessary a Customer Gateway (CGW) at on-premises side and a Virtual Private Gateway (VGW) on the AWS side.

AWS Certified Cloud Practitioner 2022 (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions