Virtual Private cloud
What properties of an Amazon VPC must be specified at the time of creation? ( choose 2) A. The CIDR block representing the IP address range B. One or more subnets for Amazon VPC C. The region for the Amazon VPC D. Amazon VPC Peering Relationships
A,C
How many VPC endpoints AWS Provide
2
How many types of subnets are there?
3: private public vpn
A VPC consists of how many components?
5 subnets, rout tables, security group, DHCP, Network ACLs
How many IGWs can you attach to an Amazon VPC at any one time? A. 1 B. 2 C. 3 D. 4
A
What is the default limit for the number of Amazon VPCs that a customer may have in a region. A. 5 B. 6 C. 7 D. There is no limit
A
What is the maximum size IP address range that you can have in an Amazon VPC? A. /16 B. /24 C. /28 D. /30
A
Which of the following is an optional security control that can be applied at the subnet layer of a VPC? A. Network ACL B. Security Group C. Firewall D. Web application firewall
A
DHCP (Dynamic Host Configuration Protocol)
A network service that provides automatic assignment of IP addresses and other TCP /IP configuration information.
Network Address Translation (NAT)
A technique that allows private IP addresses to be used on the public Internet.
VPC (Virtual Private Cloud)
Allows you to create your own virtual private cloud. To logically isolate a section of the cloud. VPC is your own data center in the cloud
What Aspect of an Amazon VPC is stateful? A. Network ACLs B. Security Groups C. Amazon DynamoDB D. Amazon S3
B
Which Amazon VPC feature allows you to create a dual-homed instance. A. EIP Address B. ENI C. Security groups D. CGW
B
Which of the following AWS resources would you use in order for an EC2-VPC instance to resolve DNS name outside AWS? A. A VPC peering connection B. A DHCP option set C. A Routing rule D. AN IGW
B
You are responsible for your company's AWS resources, and you notice a significant amount of traffic from an IP address in a foreign country in which your company does not have customers. Further investigation of the traffic indicates the source of the traffic is scanning for open ports on your EC2-VPC instances. Which of the following resources can deny the traffic reaching instances? A. Security group B. Network ACL C. NAT instance D. An Amazon VPC endpoint
B
Which of the following will occur when an Amazon Elastic Block Store backed Amazon Ec2 instance in an Amazon VPC with an associated EIP is stopped and started? ( choose 2 answers) A. The EIP will be dissociated from the instance B. All data on instance-store devices will be lost. C. All data on Amazon EBS devices will be lost D. The ENI is detached E. The underlying host for the instance is changed.
B E
What happens when you create a new Amazon VPC? A. A main route table is created by default B. Three subnets are created by default in one for each Availability Zone C. Three Subnets are created by default in one Availability Zone D. An IGW is created by default
C
What is the minimum size of subnet that you can have in an Amazon VPC A. /24 B. /26 C. /28 D. /30
C
You are a solutions architect working for a large travel company that is migrating its existing server to AWS. You have recommended that they use a custom Amazon VPC, and they have agreed to proceed. they will need a public subnet for their web servers and a private subnet in which to place their databases. They also require that the web servers and databases servers be highly available and that there be a minimum of two web servers and two database servers each. How many subnets should you have to maintain high availability. A. 2 B. 3 C. 4 D. 1
C
You create a new VPC in US-East-1 and provision three subnets inside this Amazon VPC. Which of the following statements is true? A.By default, these subnets will not be able to communicate with each other; you will need to create routes B. All subnets are public by default C. All subnets will be able to communicate with each other by default. D. Each subnet will have identical blocks
C
You have created a custom Amazon VPC with both private and public subnets. You have created a NAT instance and deployed this instance to a public subnet. You have attached an EIP address and added you NAT to the route table. Unfortunately; instances in your private subnet still cannot access the internet. What may be the cause of this? A. Your NAT is in a public subnet, but it needs to be in a private Subnet B. Your NAT should be behind an Elastic Load Balancer C. You should disable source/ destination checks on the NAT. D. Your NAT has been deployed on a windows instance, but your other instances are Linux. You should redeploy the NAT onto a Linux instance
C
Amazon VPC Peering
Connection is a networking connection between two Amazon VPCs to communicate with each other as if they are within the same network
Route Table
Contains a set of rules that are applied to the subnet and used to determine where network traffic is directed
How many VPC Peering connections are required for four VPCs located within the same AWS region to be able to send traffic to each of the others A.3 B 4 C. 5 D. 6
D
Which of the following Amazon VPC resources would you use in order for EC2- VPC instances to send traffic directly Amazon S3? A. Amazon S3 gateway B. IGW C. CGW D. VPC Endpoint
D
Which of the following is the Amazon side of an Amazon VPN connection? A. An EIP B. A CGW C. An IGW D. A VPG
D
Which of the following is the security protocol supported by Amazon VPC A. SSH B Advanced Encryption Standard C Point-to-Point Tunneling Protocol D. IPsec
D
You create a new subnet and then add a route to your route table that routes traffic out from that subnet to the internet using an IGW. What type of subnet have you created? A. An internal subnet B. A private Subnet C. An external Subnet D. A public Subnet
D
Amazon VPC endpoint
Enables you to create a private connection between your Amazon VPC and another AWS service without requiring access over the internet
Elastic IP Address
IS a static public IP address in the pool the region that you can allocate to your account
Security Groups
IS a virtual firewall that controls inbound and outbound network traffic to AWS resources and Amazon EC2 instance.
What is IP
Internet Protocol provides the Internet's addressing scheme
Internet Gateway
Is a gateway that allows you to have internet access to your EC2 instances by adding a IG your giving a subnet internet access also must change the rules to the route table.
Network Access Control List
Is a layer of security that acts as a firewall at the subnet level. Denies all inbound and outbound traffic until you add the rules.
Virtual private gateway
Is a virtual private network is a connection between two networks. The VPG is the VPN concentrator on the Amazon side. Once created last step is to make a VPN Tunnel
Interface endpoint
Is an elastic network interface with a private IP address from the IP address range of your subnet that serves as a entry point for traffic to a supported service
AWS NACL
Is another layer of security that acts as a statless firewall on a subnet level. A network ACL is a number list of rules that AWS evaluates in order starting with the lowest numbered rule
Virtual Private Gateway
Is the virtual private network concentrator on the AWS side of the VPN connection between two networks. Enables you to securely access your AWS resources on your premises network
OTLP:
Online Transaction Processing
Transit Gateway
You can connect VPCs and an on-premise network using a network transit hub. Acts as a cloud router for traffic flowing between your VPC and VPN connection.
CIDR (Classless Inter Domain Routing)
allows service providers to allocate IPv4 addresses on any address bit boundary (prefix length /) instead of only by a class A, B, or C address
Gateway endpoint
is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service. S3 and DynamoDB are the services supported
Subnet
is a segment of an Amazon VPC's IP address range where you can launch Amazon EC2 instance. RDS. CIDR blocks define subnet. One subnet equals one Availability zone
route table
is a table consisting of certain rules known as a routes that determines where the traffic is directed. Contains all the information compares to a real life router.
Elastic Network Interface
is a virtual network interface that you can attach to an instance in VPC. Are only available within VPC, and they are associated with a subnet upon creation. Have only 1 public IP address and can have multiple private IP address
NAT Gateway
is an Amazon managed resource that is designed to operate just like a NAT instance, but it is simpler to manage and highly available within an Availability Zone.
NAT Instance
is designed to accept traffic from instances within a private subnet, translate the source IP address to the public IP address of the NAT instance, and forward the traffic to the IGW. In addition, the NAT instance maintains the state of the forwarded traffic in order to return response traffic from the Internet to the proper instance in the private subnet. You need a elastic IP to run it .
What is a subnet?
is short for Subnetwork which is logical subdivision of an IP network. You can divide a network into multiple networks
Amazon VPC
is the networking layer for EC2 and it allows you to build your own virtual network within AWS. You control various aspects. Has 5 major components