VPC - Introduction and Overview Flashcards Preview

Fully Merged AWS SA Prep > VPC - Introduction and Overview > Flashcards

Flashcards in VPC - Introduction and Overview Deck (50)
Loading flashcards...
1
Q

Think of VPC as…

A

…a logical datacenter.

2
Q

Where do you deploy a VPC?

A

Region

3
Q

T/F: VPCs can span regions.

A

False

4
Q

T/F: VPCs can span Availability Zones.

A

True

5
Q

According to the AWS definition, what does Amazon VPC allow you to provision?

A

Amazon VPC lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define.

6
Q

According to the AWS definition, how much control do you have over your networking environment?

A

You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

7
Q

T/F: You can easily customize the network configuration for your Amazon VPC.

A

True

8
Q

What is an example of how you can customize the network configuration for VPC?

A

Create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems (e.g. databases, application servers) in a private-facing subnet with no internet access

9
Q

You can leverage multiple layers of security, including…

A

…security groups and Network ACLs to help control access to EC2 instances in each subnet.

10
Q

T/F: You can create a Hardware VPN connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.

A

True

11
Q

Private IP address ranges

A
  1. 10.0.0.0-10.255.255.255 (10/8 prefix) 2. 172.16.0.0-172.31.255.255 (172.16/12 prefix) 3. 192.168.0.0-192.168.255.255 (192.168/16 prefix)
12
Q

Maximum addressable size in AWS

A

/16

13
Q

What are the two routes of entry into VPC?

A

Internet Gateway, Virtual Private Gateway

14
Q

What is the purpose of the Internet Gateway?

A

Allows you to connect to the Internet

15
Q

What is the purpose of the Virtual Private Gateway?

A

Allows you to terminate VPN connections

16
Q

What is the purpose of the Router?

A

It routes traffic based on what is defined in the route tables

17
Q

What is a Public subnet?

A

Internet-accessible subnet

18
Q

What is a Private subnet?

A

Not Internet-accessible subnet

19
Q

What do you normally put in public subnets?

A

Webservers, bastion host

20
Q

What do you normally put in private subnets?

A

Database servers, application servers

21
Q

Can security groups span subnets or availability zones?

A

Yes

22
Q

Can network ACLs span subnets or availability zones?

A

Yes

23
Q

How many subnets per availability zone?

A

One

24
Q

Can route tables span subnets or availability zones?

A

Yes

25
Q

Can a Subnet span multiple Availability Zones?

A

No

26
Q

What can you do with a VPC?

A
  1. Launch instances into a subnet of your choosing
  2. Assign custom IP address ranges in each subnet
  3. Configure route tables between subnets
  4. Create internet gateway and attach it to our VPC
  5. Much better security control over your AWS resources
  6. Instance security groups
  7. Subnet network access control lists (ACLs)
27
Q

What does a Route Table define?

A

Whether a Subnet is Public or Private

28
Q

How many internet gateways can you have per VPC?

A

One

29
Q

Example question: if Internet connection is running slow, how can you boost Internet speed?

A

If one of the answers is “attach another IGW to the VPC,” DON’T PICK THAT ONE!

30
Q

T/F: Security groups are stateful.

A

True

31
Q

What does “stateful” mean?

A

If you create a rule allowing traffic in, it automatically allows traffic out.

32
Q

T/F: Network ACLs are stateless.

A

True

33
Q

What does “stateless” mean?

A

If you create a rule allowing traffic in, you need to create a rule allowing the traffic back out.

34
Q

Default VPC properties:

A
  1. User friendly, allowing you to immediately deploy instances
  2. All subnets in default VPC have a route out to the internet
  3. Each EC2 instance has both a public and private IP address
  4. If you delete the default VPC the only way to get it back is to contact AWS.
35
Q

What does VPC Peering allow you to do?

A

Allows you to connect one VPC with another via a direct network route using private IP addresses

36
Q

Example: VPC Peering Use Case

A

Connect: VPC for monitoring services, VPC for Active Directory, Administration VPC, Production VPC, Dev VPC, Test VPC

37
Q

T/F: When VPC Peering, instances behave as if they were on the same private network

A

True

38
Q

T/F: You can peer VPCs with other AWS accounts as well as with other VPCs in the same account.

A

True

39
Q

Example: peer VPCs with other accounts use case

A

Peer VPCs with Dev account, Test account, Production account

40
Q

What is the design configuration of VPC Peering?

A

Star configuration (1 central VPC peers with 4 other VPCs)

41
Q

T/F: Transitive peering is allowed.

A

False

42
Q

What are the 5 elements of a VPC?

A
  1. IGWs (or Virtual Private Gateways)
  2. Route Tables
  3. Network Access Control Lists
  4. Subnets
  5. Security Groups
43
Q

T or F

SGs can’t span VPCs

A

T

44
Q

You can only have __ Internet Gateway(s) per VPC

A

1

45
Q

AWS always reserves ___ IP addresses within your Subnets?

A

5

46
Q

2 types of VPC Endpoints

Interface Endpoints and Gateway Endpoints

Gateway Endpoints support what?

A

S3 and DynamoDB

47
Q

What is the purpose of an Egress-Only Internet Gateway?

A

The purpose of an “Egress-Only Internet Gateway” is to allow IPv6 based traffic within a VPC to access the Internet, whilst denying any Internet based resources the possibility of initiating a connection back into the VPC.

48
Q

True or False: An Application Load Balancer must be deployed into at least two subnets.

A

True

49
Q

What is the default allocation of VPCs in a single region?

A

5

You can have 100s of VPCs per Region for your needs even though the default quota is 5 VPCs per Region.

50
Q

At which of the following levels can VPC Flow Logs be created?

A

VPC

Network Interface

Subnet