AWS Networking Essentials

AWS created ready-made VPCs to be used as defaults when creating a new EC2 instance

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

AWS default VPC allows internet access by default

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

In the digital world, computers handle the delivery of messages through ___________

(1) pts

Missing

note_alt Add notes

flag Flag

Correct Answer

Explanation

In order to deliver a message to a computer we need an _______ address

(1) pts

Missing

note_alt Add notes

flag Flag

Correct Answer

Explanation

An IPv4 address is a 32-bits IP address

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

The parts between the dots '.' in the following IPv4 address are called _______

(1) pts

192.168.1.30

Missing

note_alt Add notes

flag Flag

Correct Answer

Explanation

CIDR Notation

(1) pts

In this CIDR, identify the fixed and flexible parts

192.168.1.0/24

Fixed (1)
Flexible (2)

Please drag and drop the selected option in the right place or type it instead

192.168.1

192.168

192

168.1

0

note_alt Add notes

flag Flag

Correct Answer

Explanation

How many IPs available in the following CIDR

(1) pts

volume_mute

192.168.1.0/24

256

16

65536

1

note_alt Add notes

flag Flag

Correct Answer

Explanation

A VPC can contain only one subnet

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

To enable public access to an EC2 instance, you need an internet gateway

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

An internet gateway does not have to be attached to a VPC in order to allow internet traffic to an EC2 instance inside the VPC

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

A virtual private gateway allows VPN connectivity between a on-premises data center systems and AWS resources over the public internet

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

AWS reserve some IPs. Map their definitions

(1) pts

IP address	Reserved for:
10.0.0.0	(1)
10.0.0.1	(2)
10.0.0.2	(3)
10.0.0.3	(4)
10.0.2.255	(5)

Please drag and drop the selected option in the right place or type it instead

Network broadcast address

VPC local router

Future use

Network address

DNS server

note_alt Add notes

flag Flag

Correct Answer

Explanation

An internet gateway is highly available and scalable

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

AWS Direct Connect is a dedicated network connection between your on-premises infrastructure and AWS bypassing the public internet

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

AWS Direct Connect vs AWS Virtual Private Gateway

(1) pts

volume_mute

A client wants to establish a secure private connection between on-premises systems and AWS cloud network. He does not want an expensive solution and wants it quickly with high security. Which option should he choose?

AWS Direct Connect

AWS Virtual Private Gateway

note_alt Add notes

flag Flag

Correct Answer

Explanation

Main route table

(1) pts

When you create a VPC, AWS creates a route table called the (1) route table. A route table contains a set of rules, called (2), that are used to determine where network traffic is directed.

Please drag and drop the selected option in the right place or type it instead

main

minor

routes

rules

note_alt Add notes

flag Flag

Correct Answer

Explanation

Choose what applies to the main rout table

(1) pts

volume_mute

You cannot delete the main route table.

You cannot set a gateway route table as the main route table.

You can replace the main route table with a custom subnet route table.

You can add, remove, and modify routes in the main route table.

You can explicitly associate a subnet with the main route table, even if it's already implicitly associated.

note_alt Add notes

flag Flag

Correct Answer

Explanation

The main route table is used implicitly by subnets that do not have an explicit route table association

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

You cannot overwrite the routes in the main route table for a specific subnet

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

A network access control list (network ACL) lets you control what kind of traffic is allowed to enter or leave your subnet

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

The default network ACL for a subnet allows all traffic in and out of the subnet

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

A network ACL is stateless

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

An EC2 instance allows by default all inbound and outbound traffic

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

You have to allow all outbound traffic in a security group in order for your web server to respond to inbound requests

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

You can associate a route table to

(1) pts

volume_mute

AWS accounts

Availability Zones

Subnets

Regions

note_alt Add notes

flag Flag

Correct Answer

Explanation

Which of the following is true for a security group's default setting?

(1) pts

volume_mute

It allows all inbound traffic and blocks all outbound traffic.

It blocks all inbound traffic and allows all outbound traffic.

It allows all inbound and outbound traffic.

It blocks all inbound and outbound traffic.

note_alt Add notes

flag Flag

Correct Answer

Explanation

A network access control list (network ACL) filters traffic at the Amazon EC2 instance level.

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

Which of the following best describes the purpose of a Bastion Host in AWS?

(1) pts

volume_mute

A Bastion Host is used to host a website that is accessible to the public

A Bastion Host is a server designed to securely access and manage resources in a private subnet within a VPC

A Bastion Host provides a way to connect directly to the AWS management console from any IP address

A Bastion Host is a database server that handles large volumes of data in a private subnet

note_alt Add notes

flag Flag

Correct Answer

Explanation

Which of the following steps must be taken to ensure that an EC2 instance can function as a NAT instance in an AWS VPC?

(1) pts

volume_mute

Assign an Elastic IP address to the NAT instance

Disable source/destination checking on the NAT instance

Launch the NAT instance in a private subnet

Attach a security group to the NAT instance that allows inbound traffic on port 22

note_alt Add notes

flag Flag

Correct Answer

Explanation

A subnet cannot span multiple availability zones

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

An Internet gateway is attached to subnets

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

Ingress routing is a special routing setup when a route table is directly associated with an internet gateway

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

You cannot route traffic to a NAT gateway through a VPC peering connection, site-to-site VPN connection, or Direct Connect

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

If VPC A is peered with VPC B, and VPC B is peered with VPC C, then VPC A can communicate with VPC C

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

If you are peering VPC A with VPC B, then CIDR ranges for both of them must not overlap

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

What is the primary benefit of using AWS PrivateLink for accessing AWS services or third-party services?

(1) pts

volume_mute

Enables public internet access to AWS services

Reduces the need for complex security groups and NACLs

Provides a private connection to AWS services within your VPC without using public IPs

Increases the maximum bandwidth for data transfer between VPCs

note_alt Add notes

flag Flag

Correct Answer

Explanation

Is this setup correct as shown by the below figure?

(1) pts

volume_mute

VPC to Virtual Gateway. VPC 2 connects to Virtual Gateway hosted in VPC 1 where VPC 1 uses this Virtual Gateway — VPC to Virtual Private Gateway. VPC 2 connects to Virtual Private Gateway hosted in VPC 1 where VPC 1 uses this Virtual Private Gateway

Correct

Incorrect

note_alt Add notes

flag Flag

Correct Answer

Explanation

AWS Direct Connect is restricted to one Region

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

Direct Connect is a

(1) pts

volume_mute

global resource

regional resource

single sites availability resource

note_alt Add notes

flag Flag

Correct Answer

Explanation

AWS Transit Gateway is a regional resource that resides outside a VPC

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

In the below figure, you can leverage the AWS Transit Gateway to allow VPC A and B to communicate with VPC C and D through the Direct Connect gateway

(1) pts

volume_mute

Direct Connect with Transit Gateway setup connecting multiple VPCs in same region

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

Communication between VPCs in different regions could be possible if their regional transit gateways are peered

(1) pts

volume_mute

$transit gateway peering$

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

Match AWS Transit Gateway key concepts to their definitions

(1) pts

To complete the line match

Click on an item in the first group
Click on the match in the second group

To delete a match, double click on a line

Concept

Association

Attachment

Propagation

Definition

The connection from Amazon VPC, a VPN, Direct Connect, or a connect attachment to a transit gateway

The route table used to route packets coming from an attachment (from Amazon VPC and VPN)

The route table where the attachment's routes are installed

note_alt Add notes

flag Flag

Correct Answer

Explanation

In route table for a Transit Gateway, which route wins if there are multiple routes pointing to the same destination

(1) pts

Please drag and drop the options to sort them

Reorder to find out the right routing match

BGP-propagated routes from AWS Site-toSite VPN

BGP-propagated routes from Direct Connect gateway

Static route entries, including static site-to-site VPN routes

Most specific route (longest prefix match)

note_alt Add notes

flag Flag

Correct Answer

Explanation

Transit Gateways connects VPCs and on-premises network through a central hub

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

Choose the Transit gateway attachment types

(1) pts

volume_mute

VPCs

VPN connections

Direct Connect gateways

Transit Gateway Connect attachments

Transit gateway peering connections

note_alt Add notes

flag Flag

Correct Answer

Explanation

A Local Gateway (LGW) in AWS is a component designed to support hybrid cloud connectivity by enabling on-premises data centers to connect with AWS Outposts

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

There is exactly one local gateway per Outpost

(1) pts

volume_mute

True

False

note_alt Add notes

flag Flag

Correct Answer

Explanation

Classify AWS Gateways

(1) pts

drag and drop the selected option to the right place

note_alt Add notes

flag Flag