Mastering EC2 Troubleshooting

Questions and Answers

Which component is automatically assigned to a subnet level in AWS?

Security group

NACL (correct)

Route 53

IGW

What is the purpose of CloudTrail?

Capture IP traffic in VPC

Monitor account activity in AWS (correct)

Log DNS queries

Check connectivity troubleshooting

Which AWS default component is automatically attached to a default VPC?

IGW (correct)

Security group

NACL

Route 53

What is the purpose of VPC flow logs?

Capture IP traffic in VPC

Which component is stateless and has separate incoming and outgoing rules?

NACL

What is the purpose of Route 53 logs?

Log DNS queries

Which component needs to be manually applied to an instance in AWS?

Security group

Which component can be used to block a specific IP address to an EC2 instance?

NACL

Which component has rules applied in a specific order based on their assigned number?

NACL

Which component has both allow and deny rules?

NACL

Which of the following could be causing the access issue for the FortiGate VM?

The SG has the incorrect inbound rule

What should you check first when troubleshooting EC2 connectivity issues?

The EC2 IP-address

What is the purpose of an inbound rule in an SG?

To allow traffic from a specific IP-address

What could be the reason for no incoming traffic to the FortiGate VM?

The sniffer capture shows no incoming traffic

What should you check if there is no HTTPS or SSH connectivity to the FortiGate VM?

The FortiGate sniffer capture

What is the purpose of a network access control list (NACL)?

To allow traffic from all IP-addresses

What is the purpose of a VPC route table?

To allow traffic from all IP-addresses

What should you check last when troubleshooting EC2 connectivity issues?

The local firewall and routing table

What is the purpose of an SG inbound rule for SSH or HTTPS?

To allow traffic from a specific IP-address

What is the purpose of an internet gateway (IGW) in a VPC?

To allow traffic from all IP-addresses