AWS certification glossary quiz: VPC
I found I'd forgotten everything about VPCs bother. Also lots of "legacy" stuff around NATs and IPv4 (bring on IPv6!) so here's a quiz focussing on VPC terms.
Q1: A web service for provisioning a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. You control your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
VPC
VPN
VPG
NAT
Q2: Enables secure communication between branch offices using a simple hub-and-spoke model, with or without a VPC.
AWS VPN Gateway
AWS VPC CloudHub
AWS Office Gateway
AWS VPN CloudHub
Q3: A feature for linking an EC2-Classic instance to a VPC, allowing your EC2-Classic instance to communicate with VPC instances using private IP addresses.
ClassicLink
OldLink
EC2-Link
VPC-IP link
Q4: A router or software application on your side of a VPN tunnel that is managed by Amazon VPC. The internal interfaces of the customer gateway are attached to one or more devices in your home network. The external interface is attached to the virtual private gateway across the VPN tunnel.
customer router
tunnel gateway
VPN-gateway
customer gateway
Q5: An instance that is physically isolated at the host hardware level and launched within a VPC.
Dedicated Instance
Isolated instance
VPC instance
hardware instance
Q6: An option that you purchase to guarantee that sufficient capacity will be available to launch Dedicated Instances into a VPC.
Capacity Reserved Instance
VPC instance
Guaranteed Reserved Instance
Dedicated Reserved Instance
Q7: A fixed (static) IP address that you have allocated in Amazon EC2 or Amazon VPC and then attached to an instance.
Elastic IP address
Static IP address
EC2-VPC IP address
Instance-attached IP address
Q8: Connects a network to the Internet. You can route traffic for IP addresses outside your VPC to it.
internet service provider
network gateway
extranet gateway
Internet gateway
Q9: Instances launched in a VPC are assigned what sort of IP address(es)?
private IP address
public IP address
private and public IP addresses
NAT port address
Q10: Instances launched in your default VPC are assigned what sort of IP address(es)?
private IP address
public IP address
NAT port address
a private and a public IP address
Q11: The process of linking (or attaching) an EC2-Classic instance to a ClassicLink-enabled VPC.
link to VPC
link to EC2
attach to VPC
attach to EC2
Q12: The default route table that any new VPC subnet uses for routing. You can associate a subnet with a different route table of your choice. You can also change which route table is the default table.
default table
VPC table
subnet table
main route table
Q13: A NAT device, configured by a user, that performs network address translation in a VPC public subnet to secure inbound Internet traffic.
NAT instance
FLEA instance
FLY instance
MIDGE instance
Q14: Instances launched in Amazon VPC are assigned only what sort of IP address?
public IP address
shared IP address
secret IP address
private IP address
Q15: A VPC subnet whose instances cannot be reached from the Internet.
private subnet
secret subnet
hidden subnet
internal subnet
Q16: A named set of allowed inbound network connections for an instance. (in Amazon VPC they also include support for outbound connections.) Each consists of a list of protocols, ports, and IP address ranges. Can apply to multiple instances, and multiple groups can regulate a single instance.
network group
allowed connections group
inbound connections group
security group
Q17: A security measure to verify that an EC2 instance is the origin of all traffic that it sends and the ultimate destination of all traffic that it receives; that is, that the instance is not relaying traffic. Enabled by default. For instances that function as gateways, such as VPC NAT instances,checking must be disabled (Why???)
source/destination checking
input/output verification
security groups
instance groups
Q17: A segment of the IP address range of a VPC that EC2 instances can be attached to. You can create them to group instances according to security and operational needs.
extranet
group net
segment range
subnet
Q18: The process of unlinking (or detaching) an EC2-Classic instance from a ClassicLink-enabled VPC.
unlink from VPC
detach from VPC
remove from VPC
disassociate from VPC
Q19: The Amazon side of a VPN connection that maintains connectivity. The internal interfaces connect to your VPC via the VPN attachment and the external interfaces connect to the VPN connection, which leads to the customer gateway.
VPC
Amazon-VPN
amazon gateway
virtual private gateway
Q20: A feature that enables you to create a private connection between your VPC and an another AWS service without requiring access over the Internet, through a NAT instance, a VPN connection, or AWS Direct Connect.
VPC endpoint
Magic
URL
wormhole
Q21: The IPsec connection between a VPC and some other network, such as a corporate data center, home network, or co-location facility.
dial-up phone line
wifi
VPN phone-home
VPN connection
Q22: What's IPSec again?
Internet Protocol Security
Internet Protocol Standard
Internal People Security
Internally Populated Sandwich
See (e.g.) https://en.wikipedia.org/wiki/IPsec
Not many (any?) related to VPC and IPv6 so here's one for good luck:
Q23: A horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the Internet, and prevents the Internet from initiating an IPv6 connection with your instances.
egress-only Internet gateway (EGW)
exit-only gateway (EOG)
outbound gateway (OG)
IPv6-Exit (IE)
More details at: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/egress-only-internet-gateway.html
THE END
THE END
THE END
(Answers at bottom)
To understand this stuff you really need to look at some network diagrams.
E.g. VPC with public and private subnets, IPv4 and IPv6:
IPv6:
Notice the new Egres-only Internet Gateway (in light blue). Why is there still a NAT gateway however for the Public subnet??? Maybe this is the answer:
Answers: The correct answers alternate from 1st to last answer (pretty obvious).
Q1: A web service for provisioning a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. You control your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
VPC
VPN
VPG
NAT
Q2: Enables secure communication between branch offices using a simple hub-and-spoke model, with or without a VPC.
AWS VPN Gateway
AWS VPC CloudHub
AWS Office Gateway
AWS VPN CloudHub
Q3: A feature for linking an EC2-Classic instance to a VPC, allowing your EC2-Classic instance to communicate with VPC instances using private IP addresses.
ClassicLink
OldLink
EC2-Link
VPC-IP link
Q4: A router or software application on your side of a VPN tunnel that is managed by Amazon VPC. The internal interfaces of the customer gateway are attached to one or more devices in your home network. The external interface is attached to the virtual private gateway across the VPN tunnel.
customer router
tunnel gateway
VPN-gateway
customer gateway
Q5: An instance that is physically isolated at the host hardware level and launched within a VPC.
Dedicated Instance
Isolated instance
VPC instance
hardware instance
Q6: An option that you purchase to guarantee that sufficient capacity will be available to launch Dedicated Instances into a VPC.
Capacity Reserved Instance
VPC instance
Guaranteed Reserved Instance
Dedicated Reserved Instance
Q7: A fixed (static) IP address that you have allocated in Amazon EC2 or Amazon VPC and then attached to an instance.
Elastic IP address
Static IP address
EC2-VPC IP address
Instance-attached IP address
Q8: Connects a network to the Internet. You can route traffic for IP addresses outside your VPC to it.
internet service provider
network gateway
extranet gateway
Internet gateway
Q9: Instances launched in a VPC are assigned what sort of IP address(es)?
private IP address
public IP address
private and public IP addresses
NAT port address
Q10: Instances launched in your default VPC are assigned what sort of IP address(es)?
private IP address
public IP address
NAT port address
a private and a public IP address
Q11: The process of linking (or attaching) an EC2-Classic instance to a ClassicLink-enabled VPC.
link to VPC
link to EC2
attach to VPC
attach to EC2
Q12: The default route table that any new VPC subnet uses for routing. You can associate a subnet with a different route table of your choice. You can also change which route table is the default table.
default table
VPC table
subnet table
main route table
Q13: A NAT device, configured by a user, that performs network address translation in a VPC public subnet to secure inbound Internet traffic.
NAT instance
FLEA instance
FLY instance
MIDGE instance
Q14: Instances launched in Amazon VPC are assigned only what sort of IP address?
public IP address
shared IP address
secret IP address
private IP address
Q15: A VPC subnet whose instances cannot be reached from the Internet.
private subnet
secret subnet
hidden subnet
internal subnet
Q16: A named set of allowed inbound network connections for an instance. (in Amazon VPC they also include support for outbound connections.) Each consists of a list of protocols, ports, and IP address ranges. Can apply to multiple instances, and multiple groups can regulate a single instance.
network group
allowed connections group
inbound connections group
security group
Q17: A security measure to verify that an EC2 instance is the origin of all traffic that it sends and the ultimate destination of all traffic that it receives; that is, that the instance is not relaying traffic. Enabled by default. For instances that function as gateways, such as VPC NAT instances,checking must be disabled (Why???)
source/destination checking
input/output verification
security groups
instance groups
Q17: A segment of the IP address range of a VPC that EC2 instances can be attached to. You can create them to group instances according to security and operational needs.
extranet
group net
segment range
subnet
Q18: The process of unlinking (or detaching) an EC2-Classic instance from a ClassicLink-enabled VPC.
unlink from VPC
detach from VPC
remove from VPC
disassociate from VPC
Q19: The Amazon side of a VPN connection that maintains connectivity. The internal interfaces connect to your VPC via the VPN attachment and the external interfaces connect to the VPN connection, which leads to the customer gateway.
VPC
Amazon-VPN
amazon gateway
virtual private gateway
Q20: A feature that enables you to create a private connection between your VPC and an another AWS service without requiring access over the Internet, through a NAT instance, a VPN connection, or AWS Direct Connect.
VPC endpoint
Magic
URL
wormhole
Q21: The IPsec connection between a VPC and some other network, such as a corporate data center, home network, or co-location facility.
dial-up phone line
wifi
VPN phone-home
VPN connection
Q22: What's IPSec again?
Internet Protocol Security
Internet Protocol Standard
Internal People Security
Internally Populated Sandwich
See (e.g.) https://en.wikipedia.org/wiki/IPsec
Not many (any?) related to VPC and IPv6 so here's one for good luck:
Q23: A horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the Internet, and prevents the Internet from initiating an IPv6 connection with your instances.
egress-only Internet gateway (EGW)
exit-only gateway (EOG)
outbound gateway (OG)
IPv6-Exit (IE)
More details at: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/egress-only-internet-gateway.html
THE END
THE END
THE END
(Answers at bottom)
To understand this stuff you really need to look at some network diagrams.
E.g. VPC with public and private subnets, IPv4 and IPv6:
IPv6:
Notice the new Egres-only Internet Gateway (in light blue). Why is there still a NAT gateway however for the Public subnet??? Maybe this is the answer:
Routing
In this scenario, the VPC wizard updates the main route table used with the private subnet, and creates a custom route table and associates it with the public subnet.
In this scenario, all traffic from each subnet that is bound for AWS (for example, to the Amazon EC2 or Amazon S3 endpoints) goes over the Internet gateway. The database servers in the private subnet can't receive traffic from the Internet directly because they don't have Elastic IP addresses. However, the database servers can send and receive Internet traffic through the NAT device in the public subnet.
Any additional subnets that you create use the main route table by default, which means that they are private subnets by default. If you want to make a subnet public, you can always change the route table that it's associated with.
Answers: The correct answers alternate from 1st to last answer (pretty obvious).
Great website and content of your website is really awesome.
ReplyDeleteCloud Courses in Chennai
Cloud Computing Classes in Chennai
Cloud Computing Institutes in Chennai
I am always searching online for articles that can help. There is obviously a lot to know about this. I think you made some good points.
ReplyDeleteSalesforce Administrator 211 Training in Chennai
Salesforce Developer 401 Training in Chennai
Nice article, users are attracted when they see your post thanks for posting keep updating
ReplyDeleteAWS Online CourseBangalore
Amazing post thanks for sharing
ReplyDeletemachine learning course in chennai
Great post gather so much topic from this blogs
ReplyDeleteccna training in chennai
Good article.
ReplyDeleteAWS Training In Hyderabad
AWS Training
AWS Online Training
AWS Training Online
AWS Training In Bangalore
Great Article
ReplyDeleteCloud Computing Projects
Networking Projects
Final Year Projects for CSE
JavaScript Training in Chennai
JavaScript Training in Chennai
The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training
ReplyDeleteDigital Lync offers one of the best Online Courses Hyderabad with a comprehensive course curriculum with Continuous Integration, Delivery, and Testing. Elevate your practical knowledge with quizzes, assignments, Competitions, and Hackathons to give a boost to your confidence with our hands-on Full Stack Training. An advantage of the online Cources development course in Hyderabad from Digital Lync is to get industry-ready with Career Guidance and Interview preparation.
DevOps Training Institute
Python Training Institute
AWS Training Institute
Online Full Stack Developer Course Hyderabad
Python Course Hyderabad
Online AWS Training Course Hyderabad
devops training in hyderabad
angular training in hyderabad