Virtual Private Cloud (VPC) Overview

Questions and Answers

PDF Questions PDF Answers

What is the primary characteristic of a Virtual Private Cloud (VPC)?

It is a logically isolated virtual network. (correct)

It operates on a fixed public network.

It requires constant internet connectivity.

It does not allow any configuration changes.

Which of the following services can be used to enable a VPC to communicate with the Internet?

Peer-to-Peer Connection

Private Virtual Network

Direct Connect (correct)

Local Area Network

What is a limitation on the length of an individual label in a domain name?

Cannot exceed 255 characters

Cannot be less than 5 characters

Cannot be more than 50 characters

Cannot exceed 63 characters (correct)

What is the role of security groups in a Virtual Private Cloud?

To protect Elastic Cloud Servers (ECSs).

Which statement regarding VPC communication is correct?

VPCs are isolated from each other and require peering for communication.

Which of the following best describes a Third-level domain?

It is a subdomain of the second-level domain.

What is a requirement when creating a VPC?

A private CIDR block must be specified.

Which service provides a dedicated network connection that emphasizes low latency and high speed?

Direct Connect

What character cannot be at the beginning or end of a label in a domain name?

What is the default behavior of subnets within a VPC?

They can communicate with each other within the VPC.

What is the maximum total length of a domain name, including the final period?

254 characters

Why is dynamic BGP beneficial for a VPC?

It offers real-time automatic failover and path optimization.

What is a notable limitation of a Virtual Private Cloud?

VPCs cannot communicate with each other by default.

What is the purpose of a hybrid cloud deployment?

To integrate on-premises data centers with cloud services.

What does an elastic network interface represent?

A virtual network card for cloud resources.

How does an IP address group simplify security management?

By grouping IP addresses with similar security needs.

What does it mean that each subnet in a VPC can only be associated with one route table?

This limits the complexity of routing decisions.

What is a characteristic of an Elastic IP (EIP)?

Each EIP can only be used by one cloud resource at a time.

What is a route table used for in a VPC?

To define traffic direction for subnets.

Why can ECSs in different VPCs not communicate with each other by default?

Each VPC operates completely independently.

What does a security group consist of in a VPC?

A set of access control rules for trusted ECSs.

What is the primary function of a security group in a VPC?

To act as a virtual firewall with access rules for mutually trusted instances

Which connectivity option allows two VPCs in the same region to communicate using private IP addresses?

VPC peering connection

What can be used to control inbound and outbound traffic at the subnet level in a VPC?

Network ACLs

In a web application hosting scenario, what is the role of load balancers provided by the ELB service?

To distribute traffic evenly across multiple ECSs

What is the purpose of creating a custom route table in a VPC?

To allow a cloud server without an EIP to access the Internet

How can you ensure high security for web and database servers hosted in a VPC?

By launching web servers in a publicly accessible subnet and database servers in private subnets

What role do NAT gateways serve in a VPC environment?

They enable cloud servers to connect to the Internet

What is a primary benefit of using multiple VPCs for different service systems?

It enhances security through logical isolation

What is the primary purpose of reverse DNS lookup?

To verify the credibility of email servers

What must be configured to ensure emails from your server are not treated as spam?

A PTR record

How does intelligent resolution optimize DNS query responses?

By providing different results based on networks or geographic locations

Which format correctly represents a valid domain name?

example.com.

What is a feature of private domain names in a VPC?

They allow communication between resources within the VPC without public access

What happens if no PTR records are configured for your email server?

Emails will be treated as spam or discarded

What does DNS segmentation refer to in the context of domain names?

Using periods to segment a domain name into multiple labels

What role does the cloud service OBS serve when accessed over a private network?

Object storage service

Study Notes

Virtual Private Cloud (VPC)

• A logically isolated virtual network that enables users to create subnets, configure route tables, assign elastic IP addresses (EIPs) and bandwidths, and manage access control using security groups.
• Based on tunneling technology, VPC provides secure and isolated networks.
• Users can customize VPCs, including dividing subnets, configuring route tables, specifying IP addresses, and configuring network access control lists (ACLs) and security groups.
• VPC's advantages include flexible configuration, security and reliability, seamless connectivity with the internet, and high-speed access.
• Supported CIDR blocks for VPCs are 10.0.0.0/8-24, 172.16.0.0/12-24, and 192.168.0.0/16-24.
• By default, VPCs in the same region cannot communicate with each other, but a VPC peering connection can be created to enable communication using private IP addresses.

VPC Architecture

• Each VPC comprises a private CIDR block, route tables, and at least one subnet.
• A system generates a default route table during VPC creation, allowing all subnets within the VPC to communicate with each other.
• Security groups act as virtual firewalls that define access rules for instances within a VPC, while network ACLs control traffic at the subnet level.

Application Scenarios of VPC

• Dedicated Networks on Cloud: Utilizing VPCs as isolated private networks for deploying different service systems, such as production and test environments. VPC peering connections can be established to allow communication between services.
• Web Application/Website Hosting: Hosting web applications and websites within a VPC, utilizing EIPs or NAT gateways to connect servers to the internet. Load balancers can distribute traffic across servers.
• Web Application Access Control: Creating multiple security groups for different web and database servers within a VPC, enabling fine-grained access control. Publicly accessible subnets can accommodate web servers, while database servers are deployed in non-publicly accessible subnets.
• Hybrid Cloud Deployment: Building a hybrid cloud solution by connecting on-premises data centers to VPCs, allowing organizations to maintain core data on-premises while leveraging cloud services.

VPC Concepts

• Elastic Network Interface (ENI): A virtual network card allowing creation and configuration of network interfaces, which can be attached to instances for flexible and high-availability networking.
• IP Address Group: A collection of IP addresses sharing the same security group rules, simplifying security group management and reducing repetitive rule modifications.
• Subnet: A unique CIDR block within a VPC, hosting all resources. Once created, a subnet's CIDR block cannot be modified.
• Elastic IP (EIP): Enables cloud resources to communicate with the internet using static public IP addresses and scalable bandwidth. EIPs can be bound to instances, load balancers, and NAT gateways.
• Route Table: Contains routes defining the destination of network traffic from subnets within a VPC. Each subnet is associated with a route table, ensuring traffic routing.
• Security Group: A collection of access control rules for instances with similar security requirements within a VPC.
• Private Domain Names: Allow communication among instances within VPCs without internet connectivity, also enabling access to cloud services like OBS and SMN over a private network.
• Reverse Resolution (Reverse DNS Lookup): Used to validate email servers, checking if the server's IP address and domain name align.
• Intelligent Resolution: DNS features allowing configuration of resolution lines to specify the DNS server that returns different resolution results based on visitor IP addresses, improving resolution efficiency and access speed.

Domain Name Format and DNS Hierarchy

• Domain names are segmented using periods (.) into multiple labels, which can contain letters, digits, hyphens, and supported language-specific characters. Labels cannot start or end with a hyphen and are limited to 63 characters. The total length of a domain name, including the period at the end, cannot exceed 254 characters.
• Domain names are organized hierarchically:
  • Root domain: "." (a dot)
  • Top-level domain: .com, .net, .org, .cn, etc.
  • Second-level domain: example.com, example.net, example.org, etc.
  • Third-level domain: abc.example.com, abc.example.net, abc.example.org, etc.

Other Network Services

• VPC Endpoint (VPCEP): Provides secure access to HUAWEI CLOUD services and private services without using EIPs, offering flexible networking.
• Direct Connect: Establishes a dedicated network connection between on-premises data centers and the cloud, offering high speed, low latency, stability, and security.
• Cloud Connect: Creates a globally connected cloud network with enterprise-grade scalability and communication capabilities by connecting VPCs.

Description

This quiz provides an overview of Virtual Private Cloud (VPC) concepts, including its architecture, configuration, and benefits. Learn about subnets, route tables, security groups, and the importance of CIDR blocks in VPC management.