Skip to main content

AWS Certification Study - VPC questions Part 2

1. You have a EC2 instance in your VPC with IPV4 addresses and you need to initiate outbound connections to the internet but prevent unsolicited inbound connections from the internet. What would you use?

    a) VGW   
    b) Egress-Only Internet Gateways   
    c) EC2 instance with Elastic IP   
    d) NAT device
-----------------------------------------------------------------------------------------------------------------------
2. connections to the internet but prevent unsolicited inbound connections from the internet. What would you use?

   a. NAT device
   b. VGW
   c. Egress-Only Internet Gateways
   d. EC2 instance with Elastic IP
------------------------------------------------------------------------------------------------------------------------
3. You have a Site-to-Site VPN connection consists of a virtual private gateway attached to your VPC at Amazon side. What device you should have at the Corporate data Center side? 

   
    a) Customer Gateway   
    b) Virtual Private Gateway   
    c) NAT Gateway   
    d) Bastion Host

--------------------------------------------------------------------------------------------------------------------------
4. You need a highly available, scalable technology that enables you to privately connect your VPC to supported AWS services, services hosted by other AWS accounts  and supported AWS Marketplace partner services. What technology you would use? 


    a) AWS PrivateLink   
    b) AWS Direct Connect   
    c) AWS Site-to-Site VPN    
    d) AWS IPSec

--------------------------------------------------------------------------------------------------------------------------
5. You are designing a multi-tier website, with the web servers which need internet access and the database servers need to be accessed only from web servers. What subnet mechanism you would use? 

    a) Webservers in public subnet, database servers in private subnet
 
    b) Both in private subnets with webserver instances access internet via NAT gateway
 
    c) Both in public subnets with databse servers has non default security groups
 
    d) Database servers in default subnet and webservers in public subnet

--------------------------------------------------------------------------------------------------------------------------
6. A network address translation (NAT) gateway  should reside in private subnet.

    a) True
    b) False
---------------------------------------------------------------------------------------------------------------------------
7. The instances assigned to a security group can be in different subnets.
 
    a) True
    b) False
----------------------------------------------------------------------------------------------------------------------------
8. Which security mechanism in VPC corresponds to the type of role an instance plays?
  
     a. Network ACL
     b. Security Group
     c. private Subnet
     d. Route Table
--------------------------------------------------------------------------------------------------------------------------
9. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.

    a) False
    b) True
--------------------------------------------------------------------------------------------------------------------------
10. Network access control lists act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level.

    a) True
    b) False
---------------------------------------------------------------------------------------------------------------------------
11. You need to monitor the accepted and rejected IP traffic going to and from your instances. What AWS tool would use?
  
     a. Cloudwatch
     b. CloudTrail
     c. VPC Flow Log
     d. Elastic Search
---------------------------------------------------------------------------------------------------------------------------
12. Security Group is Stateful because return traffic is automatically allowed, regardless of any rules.
 
    a) True
    b) False
 ----------------------------------------------------------------------------------------------------------------------------
13. Network ACL is StateLess because return traffic must be explicitly allowed by rules.
    a) True
    b) False
-----------------------------------------------------------------------------------------------------------------------------
14. Which of the following  process rules in number order when deciding whether to allow traffic?

    a. Network ACL
    b. Security group
    c. Both
    d. None
------------------------------------------------------------------------------------------------------------------------------
15) Suppose Internet Traffic is coming to a EC2 instance. Choose the order in which following security/routing mechanisms are applied?

     a. Internet gateway, Routing Table, Network ACL, Security Group
     a. Internet gateway, Routing Table, Security Group, Network ACL
     a. Network ACL,Internet gateway, Routing Table, Security Group
     a. Internet gateway, Network ACL, Security Group,Routing Table
---------------------------------------------------------------------------------------------------------------------------------
Answers:
1)d  2)c 3)a 4)b 5)a 6)b 7)a 8)b 9)b 10)b 11)c 12)a 13)a 14)a 15)a

Comments

Popular posts from this blog

How to create a minikube single node cluster for learning Kubernetes

In this post I will explain how to setup a minikube single node kubernetes cluster using AWS EC2 instance which would help anyone who is trying to learn kubernetes and also help them to gain practical knowledge in kubernetes by running kubernetes commands, creating kubernetes objects etc. Minikube is a single node kubernetes cluster which means a kubernetes cluster with only one node that is a single VM. Minikube is only used for learning purposes and it is not an alternative for a real kubernetes cluster and should not be used for development and production usage. In this example I have launched an AWS EC2 instance with below configuration where I will install minikube and related tools. AWS EC2 Instance Configuration AMI: Ubuntu Free tier eligible 64 bit Instance type : t2-large ( For me t2-small or t2-micro is giving performance issues due to less memory) Once the EC2 instance is up and running, login to the instance using below command on terminal. If you are using wi...

log4j - How to write log to multiple log files using log4j.properties

In Java applications some times you may need to write your log messages to specific log files with its own specific log properties. If you are using log4j internally then first step that you need to do is to have a proper log4j.properties file. Below example shows 2 log4j appenders which write to 2 different log files, one is a debug log and another one is a reports log. Debug log file can have all log messages and reports log can have log messages specific to reporting on say splunk monitoring. # Root logger option log4j.rootLogger=ALL,STDOUT,debugLog log4j.logger.reportsLogger=INFO,reportsLog log4j.additivity.reportsLogger=false     log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout log4j.appender.STDOUT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %C:%L - %m%n     # Direct log messages to a log file log4j.appender.debugLog=org.apache.log4j.RollingFileAppen...

Create SNMP Client in JAVA Using SNMP4j

Please follow the below mentioned steps to write a very simple SNMP4J application using Java and eclipse IDE. First you need to download a copy of SNMP4J.jar. You can get it from http://www.snmp4j.org/html/download.html Then you need to decide how you are going to test your application. Check whether you have access to any real network devices like Cisco routers or Juniper routers or whether you are aware of any SNMP agent running on any of your servers.There is nothing to worry if you cannot find one , you can start SNMP agent on your desktop machine as well. Here I am giving an example of how you can use your Windows machine to test your application by starting the SNMP service on the machine. I am using a Windows XP machine and below are the steps needed to start SNMP agent on the machine. 1. Go to Start->Control Panel -> Add or Remove Programs -> Add or Remove Windows Components      Select or Check "Management and Monitoring Tools". ...