AWS Academy Cloud Architecting [102862] - Module 7 Knowledge Check

Which definition describes a VPC?

A. A VPN in the AWS Cloud

B. An extension of an on-premises network into AWS

C. A logically isolated virtual network that you define in the AWS Cloud

D. A fully managed service that extends the AWS Cloud to customer premises

C

Which component does not have direct access to the internet?

A) Network address translation (NAT) gateway inside a public subnet

B) EC2 instance inside a public subnet

C) Elastic IP address interface

D) EC2 instance inside a private

D

A company's VPC has the CIDR block 172.16.0.0/21 (2048 addresses). It has two subnets (A and B). Each subnet must support 100 usable addresses now, but this number is expected to rise to as most 254 usable addresses soon. Which subnet addressing scheme meets the requirements and follows AWS best practices?

A. Subnet A: 172.16.0.0/25 (128 addresses) Subnet B: 172.16.0.128/25 (128 addresses)

B. Subnet A: 172.16.0.0/25 (128 addresses) Subnet B: 172.16.0.128/25 (128 addresses)

C. Subnet A: 172.16.0.0/23 (512 addresses) Subnet B: 172.16.2.0/23 (512 addresses)

D. Subnet A: 172.16.0.0/22 (1042 addresses) Subnet B: 172.16.4.0/22 (1024 addresses)

C

Several EC2 instances launch in a VPC that has internet access. These instances should not be accessible from the internet, but they must be able to download updates from the internet. How should the instances launch?

A. With Elastic IP addresses, in a subnet with a default route to an internet gateway

B. With public IP addresses, in a subnet with a default route to an internet gateway

C. Without public IP addresses, in a subnet with a default route to an internet gateway

D. Without public IP addresses, in a subnet with a default route to a (NAT) gateway

D

A group of consultants requires access to an EC2 instance from the internet, for 3 consecutive days each week. The instance is shut down the rest of the week. The VPC has internet access. How should you assign the IPv4 address to the instance to give the consultants access?

A. Associate an Elastic IP with the EC2 instance

B. Enable automatic address assignment for the subnet

C. Enable automatic address assignment for the EC2 instance

D. Assign the address in the operating system (OS) boot configuration

A

An application uses a bastion host to allow access to EC2 instances in a private subnet within a virtual private cloud (VPC). What security group configurations would allow SSH access from the source IP to the EC2 instances? (Select TWO.)

A) Add a rule to the private subnet EC2 instance security group to allow return traffic to the bastion host security group.

B) Add a rule to the bastion host security group to deny all traffic from the internet.

C) Add a rule to the bastion host security group to allow return traffic to your source IP address.

D) Add a rule to the EC2 instance security group to allow traffic from the bastion host security group on port 22.

E) Add a rule to the bastion host security group to allow traffic on port 22 from your source IP address.

D, E

A solution deployed in a virtual private cloud (vpc) needs a subnet with limited access to specific internet addresses. How can an architect configure the network to limit traffic from and to the EC2 instances in the subnet using a network access control list (ACL)?

A.) Add rules to the subnet custom network ACL to allow traffic from and to allowed internet addresses.

B.) Add rules the subnet custom network ACL to allow traffic from and to allowed internet addresses. Deny all other traffic

C.) Add rules to the default network ACL to allow traffic from and to allowed internet addresses.

D.) Add rules to the default network ACL to allow traffic from and to allowed internet addresses. Deny all other traffic.

Not B, probably A