VPC - PART 3

A Security Group in AWS acts as a virtual firewall, controlling inbound and outbound traffic at the instance level. It allows you to specify which traffic is permitted to reach your instances.

Security Groups are stateful, meaning they track the state of connections, while Network ACLs are stateless, treating each request independently. This fundamental difference affects how traffic is managed in a network.

Using both Network ACLs and Security Groups provides layered security by allowing multiple levels of filtering for inbound and outbound traffic, enhancing the overall security posture of the network.

A NAT Gateway is required for an EC2 instance in a private subnet to access the internet. It allows outbound internet traffic while keeping the instance secure from direct inbound traffic.

Removing an Internet Gateway from a VPC results in the loss of all public internet access. This means that instances in the VPC can no longer communicate with the internet, affecting any services relying on such connectivity.

Elastic IPs are designed to provide fixed, static IP addresses that can be associated with your cloud resources. This allows for consistent access to your services, even if the underlying infrastructure changes.

Deploying resources across multiple Availability Zones ensures high availability by distributing workloads. If one zone fails, resources in another zone can continue to operate, minimizing downtime.

A common use case for a VPC is hosting secure web applications, as it allows for isolated networking, enhanced security, and control over resources, making it ideal for sensitive applications.

A hybrid cloud setup using AWS VPC enables connecting an on-premises network to AWS, allowing for seamless integration and resource sharing. The other options do not accurately describe the capabilities of a hybrid cloud setup.

A public IP address in AWS is an IP address reachable from the internet, allowing external access to resources. The other options describe internal addresses, IPv6 specifics, or Elastic IPs, which are not the definition of a public IP.