VPC

Your developers are in the process of creating a new application for your business unit. The developers work only on weekdays. To save costs, you shut down the web server (EC2 server) on the weekend and again start them on Monday. Every Monday the developers face issues while connecting to the web server. The client via which they connect to the web server stores the IP address. Since the IP address changes every week, they need to reconfigure it. What can you do to fix the problem for developers? Since your main intention is saving money, you can’t run the EC2 servers over the weekend.

You have created a VPC with a CIDR block of 200.0.0.0/16 with a public subnet of 20.0.0.0/24. You launched an EC2 instance in the public subnet, and you are hosting your web site from that EC2 instance. You have already configured the security groups correctly. What do you need to do from network ACLs so that the web site is accessible from your home network of 192.168.1.0/24?

You have created a customer subnet, but you forgot to add a route for Internet connectivity. As a result, all the web servers running in that subnet don’t have any Internet access. How will you make sure all the web servers can access the Internet?

You are deploying a three-tier architecture in AWS. The web servers are going to reside in a private subnet, and the database and application servers are going to reside in a public subnet. You have chosen two AZs for high availability; thus, you are going to have two web servers, one in each AZ; two application servers, one in each AZ; and an RDS database in master standby mode where the standby database is running on a different AZ. In addition, you are using a NAT instance so that the application server and the database server can connect to the Internet if needed. You have two load balancers: one external load balancer connected to the web server and one internal load balancer connected to the application servers. What can you do to eliminate the single point of failure in this architecture?

You have going to deploy an application across six EC2 servers. You are planning to use three availability zones for deploying the EC2 instances, but your business needs 100 percent fault tolerance if any of the AZs go down. How do you ensure you are able to meet your business needs? You are planning to use us-east-1, us-east-2, and us-east-3 as AZs for deploying your application.

You are deploying a three-tier application and want to make sure the application is secured at all layers. What should you be doing to make sure it is taken care of?

When you define a CIDR block with an IP address range, you can’t use all the IP addresses. AWS reserves a few IP addresses for its own networking purposes. How many IP addresses does AWS reserve?

You have created a VPC using the VPC wizard with a CIDR block of 100.0.0.0/16. You selected a private subnet and a VPN connection using the VPC wizard and launched an EC2 instance in the private subnet. Now you need to connect to the EC2 instance via SSH. What do you need to connect to the EC2 instance?

What does a public subnet have in a VPC?

You have created a VPC with the CIDR block 10.0.0.0/16 and have created a public subnet and a private subnet, 10.0.0.0/24 and 10.0.0.0/24, respectively, within it. Which entries should be present in the main route table to allow the instances in VPC to communicate with each other?

You want to have a static public IP address for your EC2 instance running in a public subnet. How do you achieve this?

Your company is doing business in North America, and all your customers are based in the United States and Canada. You are using us-east as a primary region and using the us-west region for disaster recovery. You have a VPC in both the regions for hosting all the applications supporting the business. On weekends you are seeing a sudden spike in traffic from China. While going through the log files, you find out that some users from China are scanning the open ports to gain entry to your server. How do you restrict the users from China from connecting to your VPC?

You just deployed a three-tier architecture in AWS. The web tier is in a public subnet, and the application and database tiers are in a private subnet. You need to download some OS updates for the application. You want a permanent solution for this, which at the same time should be highly available. What is the best way to achieve this?

What is the range of CIDR blocks that can be used inside a VPC?

You are a developing an application, and you have associated an EIP with the application tier, which is an EC2 instance. Since you are in the development cycle, you have to frequently stop and start the application server. What is going to happen to the EIP when you start/stop the application server?