04 Storage

Question 1

Describe FSx for Windows File Server.

Answer 1

FSx for Windows File Server is a Windows-native shared storage solution that uses SMB, integrates with Directory Service or self-managed Active Directory, and can operate in single or multi-AZ mode.

Question 2

How can backups be managed in FSx for Windows File Server?

Answer 2

Backups in FSx for Windows File Server can be performed on-demand or scheduled.

Question 3

Explain how FSx can be accessed.

Answer 3

FSx can be accessed directly in a VPC, through peering, VPN, or Direct Connect.

Question 4

What is the purpose of FSx for Lustre?

Answer 4

FSx for Lustre is designed for shared HPC storage specifically for Linux clients.

Question 5

Define the two modes of operation for FSx for Lustre.

Answer 5

FSx for Lustre operates in two modes: Scratch, optimized for short-term storage with maximum performance and no replication, and Persistent, used for longer-term storage with self-healing and high availability within a single AZ.

Question 6

How does the Lustre file-system interact with S3?

Answer 6

The Lustre file-system can be lazy loaded from an S3 bucket, providing high-performance access to S3 objects.

Question 7

What are the availability options for EFS?

Answer 7

EFS can be configured for multi-AZ or single zone availability.

Question 8

Describe the purpose of S3 storage classes.

Answer 8

S3 storage classes allow optimization of the service for specific workloads.

Question 9

What is S3 Express One Zone?

Answer 9

S3 Express One Zone is the most expensive S3 option, offering better performance than S3 Standard.

Question 10

Define lifecycle configurations in S3.

Answer 10

Lifecycle configurations are rules that transition objects between storage classes and delete them based on a period of time.

Question 11

How do lifecycle rules operate in S3?

Answer 11

Lifecycle rules in S3 are based on a period of time rather than access patterns, and can be configured based on object versions.

Question 12

What is the minimum waiting period for transitioning from Standard to an infrequent tier in S3?

Answer 12

A minimum of 30 days must be waited before transitioning from Standard to an infrequent tier, and another 30 days to move to Glacier tiers.

Question 13

Explain the purpose of replication in S3.

Answer 13

Replication in S3 mirrors content from one bucket to another in a different region and/or accounts.

Question 14

What role does IAM play in S3 replication?

Answer 14

An IAM role added to the replication configuration grants S3 the required permissions to perform the replication.

Question 15

Describe the requirement for cross-account replication in S3.

Answer 15

A bucket policy on the destination is required for cross-account replication.

Question 16

How can filters be used in S3 replication?

Answer 16

Filters can be used to replicate objects based on prefix and/or tags.

Question 17

Define the storage class configuration in S3 replication.

Answer 17

The storage class used in the destination bucket can be configured.

Question 18

What is the default ownership of new objects in the destination bucket during replication?

Answer 18

By default, new objects in the destination are owned by the source bucket’s account, but this can be overridden.

Question 19

Explain Replication Time Control (RTC) in S3.

Answer 19

Replication Time Control (RTC) adds a 15-minute SLA to replication; otherwise, replication is best effort.

Question 20

How is replication direction configured in S3?

Answer 20

Replication is one-way by default, but bi-directional replication can be enabled.

Question 21

What types of encrypted objects can be replicated in S3?

Answer 21

Replication of encrypted objects using SSE-KMS and SSE-C is supported.

Question 22

Which storage classes cannot be replicated in S3?

Answer 22

Objects stored in Glacier and Glacier Deep Archive cannot be replicated.

Question 23

Define the encryption method used by SSE-S3 in S3.

Answer 23

SSE-S3 performs AES-256 encryption using keys managed by S3, and it is now the default encryption method.

Question 24

What is a limitation of SSE-S3 regarding role separation?

Answer 24

SSE-S3 does not allow role separation; anyone with GetObject permissions can also decrypt objects.

Question 25

How does SSE-C differ from SSE-S3?

Answer 25

SSE-C uses a customer-provided key which is passed with requests to the S3 API, unlike SSE-S3 which uses S3-managed keys.

Question 26

What is the advantage of using SSE-KMS in S3?

Answer 26

SSE-KMS uses a key managed in KMS, allowing for key rotation and other management features.

Question 27

What are bucket keys in the context of SSE-KMS?

Answer 27

Bucket keys allow KMS to share keys across multiple objects in a bucket, reducing costs.

Question 28

What are pre-signed URLs in S3?

Answer 28

Pre-signed URLs give time-limited permissions to download or upload an object, based on the identity that created the URL.

Question 29

How do S3 Select and Glacier Select optimize data retrieval?

Answer 29

S3 Select and Glacier Select use a SQL-like syntax for server-side filtering, reducing the amount of data that needs to be fetched.

Question 30

Describe the purpose of Access Points in S3.

Answer 30

Access Points simplify the management of permissions by creating multiple endpoints, each with different policies and networking controls.

Question 31

How can Access Points be secured in S3?

Answer 31

Access Points can be paired with VPC endpoints to ensure they can only be accessed via a specific VPC endpoint.

Question 32

What is the function of Object Lock in S3?

Answer 32

Object Lock protects object versions for a specific period of time or indefinitely.

Question 33

Explain retention periods in the context of Object Lock.

Answer 33

Retention periods are for a fixed period of time and can be extended but not removed.

Question 34

Describe the difference between compliance mode and governance mode in legal holds.

Answer 34

In compliance mode, nobody can overwrite the legal hold, while in governance mode, object versions can be overwritten with special permissions.

Question 35

How does Amazon Macie enhance data security in S3?

Answer 35

Amazon Macie uses machine learning to detect personally identifiable information (PII) and other sensitive data in S3 objects.

Question 36

Define EBS and its purpose in AWS.

Answer 36

EBS, or Elastic Block Store, provides high-performance, resilient storage for EC2 instances.

Question 37

What are EBS Snapshots and how do they function?

Answer 37

EBS Snapshots are incremental backups of EBS volumes, allowing for efficient data backup and recovery.

Question 38

Explain the role of Amazon Data Lifecycle Manager.

Answer 38

Amazon Data Lifecycle Manager automates the creation and management of EBS Snapshots.

Question 39

How do Instance Store Volumes differ from EBS volumes?

Answer 39

Instance Store Volumes are attached directly to the underlying EC2 instance and are lost if the instance is stopped and then started again.

Question 40

Describe the function of AWS Transfer.

Answer 40

AWS Transfer facilitates the transfer of data to and from S3 and EFS using non-native protocols such as SSH (SFTP) and FTP.