Cram Quiz – Data Protection at Rest and in Transit – SOA-C02 Study Guide

Cram Quiz

Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.

1. Which of the following AWS services does not make use of ACM certificates?

A. Elastic Load Balancing

B. Amazon API Gateway

C. AWS CloudFormation

D. AWS CodeCommit

2. Which of the following credentials cannot be stored in the AWS Secrets Manager?

A. IAM passwords

B. AWS RDS databases

C. OAuth tokens

D. Secure Shell (SSH) keys

Cram Quiz Answers

1. Answer: D is correct. ACM certificates are used by the following services: Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, AWS Elastic Beanstalk, AWS CloudFormation, AWS App Runner, and AWS Nitro Enclaves.

2. Answer: A is correct. The AWS Secrets Manager can store credentials for the following: AWS RDS databases, AWS DocumentDB database, AWS Redshift clusters, Non-AWS databases, application programming interface (API) keys, OAuth tokens, and Secure Shell (SSH) keys.

What Next?

If you want more practice on this chapter’s exam objectives before you move on, remember that you can access all of the Cram Quiz questions on the Pearson Test Prep software online. You can also create a custom exam by objective with the Online Practice Test. Note any objective you struggle with and go to that objective’s material in this chapter.

Chapter 11 Networking and Connectivity

This chapter covers content related to the following official AWS Certified SysOps Administrator – Associate (SOA-C02) exam domains:

Domain 4: Security and Compliance

Domain 5: Networking and Content Delivery

(For more information on the official AWS Certified SysOps Administrator – Associate [SOA-C02] exam topics, see the Introduction.)

A strong understanding of networking concepts is an essential skill for system operators working with AWS resources. Many of the networking systems that you are familiar with from a physical datacenter (routers, firewalls, VPNs) also exist in an AWS Virtual Private Cloud (VPC). However, the methods that you use to manage these systems have evolved.

The VPC

This section covers the following objective of Domain 5 (Networking and Content Delivery) from the official AWS Certified SysOps Administrator – Associate (SOA-C02) exam guide:

5.1 Implement networking features and connectivity

CramSaver

If you can correctly answer these questions before going through this section, save time by skimming the Exam Alerts in this section and then completing the Cram Quiz at the end of the section.

1. What is the largest IPv4 CIDR range that can be configured for a VPC?

2. You have created a VPC and a public subnet and now must provide access to the Internet for EC2 instances within it. You have not created any custom route tables. What tasks must be completed to accomplish this goal?

Answers

1. Answer: /16

2. Answer: You must create an Internet gateway, attach it to the VPC, and configure a default route in the main route table that points to the Internet gateway.

Virtual Private Cloud

A Virtual Private Cloud (VPC) is an isolated virtual network that belongs to an AWS organization. Within the VPC, you have control over how traffic flows. You choose your classless interdomain routing (CIDR) range, establish subnets, configure and associate route tables, and create and attach firewall rules using network access control lists (NACLs) and security groups. Subnets can be configured to host public resources like web servers or private resources like databases.

A default VPC is automatically created in every AWS region for your AWS account. This default VPC is configured so that you can easily set up an application for public access. The default VPC is not ideal for private resources; therefore, you should consider creating your own VPCs so that you can better control security.

When you create a VPC, you configure a CIDR range that must be between a /16 netmask and /28 netmask. Be sure to configure a large enough CIDR range because it cannot be modified after the VPC is created. If you run out of address space, you can add a secondary CIDR range to an existing VPC. The secondary CIDR range can be contiguous to the primary CIDR range. In Figure 11.1, you can see the AWS Management Console screen where you create a VPC and set the CIDR range.

FIGURE 11.1 VPC CIDR range