Explore topic-wise InterviewSolutions in Current Affairs.

You will NEED to disable NAT-T on your device. If you don’t PLAN on using NAT-T and it is not disabled on your device, we will ATTEMPT to ESTABLISH a tunnel over UDP port 4500. If that port is not open the tunnel will not establish.

You will need to disable NAT-T on your device. If you don’t plan on using NAT-T and it is not disabled on your device, we will attempt to establish a tunnel over UDP port 4500. If that port is not open the tunnel will not establish.

When you launch an Amazon EC2 instance within a VPC, you may optionally specify the PRIMARY private IP address for the instance. If you do not specify the primary private IP address, AWS automatically addresses it from the IP address range you ASSIGN to that subnet. You can assign SECONDARY private IP addresses when you launch an instance, when you create an ELASTIC Network Interface, or any time after the instance has been launched or the interface has been created.

When you launch an Amazon EC2 instance within a VPC, you may optionally specify the primary private IP address for the instance. If you do not specify the primary private IP address, AWS automatically addresses it from the IP address range you assign to that subnet. You can assign secondary private IP addresses when you launch an instance, when you create an Elastic Network Interface, or any time after the instance has been launched or the interface has been created.

The MINIMUM SIZE of a subnet is a /28 (or 14 IP addresses.) for IPV4. SUBNETS cannot be larger than the VPC in which they are created.

The minimum size of a subnet is a /28 (or 14 IP addresses.) for IPv4. Subnets cannot be larger than the VPC in which they are created.

CURRENTLY you can CREATE 200 subnets per VPC. If you WOULD like to create more, PLEASE submit a case at the support center.

Currently you can create 200 subnets per VPC. If you would like to create more, please submit a case at the support center.

No. To CHANGE the size of a VPC you must TERMINATE your existing VPC and CREATE a NEW ONE.

No. To change the size of a VPC you must terminate your existing VPC and create a new one.

VPN CONNECTION-hours are billed for any time your VPN connections are in the "available" STATE. You can determine the state of a VPN connection via the AWS Management Console, CLI, or API. If you no longer wish to use your VPN connection, you SIMPLY terminate the VPN connection to avoid being billed for additional VPN connection-hours.

VPN connection-hours are billed for any time your VPN connections are in the "available" state. You can determine the state of a VPN connection via the AWS Management Console, CLI, or API. If you no longer wish to use your VPN connection, you simply terminate the VPN connection to avoid being billed for additional VPN connection-hours.

Yes. You can ASSIGN one or more secondary private IP addresses to an Elastic Network Interface or an EC2 instance in AMAZON VPC. The number of secondary private IP addresses you can assign depends on the instance type. See the EC2 USER Guide for more information on the number of secondary private IP addresses that can be ASSIGNED per instance type.

Yes. You can assign one or more secondary private IP addresses to an Elastic Network Interface or an EC2 instance in Amazon VPC. The number of secondary private IP addresses you can assign depends on the instance type. See the EC2 User Guide for more information on the number of secondary private IP addresses that can be assigned per instance type.

You can assign any IP address to your instance as long as it is:

• PART of the associated subnet's IP address RANGE
• Not reserved by Amazon for IP networking purposes
• Not currently ASSIGNED to another INTERFACE

You can assign any IP address to your instance as long as it is:

Default VPCS are assigned a CIDR RANGE of 172.31.0.0/16. Default SUBNETS within a default VPC are assigned /20 netblocks within the VPC CIDR range.

Default VPCs are assigned a CIDR range of 172.31.0.0/16. Default subnets within a default VPC are assigned /20 netblocks within the VPC CIDR range.

You assign a single Classless Internet Domain Routing (CIDR) IP address block when you create a VPC. Subnets within a VPC are addressed from this range by you. A VPC can be assigned at most one (1) IP address range at any GIVEN time; addressing a VPC from multiple IP address RANGES is currently not supported. PLEASE note that while you can create multiple VPCS with overlapping IP address ranges, doing so will prohibit you from connecting these VPCs to a common HOME network via the hardware VPN connection. For this reason we recommend using non-overlapping IP address ranges. You can allocate an Amazon-provided IPv6 CIDR block to your VPC.

You assign a single Classless Internet Domain Routing (CIDR) IP address block when you create a VPC. Subnets within a VPC are addressed from this range by you. A VPC can be assigned at most one (1) IP address range at any given time; addressing a VPC from multiple IP address ranges is currently not supported. Please note that while you can create multiple VPCs with overlapping IP address ranges, doing so will prohibit you from connecting these VPCs to a common home network via the hardware VPN connection. For this reason we recommend using non-overlapping IP address ranges. You can allocate an Amazon-provided IPv6 CIDR block to your VPC.

Amazon does not enforce any restrictions on VPN throughput. However, other factors, such as the CRYPTOGRAPHIC capability of your customer gateway, the capacity of your Internet connection, average packet SIZE, the protocol being USED (TCP VS. UDP), and the network latency between your customer gateway and the virtual private gateway can affect throughput.

Amazon does not enforce any restrictions on VPN throughput. However, other factors, such as the cryptographic capability of your customer gateway, the capacity of your Internet connection, average packet size, the protocol being used (TCP vs. UDP), and the network latency between your customer gateway and the virtual private gateway can affect throughput.

Establishing a hardware VPN connection between your existing NETWORK and Amazon VPC allows you to interact with Amazon EC2 instances WITHIN a VPC as if they were within your existing network. AWS does not PERFORM network address translation (NAT) on Amazon EC2 instances within a VPC ACCESSED via a hardware VPN connection.

Establishing a hardware VPN connection between your existing network and Amazon VPC allows you to interact with Amazon EC2 instances within a VPC as if they were within your existing network. AWS does not perform network address translation (NAT) on Amazon EC2 instances within a VPC accessed via a hardware VPN connection.

The DescribeVPNConnection API DISPLAYS the status of the VPN connection, INCLUDING the state ("up"/"down") of each VPN tunnel and corresponding error messages if either tunnel is "down". This information is also displayed in the AWS MANAGEMENT CONSOLE.

The DescribeVPNConnection API displays the status of the VPN connection, including the state ("up"/"down") of each VPN tunnel and corresponding error messages if either tunnel is "down". This information is also displayed in the AWS Management Console.

ClassicLink cannot be enabled for a VPC that has a Classless Inter-Domain Routing (CIDR) that is within the 10.0.0.0/8 range, with the exception of 10.0.0.0/16 and 10.1.0.0/16. In addition, ClassicLink cannot be enabled for any VPC that has a route table ENTRY POINTING to the 10.0.0.0/8 CIDR SPACE to a target other than "LOCAL".

ClassicLink cannot be enabled for a VPC that has a Classless Inter-Domain Routing (CIDR) that is within the 10.0.0.0/8 range, with the exception of 10.0.0.0/16 and 10.1.0.0/16. In addition, ClassicLink cannot be enabled for any VPC that has a route table entry pointing to the 10.0.0.0/8 CIDR space to a target other than "local".

There are two types of VPN connections that you can create: statically-routed VPN connections and dynamically-routed VPN connections.

Customer gateway devices supporting statically-routed VPN connections MUST be able to:

• Establish IKE Security Association using Pre-Shared KEYS
• Establish IPsec Security Associations in Tunnel mode
• Utilize the AES 128-bit or 256-bit encryption function
• Utilize the SHA-1 or SHA-2 (256) HASHING function
• Utilize Diffie-Hellman (DH) Perfect Forward Secrecy in "Group 2" mode, or one of the additional DH groups we support
• Perform packet fragmentation prior to encryption
• In addition to the above capabilities, devices supporting dynamically-routed VPN connections must be able to:
• Establish Border Gateway Protocol (BGP) peerings
• BIND tunnels to logical interfaces (route-based VPN)
• Utilize IPsec Dead Peer Detection

There are two types of VPN connections that you can create: statically-routed VPN connections and dynamically-routed VPN connections.

Customer gateway devices supporting statically-routed VPN connections must be able to:

A hardware VPN connection connects your VPC to your DATACENTER. AMAZON SUPPORTS Internet Protocol security (IPsec) VPN connections. Data transferred between your VPC and datacenter routes over an encrypted VPN connection to help maintain the CONFIDENTIALITY and integrity of data in transit. An Internet gateway is not required to ESTABLISH a hardware VPN connection.

A hardware VPN connection connects your VPC to your datacenter. Amazon supports Internet Protocol security (IPsec) VPN connections. Data transferred between your VPC and datacenter routes over an encrypted VPN connection to help maintain the confidentiality and integrity of data in transit. An Internet gateway is not required to establish a hardware VPN connection.

IPSEC is a protocol suite for securing INTERNET Protocol (IP) COMMUNICATIONS by authenticating and ENCRYPTING each IP packet of a data STREAM.

IPsec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream.

Instances without public IP ADDRESSES can access the Internet in one of two ways:

Instances without public IP addresses can route their TRAFFIC through a NAT gateway or a NAT instance to access the Internet. These instances use the public IP address of the NAT gateway or NAT instance to traverse the Internet. The NAT gateway or NAT instance allows outbound communication but doesn’t allow machines on the Internet to initiate a connection to the privately ADDRESSED instances.

For VPCs with a hardware VPN connection or Direct Connect connection, instances can route their Internet traffic down the virtual private gateway to your existing DATACENTER. From there, it can access the Internet via your existing egress points and network security/monitoring devices.

Instances without public IP addresses can access the Internet in one of two ways:

Instances without public IP addresses can route their traffic through a NAT gateway or a NAT instance to access the Internet. These instances use the public IP address of the NAT gateway or NAT instance to traverse the Internet. The NAT gateway or NAT instance allows outbound communication but doesn’t allow machines on the Internet to initiate a connection to the privately addressed instances.

For VPCs with a hardware VPN connection or Direct Connect connection, instances can route their Internet traffic down the virtual private gateway to your existing datacenter. From there, it can access the Internet via your existing egress points and network security/monitoring devices.

You can use PUBLIC IP addresses, INCLUDING Elastic IP addresses (EIPS), to give instances in the VPC the ability to both directly communicate outbound to the Internet and to receive unsolicited inbound traffic from the Internet (e.g., WEB servers).

You can use public IP addresses, including Elastic IP addresses (EIPs), to give instances in the VPC the ability to both directly communicate outbound to the Internet and to receive unsolicited inbound traffic from the Internet (e.g., web servers).

An Amazon VPC ROUTER enables Amazon EC2 instances within subnets to COMMUNICATE with Amazon EC2 instances in other subnets within the same VPC. The VPC router also enables subnets, Internet gateways, and VIRTUAL private gateways to communicate with each other. Network usage data is not available from the router; HOWEVER, you can obtain network usage statistics from your instances USING Amazon CloudWatch.

An Amazon VPC router enables Amazon EC2 instances within subnets to communicate with Amazon EC2 instances in other subnets within the same VPC. The VPC router also enables subnets, Internet gateways, and virtual private gateways to communicate with each other. Network usage data is not available from the router; however, you can obtain network usage statistics from your instances using Amazon CloudWatch.

You can have:

• Five AMAZON VPCs per AWS ACCOUNT per region
• Two HUNDRED subnets per Amazon VPC
• Five Amazon VPC Elastic IP addresses per AWS account per region
• One INTERNET gateway per VPC
• Five virtual private gateways per AWS account per region
• Fifty customer gateways per AWS account per region
• Ten IPsec VPN Connections per virtual private gateway

You can have:

Yes. You can use the AWS Management Console to manage Amazon VPC objects such as VPCs, subnets, ROUTE tables, Internet GATEWAYS, and IPSec VPN CONNECTIONS. Additionally, you can use a simple WIZARD to create a VPC.

Yes. You can use the AWS Management Console to manage Amazon VPC objects such as VPCs, subnets, route tables, Internet gateways, and IPSec VPN connections. Additionally, you can use a simple wizard to create a VPC.

Yes. You can CREATE route rules to specify which subnets are ROUTED to the INTERNET GATEWAY, the VIRTUAL private gateway, or other instances.

Yes. You can create route rules to specify which subnets are routed to the Internet gateway, the virtual private gateway, or other instances.

The EC2-Classic instance does not become a member of the VPC. It becomes a member of the VPC SECURITY Group that was associated with the instance. All the rules and REFERENCES to the VPC Security Group apply to COMMUNICATION between instances in EC2-Classic instance and RESOURCES within the VPC.

The EC2-Classic instance does not become a member of the VPC. It becomes a member of the VPC Security Group that was associated with the instance. All the rules and references to the VPC Security Group apply to communication between instances in EC2-Classic instance and resources within the VPC.

In order to use ClassicLink, you FIRST need to enable at least one VPC in your ACCOUNT for ClassicLink. Then you associate a Security GROUP from the VPC with the DESIRED EC2-Classic instance. The EC2-Classic instance is now linked to the VPC and is a member of the SELECTED Security Group in the VPC. Your EC2-Classic instance cannot be linked to more than one VPC at the same time.

In order to use ClassicLink, you first need to enable at least one VPC in your account for ClassicLink. Then you associate a Security Group from the VPC with the desired EC2-Classic instance. The EC2-Classic instance is now linked to the VPC and is a member of the selected Security Group in the VPC. Your EC2-Classic instance cannot be linked to more than one VPC at the same time.

Amazon VIRTUAL Private Cloud (VPC) ClassicLink allows EC2 instances in the EC2-Classic platform to COMMUNICATE with instances in a VPC using private IP addresses. To use ClassicLink, enable it for a VPC in your ACCOUNT, and associate a Security GROUP from that VPC with an instance in EC2-Classic. All the rules of your VPC Security Group will apply to communications between instances in EC2-Classic and instances in the VPC.

Amazon Virtual Private Cloud (VPC) ClassicLink allows EC2 instances in the EC2-Classic platform to communicate with instances in a VPC using private IP addresses. To use ClassicLink, enable it for a VPC in your account, and associate a Security Group from that VPC with an instance in EC2-Classic. All the rules of your VPC Security Group will apply to communications between instances in EC2-Classic and instances in the VPC.

BANDWIDTH between instances in PEERED VPCs is no DIFFERENT than bandwidth between instances in the same VPC.

1. A PLACEMENT group can span peered VPCs; however, you will not get full-bisection bandwidth between instances in peered VPCs.

Bandwidth between instances in peered VPCs is no different than bandwidth between instances in the same VPC.

No. PEERED VPCS MUST have non-overlapping IP RANGES.

No. Peered VPCs must have non-overlapping IP ranges.

No. “Edge to Edge ROUTING” isn’t supported in Amazon VPC. REFER to the VPC PEERING Guide for ADDITIONAL information.

No. “Edge to Edge routing” isn’t supported in Amazon VPC. Refer to the VPC Peering Guide for additional information.

No. You can attach and DETACH SECONDARY interfaces (eth1-ethn) on an EC2 instance, but you can’t detach the eth0 interface.

No. You can attach and detach secondary interfaces (eth1-ethn) on an EC2 instance, but you can’t detach the eth0 interface.

Yes, HOWEVER, this is not a use case best suited for multiple interfaces. Instead, assign additional private IP ADDRESSES to the INSTANCE and then associate EIPs to the private IPS as needed.

Yes, however, this is not a use case best suited for multiple interfaces. Instead, assign additional private IP addresses to the instance and then associate EIPs to the private IPs as needed.

Network interfaces can only be ATTACHED to INSTANCES in the same VPC as the interface

Network interfaces can only be attached to instances in the same VPC as the interface

Network INTERFACES can only be attached to INSTANCES residing in the same AVAILABILITY ZONE.

Network interfaces can only be attached to instances residing in the same Availability Zone.

The total NUMBER of network interfaces that can be attached to an EC2 instance depends on the instance type. See the EC2 User GUIDE for more INFORMATION on the number of allowed network interfaces PER instance type.

The total number of network interfaces that can be attached to an EC2 instance depends on the instance type. See the EC2 User Guide for more information on the number of allowed network interfaces per instance type.

YES, assuming the owner of the other VPC ACCEPTS your PEERING connection request.

Yes, assuming the owner of the other VPC accepts your peering connection request.

No. PEERING CONNECTIONS are only AVAILABLE between VPCS in the same REGION.

No. Peering connections are only available between VPCs in the same region.

AWS uses the EXISTING infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not RELY on a separate piece of physical HARDWARE. There is no single point of failure for COMMUNICATION or a bandwidth bottleneck.

AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck.

If your AWS account has a DEFAULT VPC, any IAM accounts associated with your AWS account use the same default VPC as your AWS account.

If your AWS account has a default VPC, any IAM accounts associated with your AWS account use the same default VPC as your AWS account.

Yes, however, we can only enable an existing account for a default VPC if you have no EC2-Classic resources for that account in that region. Additionally, you must terminate all non-VPC provisioned ELASTIC Load Balancers, Amazon RDS, Amazon ElastiCache, and Amazon Redshift resources in that region. After your account has been configured for a default VPC, all future resource LAUNCHES, including instances launched via AUTO SCALING, will be placed in your default VPC. To request your existing account be setup with a default VPC, contact AWS Support. We will review your request and your existing AWS services and EC2-Classic presence to determine if you are ELIGIBLE for a default VPC.

Yes, however, we can only enable an existing account for a default VPC if you have no EC2-Classic resources for that account in that region. Additionally, you must terminate all non-VPC provisioned Elastic Load Balancers, Amazon RDS, Amazon ElastiCache, and Amazon Redshift resources in that region. After your account has been configured for a default VPC, all future resource launches, including instances launched via Auto Scaling, will be placed in your default VPC. To request your existing account be setup with a default VPC, contact AWS Support. We will review your request and your existing AWS services and EC2-Classic presence to determine if you are eligible for a default VPC.

The simplest way to get a DEFAULT VPC is to create a NEW account in a REGION that is enabled for default VPCs, or use an existing account in a region you've never been to before, as long as the Supported PLATFORMS attribute for that account in that region is set to "EC2-VPC".

The simplest way to get a default VPC is to create a new account in a region that is enabled for default VPCs, or use an existing account in a region you've never been to before, as long as the Supported Platforms attribute for that account in that region is set to "EC2-VPC".

No. TRANSITIVE PEERING RELATIONSHIPS are not SUPPORTED.

No. Transitive peering relationships are not supported.

No. Either SIDE of the peering CONNECTION can terminate the peering connection at any TIME. Terminating a peering connection means traffic won’t flow between the two VPCS.

No. Either side of the peering connection can terminate the peering connection at any time. Terminating a peering connection means traffic won’t flow between the two VPCs.

Yes, but once deleted, it’s gone. Your future INSTANCE launches will be PLACED in your remaining DEFAULT subnet(s).

Yes, but once deleted, it’s gone. Your future instance launches will be placed in your remaining default subnet(s).

YES. Contact AWS Support if you've deleted your default VPC and want to have it RESET

Yes. Contact AWS Support if you've deleted your default VPC and want to have it reset

No. Default VPCs are attached to the INTERNET and all instances launched in default subnets in the default VPC automatically RECEIVE PUBLIC IP addresses. You can ADD a VPN connection to your default VPC if you choose.

No. Default VPCs are attached to the Internet and all instances launched in default subnets in the default VPC automatically receive public IP addresses. You can add a VPN connection to your default VPC if you choose.

Yes. You can RESERVE an instance in Amazon VPC when you PURCHASE Reserved Instances. When computing your bill, AWS does not distinguish whether your instance runs in Amazon VPC or standard Amazon EC2. AWS automatically optimizes which instances are charged at the lower Reserved Instance rate to ENSURE you always PAY the lowest amount. However, your instance reservation will be specific to Amazon VPC. Please see the Reserved Instances PAGE for further details.

Yes. You can reserve an instance in Amazon VPC when you purchase Reserved Instances. When computing your bill, AWS does not distinguish whether your instance runs in Amazon VPC or standard Amazon EC2. AWS automatically optimizes which instances are charged at the lower Reserved Instance rate to ensure you always pay the lowest amount. However, your instance reservation will be specific to Amazon VPC. Please see the Reserved Instances page for further details.

Yes, however, an instance LAUNCHED in a VPC using an AMAZON EBS-backed AMI MAINTAINS the same IP address when stopped and RESTARTED. This is in contrast to similar instances launched OUTSIDE a VPC, which get a new IP address. The IP addresses for any stopped instances in a subnet are considered unavailable.

Yes, however, an instance launched in a VPC using an Amazon EBS-backed AMI maintains the same IP address when stopped and restarted. This is in contrast to similar instances launched outside a VPC, which get a new IP address. The IP addresses for any stopped instances in a subnet are considered unavailable.

Yes, you MAY use AMAZON EBS snapshots if they are LOCATED in the same region as your VPC.

Yes, you may use Amazon EBS snapshots if they are located in the same region as your VPC.

No. You can use the AWS Management Console, AWS EC2 CLI, or the Amazon EC2 API to launch and manage EC2 instances and other AWS RESOURCES in a default VPC. AWS will AUTOMATICALLY create a default VPC for you and will create a default SUBNET in each Availability Zone in the AWS region. Your default VPC will be connected to an Internet gateway and your instances will automatically receive public IP ADDRESSES, just LIKE EC2-Classic.

No. You can use the AWS Management Console, AWS EC2 CLI, or the Amazon EC2 API to launch and manage EC2 instances and other AWS resources in a default VPC. AWS will automatically create a default VPC for you and will create a default subnet in each Availability Zone in the AWS region. Your default VPC will be connected to an Internet gateway and your instances will automatically receive public IP addresses, just like EC2-Classic.

Yes. To LAUNCH into nondefault SUBNETS, you can TARGET your launches using the console or the --subnet option from the CLI, API, or SDK.

Yes. To launch into nondefault subnets, you can target your launches using the console or the --subnet option from the CLI, API, or SDK.