Chapter 10: The Core Networking Services
-
B, D. For each account, AWS creates a default VPC in each Region. A VPC spans all Availability Zones within a Region. VPCs do not span Regions.
-
A. A VPC or subnet CIDR can have a size between /16 and /28 inclusive, so 10.0.0.0/28 would be the only valid CIDR.
-
B, C. A subnet exists in only one Availability Zone, and it must have a CIDR that’s a subset of CIDR of the VPC in which it resides. There’s no requirement for a VPC to have two subnets, but it must have at least one.
-
C. When you create a security group, it contains an outbound rule that allows access to any IP address. It doesn’t contain an inbound rule by default. Security group rules can only permit access, not deny it, so any traffic not explicitly allowed will be denied.
-
B, D. A network access control list is a firewall that operates at the subnet level. A security group is a firewall that operates at the instance level.
-
B. A VPC peering connection...