Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

AWS SysOps > VPC Section Summary > Flashcards

VPC Section Summary Flashcards

1
Q

CIDR

A

IP Range

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

VPC

A

Virtual Private Cloud - we define a list of IPv4 & IPv6 CIDR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Subnets

A

tied to an AZ, we define a CIDR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Internet Gateway

A

at the VPC level, provide IPv4 & IPv6 Internet Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Route Tables

A

must be edited to add routes from subnets to the IGW, VPC Peering Connections, VPC Endpoints, …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Bastion Host

A

public EC2 instance to SSH into, that has SSH connectivity to EC2 instances in private subnets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NAT Instances

A

gives Internet access to EC2 instances in private subnets. Old, must be setup in a public subnet, disable Source/Destination check flag

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

NAT Gateway

A

managed by AWS, provides scalable Internet access to private EC2 instances, IPv4 only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Private DNS + Route 53

A

enable DNS Resolution + DNS Hostnames (VPC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NACL

A

stateless, subnet rules for inbound and outbound, don’t forget Ephemeral Ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Security Groups

A

stateful, operate at the EC2 instance level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Reachability Analyzer

A

perform network connectivity testing between AWS resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

VPC Peering

A

connect two VPCs with non overlapping CIDR, non-transitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

VPC Endpoints

A

provide private access to AWS Services (S3, DynamoDB, CloudFormation, SSM) within a VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

VPC Flow Logs

A

can be setup at the VPC/Subnet/ENI Level, for ACCEPT and REJECT traffic, helps identifying attacks, analyze using Athena or CloudWatch Logs Insights

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Site-to-Site VPN

A

setup a Customer Gateway on DC, a Virtual Private Gateway on VPC, and site-to-site VPN over public Internet

17
Q

AWS VPN CloudHub

A

hub-and-spoke VPN model to connect your sites

18
Q

Direct Connect

A

setup a Virtual Private Gateway on VPC, and establish a direct private connection to an AWS Direct Connect Location

19
Q

Direct Connect Gateway

A

setup a Direct Connect to many VPCs in different AWS regions

20
Q

AWS PrivateLink/VPC Endpoint Services

A
  • Connect services privately from your service VPC to customers VPC
  • Doesn’t need VPC Peering, public Internet, NAT Gateway, Route Tables
  • Must be used with Network Load Balancer and ENI
21
Q

ClassicLink

A

connect EC2-Classic EC2 instances privately to your VPC

22
Q

Transit Gateway

A

transitive peering connections for VPC, VPN, & DX

23
Q

Transit Mirroring

A

copy network traffic from ENIs for further analysis

24
Q

Egress-only Internet Gateway

A

like a NAT Gateway, but for IPv6

AWS SysOps (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions