VPC - Access Control Lists (ACLs) Flashcards Preview

A Cloud Guru: AWS Solutions Architect-Associate Exam (EMIX) > VPC - Access Control Lists (ACLs) > Flashcards

Flashcards in VPC - Access Control Lists (ACLs) Deck (9)
Loading flashcards...
1
Q

Can subnets/availability zones span multiple Network ACLs?

A

No, but the reverse is possible.

2
Q

What traffic does the default Network ACL allow?

A

All traffic inbound and outbound.

3
Q

What traffic does a new Network ACL allow?

A

No traffic inbound or outbound.

4
Q

When you create a standard Network ACL for connecting to the Internet, why might it not connect right away?

A

You will need another rule that opens up ephemeral ports in order to cover the different types of clients that might initiate traffic to the public-facing instances in your VPC

5
Q

T/F: Each subnet in your VPC must be associated with a network ACL.

A

True

6
Q

If you don’t explicitly associate a subnet with a network ACL…

A

…the subnet is automatically associated with the default network ACL

7
Q

When you associate a network ACL with a subnet…

A

…the previous association is removed.

8
Q

How are the rules in a Network ACL evaluated?

A

Numerical order starting with the lowest number

9
Q

When blocking specific IPs…

A

…use network ACLs not security groups

Decks in A Cloud Guru: AWS Solutions Architect-Associate Exam (EMIX) Class (56):