VPCs Flashcards
VPC stands for
Virtual Private Cloud
What mechanism would you use to RDP/SSH into your private subnet from the internet
Bastion Hosts
What is the largest network CIDR block allowed by AWS?
/16
What is Transitive Peering? Is it permitted by AWS VPCs?
Transitive Peering is the ability to communicate with VPCs peered with your direct VPC peers. This functionality is not supported in AWS.
True or False: VPCs can peer across regions?
True
True or False: VPCs can peer across AWS accounts?
True
True or False: Subnets can span availability zones?
False
True or False: You can resolve private IP addresses across a VPC Peering connection
True and False; By default, you can only resolve public IP addresses. However, if you enable DNS hostname resolution for your VPC connection, you can resolve private IP addresses.
By default, which components are created for you when you create a VPC?
Route Table
Network Access Control List
Security Group
What is not created when you create a VPC?
NAT Gateways
Internet Gateways
Subnets
How many and what kinds of IP addresses are reserved by AWS when you create a VPC?
5 IP addresses are reserved: The network address (10.0.0.0) The Broadcast address (10.0.0.255) The Router Address (10.0.0.1) The DNS Server address (10.0.0.2) "Future Use" Address (10.0.0.3)
How many Internet Gateways can be configured per VPC?
1
True or False: When you create a VPC, the Route Table includes routes to allow all subnets to talk to each other?
True
What is the difference between a NAT Gateway and a NAT Instance?
A NAT Instance is a single EC2 instance that resides on a public subnet whereas a NAT Gateway is a managed service for your availability zone. Both allow you to configure Internet access for your private instances whilst blocking the Internet from creating connections to those instances. Since a NAT Instance is an EC2 Instance, it is associated with a Security Group. NAT Gateways are not.
What must you disable on a NAT Instance to permit private instances to access the Internet?
Disable Source/Destination checks when creating the instance, which is enabled by default. This check asserts that any traffic it sends or receives must originate from the instance itself, but since this instance acts as a Gateway for your private instances, traffic will originate from the Internet/private instances.
How many NAT Gateways can you have per availability zone?
1