Networking

Question 1

What is VPC?

Answer 1

Virtual Private Cloud - provisioning a logically isolated section of the AWS Cloud, a private network in AWS with a range of IPs.

Question 2

What are subnets?

Answer 2

they are groups of public or private resources in a VPC

Question 3

What is a public subnet?

Answer 3

It groups resources which can be accessed from the Internet.

Question 4

What is a private subnet?

Answer 4

It groups resources that can only be accessed from the VPC, not from the outside. E.g. DBs, application servers, etc.

Question 5

Two types of gateways

Answer 5

• Internet gateway
• virtual private gateway

Question 6

What is Virtual Private Gateway used for?

Answer 6

It allows for creating a VPN connection to the VPC from e.g. a data center.

Question 7

What is AWS Direct Connect?

Answer 7

• a completely private dedicated fiber connection to the VPC from, e.g. a private data center
• it is a physical line
• needs to be set up with a local AWS representative

Question 8

What are the reasons to use AWS Direct Connect?

Answer 8

• to sidestep bandwidth issues (low latency)
• to meet regulatory requirements

Question 9

What are network security concerns?

Answer 9

• network hardening
• application security
• user identity
• authentication and authorization
• DDoS protection
• Data integrity
• encryption

Question 10

What is network ACL

Answer 10

• Access Control List
• checks if packet sender/addressee is allowed to enter/leave the subnet

Question 11

What level is protected by ACL?

Answer 11

subnet

Question 12

What is a Security Group?

Answer 12

checks if packet sender/addressee is allowed to enter/leave an instance

Question 13

What level is protected by a Security Group?

Answer 13

instance

Question 14

What are the default rules for a Security Group?

Answer 14

• all inboud traffic is blocked
• all outbound traffic is allowed

Question 15

ACL vs. Security Group

Answer 15

• subnet vs. instance
• stateless vs. stateful

Question 16

What does it mean that Security Group is stateful

Answer 16

by default all return traffic is allowed (checks if a packet is sent in response to an incoming request)

Question 17

What does it mean that ACL is stateless

Answer 17

It doesn’t care that traffic is a return traffic, each packet gets checked against the ACL.

Question 18

What is Amazon Rounte 53?

Answer 18

highly available and scalable AWS DNS.

Question 19

What does Amazon Route 53 do?

Answer 19

• translates addresses to IP
• routing
• registering domain names

Question 20

Types of routing algorithms

Answer 20

• latency based
• geo-location
• geoproximity
• weighter round-robin