Module 6 Knowledge Check

Module 6 Knowledge Check

Module 6 Knowledge Check

1. Which definition describes a VPC?

A logically isolated virtual network that you define in the AWS cloud

Explanation: VPC is a logically isolated section of the AWS Cloud where you can launch AWS resource in a virtual network that you define. You have complete control over your networking environment.

2. Which actions are best practices for designing a VPC?

- Divide the VPC network range evenly across all AZ available.

- Create one subnet per AZ for each group of hosts that have unique routing requirements.

- Reserve some address space for future use.

Explanation: Running out of addresses might require complicated network re-addressing. Adding more CIDR blocks to a VPC is possible, but not a solution for inadequate planning. Distributing subnet and hosts across AZ reduce the chance of correlated failures.

3. A company wants to run a highly available web tier by using two EC2 instance and a load balancer. Which design is valid and provides the highest availability?

Two different subnets, one per AZ. Each subnet contains one EC2 instance.

Explanation: A problem in one AZ does not affect both EC2 instances.

4. A company’s VPC has the CIDR block (2048 address). It has two subnets (A and B). Each subnet must support 100 usable addresses now, but this number is expected to rise to at most 254 usable addresses soon. Which subnet addressing scheme meets the requirements and follows AWS best practice? 

Subnet A: (512 addresses), Subnet B: (512 addresses)

Explanation: These CIDR blocks are the next larger size from /24. AWS reserve five addresses per subnet, so each CIDR block has 507 usable addresses. This scheme provides room for the growth requirement.

5. Which combination of actions enables direct internet access for IPv4 hosts in a VPC?

- Configuring security groups and network ACL to permit internet traffic

- Creating a route for that points to the internet gateway

- Configuring hosts to have or obtain an internet-routable address.

Explanation: Hosts need internet-routable addresses that are obtained statically, dynamically, or by address translation. The default route is and it must point to the internet gateway. All traffic passes through security groups and network ACL which must allow the flow.

6. A group of consultants requires access to an EC2 instance from the internet, for 3 consecutive days each week. The instance is shut down for the rest of the week. The VPC has internet access. How should you assign an IPv4 address to the instance to give the consultant access?

Associate an Elastic IP address with the EC2 instance

Explanation: Using Elastic IP helps to ensure that the instance has the same internet address.

7. Several EC2 instances launch in a VPC that has internet access. These instances should not be accessible from the internet, but they must be able to download updates from the internet. How should the instances launch?

Without public IP addresses, in a subnet with a default route to a NAT Gateway

Explanation: NAT gateway provides EC2 instances with internet-routable source addresses for sessions that EC2 instances initiate. However, it does not enable internet access to the instances.

8. You are configuring a bastion host to access EC2 instances in a VPC. What must you do to the security groups?

- Add a rule to the bastion host to allow traffic from your source IP.

- Add a rule to the private subnet EC2 instances to allow traffic from the bastion host security group.

Explanation: You must modify the security group of each instance to allow traffic. Following the principle of least privilege, the security groups should limit traffic to only those systems that need access. You can allow traffic to IP addresses and other security groups.

9. You have a VPC with public subnet and a secure subnet. All EC2 instances in the secure subnet must be able to communicate with specific internet addresses. How can you control traffic with a Network ACL?

Add rules to the subnet custom network ACL to allow traffic from and to allowed internet accesses.

10. All of the EC2 instances in a subnet can communicate with a certain IPv4 network on the internet. How should you modify the security group or current custom network ACL to deny traffic to and from several restricted addresses in that network?

In the network ACL, deny traffic to and from the restricted addresses.

Explanation: This solution is the easiest way to deny traffic to and from individual addresses. You can specify the individual address, or a range of address, to deny. These rules should have lower rule number than rules that allow traffic to and from the wider network.

Module 5 Knowledge Check

Module 4 Knowledge Check

Module 3 Knowledge Check

Akhir kata :

Terimakasih sudah membaca artikel Module 6 Knowledge Check semoga artikel yang kalian baca dapat bermanfaat buat kita semua, apabila ada yang ditanyakan silahkan komen saja dibawah kolom ya. Biar kita sharing-sharing tentang apa yang kita tahu, apabila ada kata atau bahasa yang salah tulis mohon dimaafkan. Jangan lupa juga kunjungi tutorial-tutorial lainnya di blog ini. Terimakasih sampai jumpa di artikel selanjutnya. semoga suka dengan Elden Ring Cheat Table  Game fantastis ini.

Masih Banyak sekali trik dan tips Untuk Apliaksi yang bisa kamu coba. Selengkapnya cek di Situs Lutfin.com di bagian Tips dan Trik masukan kata kunci yang kamu inginkan.

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel