Networking Flashcards Preview

AWS SysOps > Networking > Flashcards

Flashcards in Networking Deck (35)
Loading flashcards...
1
Q

What does CIDR stand for?

A

Classless Inter-Domain Routing

2
Q

What does a /32 in a CIDR range represent? (198.123.0.0/32)

A

A single IP address

3
Q

What does a /0 in a CIDR range represent? (0.0.0.0/0)

A

All IPs

4
Q

What are the 2 components of a CIDR?

A
  • A base IP xx.xx.xx

- A subnet mask /26

5
Q

What are the 9 steps to create a VPC?

A
Create VPC
Create subnets
Add Internet Gateway
Attach Internet Gateway to VPC
Create new Route Table
Add new route for internet access
Update Subnet Association
Auto Assign IP addresses
Launch instances
6
Q

How do you calculate the total number of IP addresses of a given CIDR Block

A

Subtract the mask number from 32, then raise 2 to the power of the result:
/27 = 32 - 27 = 5
2^5 = 32

7
Q

What does IANA stand for?

A

Internet Assigned Numbers Authority

8
Q

What are the 3 kinds of private IPs you can have?

A
  • 10.0.0.0 for big networks
  • 172.16.0.0 for default AWS
  • 192.0.0.0 for home networks
9
Q

If you need 29 IP addresses, what Subnet/CIDR range do you choose?

A

/26 as this is 2^6 = 64 because AWS reserves 5 IPs

10
Q

How many Internet Gateways per VPC can you have?

A

1

11
Q

What are 4 basic steps to set up a Nat Instance?

A
  • Must be launched in a public subnet
  • Must disable EC2 Source / Destination check
  • Must have an Elastic IP attached to it
  • Route table must be configured to route traffic from private subnet to Nat Instance
12
Q

Given a choice between a Nat Instance and a Nat Gateway, which would you choose?

A

Nat Gateway

13
Q

For DNS Resolution in VPC, what does the enableDnsSupport setting do?

A

Helps decide if DNS resolution is supported for the VPC

14
Q

For DNS Resolution in VPC, what does the enableDnsHostName setting do?

A

Assigns a public hostname to the instance if enableDnsSupport is true and if it has a public IP

15
Q

At what level do security groups operate at?

A

Instance level

16
Q

At what level do ACLs operate at?

A

subnet level

17
Q

What is the default setting for the default Network ACL?

A

Allows all inbound/outbound traffic

18
Q

What is the default setting for a custom Network ACL?

A

All inbound/outbound traffic is denied

19
Q

Can Network ACLs span AZs?

A

Yes

20
Q

What does a security group do?

A

Defines what protocols are allowed communicate with the resources behind it

21
Q

How many subnets in an availability zone

A

One subnet per AZ

22
Q

What is a subnet?

A

A CIDR address range - equates to one availability zone

23
Q

What are 3 acceptable sources for a security group?

A

Specific IP
CIDR block
Another Security Group id

24
Q

How are security group rules evaluated?

A

All rules are evaluated before deciding what traffic to allow.

25
Q

How are NACL rules evaluated?

A

Rules are processed in number order when deciding what traffic to allow.

26
Q

What is VPC peering?

A

Allows you to connect VPCs using private IPs

27
Q

What conditions apply to use VPC peering?

A

No matching CIDR block
Must be in same region
No transitive peering

28
Q

How many VPCs per region can you have?

A

5

29
Q

What is a VPC endpoint?

A

Allows you to connect to AWS services in a private network instead of using Internet

30
Q

What is an ENI?

A

Private IP address

31
Q

If you have VPC issues, what 2 things should you check?

A
  • Check DNS resolution setting in VPC

- Check Route Table

32
Q

What 2 services use Gateway VPC Endpoints?

A
  • S3

- DynamoDB

33
Q

What type of VPC endpoint does most services use?

A

Interface VPC Endpoint

34
Q

What 2 things should you do if you want to enable Private DNS Name for an Interface VPC Endpoint?

A
  • EnableDnsHostnames

- EnableDnsSupport

35
Q

How do you analyze VPC flow logs?

A

Athena