Explore key concepts of EC2 networking with a quiz focused on Elastic Network Interfaces (ENIs), their features, attachment, and common configuration scenarios. This set of questions helps reinforce foundational knowledge of ENIs and networking best practices within EC2 environments.
What is an Elastic Network Interface (ENI) most accurately described as in the context of virtual machines?
Explanation: An ENI functions as a virtual network card that can be attached or detached from instances, providing networking capabilities such as private IP addresses, security groups, and MAC addresses. It is not a physical router or device, which eliminates option two. ENIs do not serve as storage devices for backups, ruling out option three. Option four refers to an unrelated security service, not a networking component.
Which of the following best describes how many ENIs can an instance usually have attached by default, depending on its type?
Explanation: The maximum number of ENIs that can be attached to an instance is determined by the instance type. Some types support more ENIs than others based on their specifications, so option three is most accurate. Option one incorrectly sets a uniform maximum of two, while option two is too restrictive. Unlimited attachment is not possible, so option four is incorrect.
Which feature does an ENI provide when attached to an instance?
Explanation: ENIs allow assignment of one or more private IP addresses, which facilitate network communication. They do not provide data encryption at rest, as that is a storage security feature. Scheduled backup is not a networking function, eliminating option three. ENIs do not affect CPU performance, so option four does not apply.
In which scenario might moving an ENI from one instance to another be useful?
Explanation: Detaching an ENI from one instance and attaching it to another preserves its networking setup, which is valuable for failover or replacement scenarios. Upgrading memory or disk storage is unrelated to ENIs. ENIs cannot be transferred between regions, making that option invalid. Only preserving networking configuration directly involves ENIs.
What is needed for an ENI to be accessible from the public internet?
Explanation: To allow internet access, an ENI must have a public IP or Elastic IP associated with it. A password policy does not relate to ENI external connectivity. Accessing a root file system is a storage concept and not connected to networking. While security groups help control access, alone they do not provide public reachability without a public IP.
If you attach multiple security groups to an ENI, how is incoming traffic filtered?
Explanation: When multiple security groups are attached, the set of allowed traffic is the union of all rules from all these groups. Only using the first group would ignore additional rules, making option two incorrect. Blocking all traffic is never the default behavior when groups are attached, so option three is wrong. Evaluating only outbound rules for incoming traffic is incorrect, invalidating option four.
When you create an ENI, to which network construct must it be associated?
Explanation: ENIs must be created within a subnet to define their network range and connectivity. Virtual storage volumes are for data storage, not networking. Domain name systems resolve names, not provide network attachment. A security key pair deals with instance authentication rather than network interface placement.
What best describes the primary ENI on a standard virtual machine instance?
Explanation: The primary ENI is automatically created and attached to the instance at launch and cannot be detached during the instance’s lifetime. Manual creation is not required for the primary ENI. It is not a rarely used backup interface, so option three is incorrect. Security groups can be chosen and are not always random.
Which state does an ENI enter when it is not attached to any instance?
Explanation: When not attached, the ENI is in the ‘Available’ state, making it ready to be attached to an instance. The 'In use' state refers to being attached. The ‘Pending’ state reflects creation or configuration in process. ‘Disconnected’ is not a recognized state for ENIs.
When you move an ENI between instances, how does the MAC address behave?
Explanation: An ENI retains its MAC address when moved, ensuring consistent network identification. The MAC is not randomly reset or reassigned to match the target instance, making options two and three incorrect. It does not assume the primary ENI's address, which dismisses option four.