SA 003 -> Networking
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/32
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
33 Terms
What makes a subnet public?
A route table with a route to an Internet Gateway (IGW).
What makes a subnet private?
It has no direct route to an IGW
Does being in a public subnet automatically make an EC2 instance internet-accessible?
No. The instance also needs a public IP or Elastic IP, plus security rules that allow the traffic.
What does an Internet Gateway do?
It enables communication between a VPC and the internet.
What does a route table do?
It decides where traffic goes by matching destinations to targets like IGW, NAT, TGW, VPN, or VPC Peering.
What is a NAT Gateway used for?
Outbound internet access for instances in private subnets.
Where do you place a public NAT Gateway?
In a public subnet with an Elastic IP
Can a NAT Gateway allow inbound internet traffic to private instances?
No. NAT is for outbound-only initiation from private subnets
For IPv6 outbound-only internet access, what should you use?
An Egress-Only Internet Gateway.
Best practice for NAT across multiple AZs?
Use one NAT Gateway per AZ for resilience
Are Security Groups stateful or stateless?
Stateful. Return traffic is automatically allowed.
Are Network ACLs stateful or stateless
Stateless. You must allow traffic in both directions explicitly.
What level do Security Groups apply at?
Resource/instance ENI Level (EC2 Instance).
What level do NACLs apply at
Subnet Level.
What is VPC Peering best for?
Direct private connectivity between two VPCs (good for one-to-one connections).
Is VPC Peering transitive?
No. If A peers with B and B peers with C, A cannot automatically talk to C.
Can peered VPCs have overlapping CIDR blocks?
No. Overlapping CIDRs break peering eligibility.
When is a Transit Gateway the better solution?
When many VPCs/accounts/on-premises networks must communicate without a complications.
What services use a Gateway VPC Endpoint?
Amazon S3 and DynamoDB.
Why use a Gateway Endpoint?
To access S3/DynamoDB privately without IGW or NAT.
What is an Interface VPC Endpoint used for?
Private access to many AWS services via AWS PrivateLink.
When might S3 use an Interface Endpoint instead of an Gateway Endpoint?
In special cases like hybrid/on-prem/TGW-related access patterns.
When is AWS Direct Connect usually the right answer?
When you need a more consistent, dedicated private connectivity to AWS.
What layer does an ALB operate at?
Layer 7. ALB understands HTTP/HTTPS and app-level routing.
When is ALB the best fit?
For HTTP/HTTPS, path-based routing, or host-based routing (microservices + URL routing).
What layer does an NLB operate at?
Layer 4. TCP/UDP/TLS performance, not URL logic.
What is a Gateway Load Balancer used for?
Layer 3. Deploying and scaling network virtual appliances like firewalls and IDS/IPS.
What is Route 53 primarily?
A DNS service with routing policies, health checks, and hosted zones.
What is a private hosted zone?
A Route 53 hosted zone whose records resolve only inside associated VPCs.
When should you use an Alias record in Route 53?
When pointing a domain to supported AWS resources like ALB, CloudFront, API Gateway.
What problem does Route 53 solve?
DNS name resolution and routing policy selection.
What problem does CloudFront solve?
Content Delivery and caching at edge locations
What problem does Global Accelerator solve?
Improves global availability/performance using AWS global network and static anycast IPs.