Skip to main content

AWS Certification Study - VPC questions Part 2

1. You have a EC2 instance in your VPC with IPV4 addresses and you need to initiate outbound connections to the internet but prevent unsolicited inbound connections from the internet. What would you use?

    a) VGW   
    b) Egress-Only Internet Gateways   
    c) EC2 instance with Elastic IP   
    d) NAT device
-----------------------------------------------------------------------------------------------------------------------
2. connections to the internet but prevent unsolicited inbound connections from the internet. What would you use?

   a. NAT device
   b. VGW
   c. Egress-Only Internet Gateways
   d. EC2 instance with Elastic IP
------------------------------------------------------------------------------------------------------------------------
3. You have a Site-to-Site VPN connection consists of a virtual private gateway attached to your VPC at Amazon side. What device you should have at the Corporate data Center side? 

   
    a) Customer Gateway   
    b) Virtual Private Gateway   
    c) NAT Gateway   
    d) Bastion Host

--------------------------------------------------------------------------------------------------------------------------
4. You need a highly available, scalable technology that enables you to privately connect your VPC to supported AWS services, services hosted by other AWS accounts  and supported AWS Marketplace partner services. What technology you would use? 


    a) AWS PrivateLink   
    b) AWS Direct Connect   
    c) AWS Site-to-Site VPN    
    d) AWS IPSec

--------------------------------------------------------------------------------------------------------------------------
5. You are designing a multi-tier website, with the web servers which need internet access and the database servers need to be accessed only from web servers. What subnet mechanism you would use? 

    a) Webservers in public subnet, database servers in private subnet
 
    b) Both in private subnets with webserver instances access internet via NAT gateway
 
    c) Both in public subnets with databse servers has non default security groups
 
    d) Database servers in default subnet and webservers in public subnet

--------------------------------------------------------------------------------------------------------------------------
6. A network address translation (NAT) gateway  should reside in private subnet.

    a) True
    b) False
---------------------------------------------------------------------------------------------------------------------------
7. The instances assigned to a security group can be in different subnets.
 
    a) True
    b) False
----------------------------------------------------------------------------------------------------------------------------
8. Which security mechanism in VPC corresponds to the type of role an instance plays?
  
     a. Network ACL
     b. Security Group
     c. private Subnet
     d. Route Table
--------------------------------------------------------------------------------------------------------------------------
9. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.

    a) False
    b) True
--------------------------------------------------------------------------------------------------------------------------
10. Network access control lists act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level.

    a) True
    b) False
---------------------------------------------------------------------------------------------------------------------------
11. You need to monitor the accepted and rejected IP traffic going to and from your instances. What AWS tool would use?
  
     a. Cloudwatch
     b. CloudTrail
     c. VPC Flow Log
     d. Elastic Search
---------------------------------------------------------------------------------------------------------------------------
12. Security Group is Stateful because return traffic is automatically allowed, regardless of any rules.
 
    a) True
    b) False
 ----------------------------------------------------------------------------------------------------------------------------
13. Network ACL is StateLess because return traffic must be explicitly allowed by rules.
    a) True
    b) False
-----------------------------------------------------------------------------------------------------------------------------
14. Which of the following  process rules in number order when deciding whether to allow traffic?

    a. Network ACL
    b. Security group
    c. Both
    d. None
------------------------------------------------------------------------------------------------------------------------------
15) Suppose Internet Traffic is coming to a EC2 instance. Choose the order in which following security/routing mechanisms are applied?

     a. Internet gateway, Routing Table, Network ACL, Security Group
     a. Internet gateway, Routing Table, Security Group, Network ACL
     a. Network ACL,Internet gateway, Routing Table, Security Group
     a. Internet gateway, Network ACL, Security Group,Routing Table
---------------------------------------------------------------------------------------------------------------------------------
Answers:
1)d  2)c 3)a 4)b 5)a 6)b 7)a 8)b 9)b 10)b 11)c 12)a 13)a 14)a 15)a

Comments

Post a Comment

Popular posts from this blog

How to format and install macOS in your old Macbook/ iMac

 You can follow these steps to install a mac OS on an old Mac book following these steps. Here I assume that you have the actual bootable CD for the OS for installation. 1. Restart the laptop 2. Press Command + R key until it shows recovery mode 3. Open Disk Utilities 4. Select the hard drive and try to partition the drive. For example I have created a partition called Partition1 5. Insert bootable CD and restart the laptop. When option comes choose to boot from the CD. 6. Choose partition1 as the place to install the OS 7. Continue the installation process. 8. Once installation is completed then it might need to restart for further updates. 9. Most of the times a more recent compatible version of the OS might be available. In order to upgrade to the more latest compatible OS follow below steps. 11. Find the latest compatible version of OS. 12. Go to apple support sites and manually download the image and click to install. 13. Follow installation instructions and this would upgrade you
Post a Comment
Read more

How to create a minikube single node cluster for learning Kubernetes

In this post I will explain how to setup a minikube single node kubernetes cluster using AWS EC2 instance which would help anyone who is trying to learn kubernetes and also help them to gain practical knowledge in kubernetes by running kubernetes commands, creating kubernetes objects etc. Minikube is a single node kubernetes cluster which means a kubernetes cluster with only one node that is a single VM. Minikube is only used for learning purposes and it is not an alternative for a real kubernetes cluster and should not be used for development and production usage. In this example I have launched an AWS EC2 instance with below configuration where I will install minikube and related tools. AWS EC2 Instance Configuration AMI: Ubuntu Free tier eligible 64 bit Instance type : t2-large ( For me t2-small or t2-micro is giving performance issues due to less memory) Once the EC2 instance is up and running, login to the instance using below command on terminal. If you are using wi
27 comments
Read more

log4j - How to write log to multiple log files using log4j.properties

In Java applications some times you may need to write your log messages to specific log files with its own specific log properties. If you are using log4j internally then first step that you need to do is to have a proper log4j.properties file. Below example shows 2 log4j appenders which write to 2 different log files, one is a debug log and another one is a reports log. Debug log file can have all log messages and reports log can have log messages specific to reporting on say splunk monitoring. # Root logger option log4j.rootLogger=ALL,STDOUT,debugLog log4j.logger.reportsLogger=INFO,reportsLog log4j.additivity.reportsLogger=false     log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout log4j.appender.STDOUT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %C:%L - %m%n     # Direct log messages to a log file log4j.appender.debugLog=org.apache.log4j.RollingFileAppender log4j.appender.debugLo
25 comments
Read more