VPC Overview

Question 1

What is a VPC?

Answer 1

A logically isolated section the cloud

Question 2

True or false: You have complete control over the networking including IP addresses, creating subnets, and configuring route tables?

Answer 2

True

Question 3

True or false: you can create a hardware VPN connection between your corporate data center and your VPC, allowing you to leverage AWS cloud as an extension of your corporate data center?

Answer 3

True

Question 4

Which three internal private IP ranges does AWS support?

Answer 4

10. 0.0.0 - 10.255.255.255 (10/8 prefix)
11. 16.0.0 - 172.31.255.255 (172.16/12 prefix)
12. 168.0.0 - 192.168.255.255 (192.168/16 prefix)

Question 5

What website can you use to help calculate the CIDR range you should use in your networks?

Answer 5

CIDR.xyz

Question 6

What is the default maximum number of VPC’s you can have in a region?

Answer 6

5

Question 7

Can you increase the default number of VPCs in a region?

Answer 7

Yes, by opening a case with AWS

Question 8

If you require more IP addresses than your current VPC supports, how can you create more?

Answer 8

You have to create a new VPC, so plan ahead.

Question 9

Where do CIDR addresses get applied?

Answer 9

When you create a subnet

Question 10

Can a subnet span availability zones?

Answer 10

No. One subnet, one availability zone.

Question 11

Where are subnets applied?

Answer 11

Availability Zones

Question 12

Can you create more than one internet gateway in a VPC?

Answer 12

No, each VPC can be allocated one IG

Question 13

True or false: You should always plan for high availability with internet gateways by implementing at least two per VPC?

Answer 13

False: You can only attach one internet gateway per VPC. Internet gateways are an AWS managed service and have high availability built in.

Question 14

True or false: Like subnets, security groups are locked to one availability zone?

Answer 14

False: Security groups can span availability zones.

Question 15

True or false: With a custom VPC, you can launch instances into the subnet of your choice?

Answer 15

True

Question 16

True or false: With a custom VPC, you can assign custom IP address ranges in each subnet?

Answer 16

True

Question 17

True or false: With a custom VPC, you can configure route tables between subnets?

Answer 17

True

Question 18

True or false: With a custom VPC, you can attach an internet gateway to your VPC?

Answer 18

True

Question 19

True or false: With a custom VPC, you can have much better security control over your AWS resources?

Answer 19

True

Question 20

True or false: With a custom VPC, you can use instance security groups?

Answer 20

True

Question 21

True or false: With a custom VPC, you can use subnet access control lists?

Answer 21

True

Question 22

Can you block IP addresses with a subnet access control list?

Answer 22

Yes

Question 23

True or false: With the AWS default VPC, all instances require an internet gateway for access to the internet?

Answer 23

False: All subnets in a default VPC have a route to the internet.

Question 24

True or False: Instances in a default VPC have only a public IP address?

Answer 24

False: Instances in a default VPC have both a public and a private IP address

Question 25

True or false: Private subnets come with the default VPC?

Answer 25

False: To get private subnets in the default VPC you have to create them manually.

Question 26

When you deploy an EC2 instance to a custom VPC in a private subnet, will the EC2 instance be assigned a public and private IP address?

Answer 26

No, it will only be assigned a private IP address because it is in a private subnet.

Question 27

Can one VPC talk to another?

Answer 27

Yes, via VPC Peering

Question 28

What does VPC peering allow you to do?

Answer 28

Connect one VPC with another via a direct network route.

Question 29

Do VPC Peers use public or private IP addresses?

Answer 29

Private IP addresses

Question 30

With VPC peering, do instances behave as though on the same private network?

Answer 30

Yes. They will be allowed to communicate to eachother.

Question 31

While you can peer VPCs in your AWS account, peering with other AWS accounts is not possible without a VPN connection?

Answer 31

False: You can peer with VPCs in another account without the need of VPNs or other services.

Question 32

What network topology (or configuration) do VPC peers follow?

Answer 32

Star topology (configuration).

Question 33

Does VPC peering support transitive peering?

Answer 33

No, only direct peering

Question 34

What is transitive peering?

Answer 34

The idea that if VPC - A has a VPC peer with VPC - B and VPC - C, then VPC - A can network with VPC - C through VPC - B.

Question 35

If VPC - A needs to peer to VPC - C througfh VPC - B, how can this be accomplished?

Answer 35

VPC - B would need a VPC peer with VPC - C

Question 36

Exam Tip - Should you think of a VPC as a logical datacenter in AWS?

Answer 36

Yes

Question 37

Exam Tip - What network assets do VPCs consist of?

Answer 37

Network access control lists subnets security groups.

Question 38

Exam Tip - How many availability zones can a subnet access?

Answer 38

One. Remember, one subnet per availability zone.

Question 39

Exam Tip - Are security groups stateful, or stateless?

Answer 39

Stateful

Question 40

Exam Tip - Are network access control lists stateful or stateless?

Answer 40

Stateless

Question 41

Exam Tip - Is transitive peering a thing?

Answer 41

No. To achieve that kind of secario, you must create peering between peered VPCs.

Question 42

Is an availabilty zone in one account, the same as an availability zone in another? In other words, if you select us-west-1a, and another AWS account selects us-west-1a, are they neccesarily the same physical location?

Answer 42

No. AWS randomizes the availabilty zones for each account to ensure an equal distribution of resource allocation across their datacenters.

Question 43

You deployed a /24 CIDR block which includes 256 IP addresses. You notice only 251 are available to you? What's going on?

Answer 43

The first 4 IP addresses and the last IP address are reserved by AWS.

Question 44

Which IP addresses are reserved by AWS?

Answer 44

x. x.x.0 = network IP address x. x.x.1 = Reserved by the VPC router x. x.x.2 = Reserved by AWS DNS x. x.x.3 = Reserved by AWS x. x.x.255 = Network broadcast address

Question 45

How many IP addresses will you lose when deploying a CIDR block?

Answer 45

5

Question 46

BY default, are nelwy create internet gateways attached to the custom VPC?

Answer 46

No, they are detached. You have to attach it to a custom VPC.

Question 47

True or False: When you create a subnet, it is automatically associated with your main route table?

Answer 47

True

Question 48

As a security precaution, why should your main route table be private, without access to or from the internet?

Answer 48

Newly created subnets are automatically assigned to it, creating a possible security issue.