Advanced Amazon S3 & Athena Flashcards

1
Q

Who can enable/disable MFA-Delete?

A

Only the bucket owner (root account)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why do you need MFA?

A
  • Permanently delete an object version

* Suspend versioning on the bucket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What do you need before using MFA-Delete?

A

Enable Versioning on the S3 bucket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When are bucket policies evaluated?

A

Before “default encryption”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Any request made to S3, from any account, authorized or denied, will be logged into another S3 bucket

A

S3 Access Logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Concerning S3 Access Logs, what should you NEVER do?

A

Never set your logging bucket to be the monitored bucket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Compliance, lower latency access, replication across accounts

What use case is this?

A

CRR (Cross Region Replication)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What use case is this?

Log aggregation, live replication between production and test accounts

A

SRR (Same Region Replication)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Is there any way to replicate a delete between two buckets?

A

No.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How many S3 storage classes are there?

A

6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Use Cases: Big Data analytics, mobile & gaming applications, content distribution

A

S3 Standard - General Purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  • High durability of objects across multiple AZ (99.999999999%)
  • Sustain 2 concurrent facility failures
  • 99.99% Availability over a given year
A

S3 Standard - General Purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • Suitbale for data that is less frequently accessed, but requires rapid access when needed
  • High durability (99.9999999999%) of objects across multiple AZs

99.9% Availability

•Use Cases: As a data store for disaster recovery, backups

A

S3 Standard - Infrequent Access (IA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • 99.5% Availability
  • Low latency and high throughput performance
  • Supports SSL for data at transit and encryption rest
  • Stored in single AZ
  • Use Cases: Storing secondary backup copies of on-premises data, or storing data you can recreate
A

S3 One Zone - Infrequent Access (IA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Low latency & high throughput
  • Resilient against events that impact an entire AZ
  • Small monthly monitoring and auto tiering fee
  • Automatically moves objects between two access tiers based on changing access patterns
A

S3 Intelligent Tiering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  • Low cost object meant for archiving/backup
  • Data is retained for the long term (10s of years)
  • Each item in Glacier is called “Archive” (up to 40TB)
A

Amazon Glacier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Amazon Glacier has 3 retrieval options:

What are they?

A
  • Expedited (1 to 5 min)
  • Standard (3 to 5 hours)
  • Bulk (5 to 12 hours)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the minimum storage duration on Amazon Glacier?

A

90 days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the mínimum storage duration on Amazon Glacier Deep Archive?

A

180 days

20
Q

Amazon Glacier Deep Archive - for long term storage - cheaper

What are the retrieval options?

A

Standard (12 hours)

Bulk (48 hours)

21
Q

Moving objects can be automated using a what?

A

Lifecycle configuration

22
Q
  • Move objects to Standard IA class 60 days after creation
  • Move to Glacier for archiving after 6 months

What lifecycle rule is this?

A

Transition Actions

23
Q
  • Access log files can be set to delete after 365 days
  • Can be used to delete old versions of files (if versioning is enabled)
  • Can be used to delete incomplete multi-part uploads

What lifecycle rule is this?

A

Expiration Actions

24
Q

For infrequently accessed object, where should you move them?

A

Standard IA

25
Q

For archive objects you don’t need in real time, what should you use?

A

Glacier or Deep_Archive

26
Q

Helps to transition objects from Standard to Standard_IA

A

S3 Analytics

27
Q

Send file to an AWS edge location which will forward the data to the S3 bucket in the target region

A

S3 Transfer Acceleration

28
Q

Parallelize the GETs and speed up the download

A

S3 Byte Range Fetches

29
Q

Amazon S3 automatically scales to high request rates, latency 100-200 ms

Your application can achieve at least 3,500 PUT/COPY/POST/DELETE and
5,500 GET/HEAD requests per second per prefix in a bucket.

A

S3 Baseline Performance

30
Q

When you upload it, it calls the (blank) KMS API

A

GenerateDataKey

31
Q

When you download, it calls the (blank) KMS API

A

Decrypt

32
Q

Any time on the exam you see server side filtering, think what?

A

S3 Select & Glacier Select

33
Q
  • Retrieve less data using SQL by performing server side filtering
  • Can filter by rows & columns (simple SQL statements)
  • Less network transfer, less CPU cost client-side
A

S3 Select & Glacier Select

34
Q

What does S3 Event Notifications target?

A

SNS
SQS
Lambda Functions

35
Q

Use case: generate thumbnails of images uploaded to S3

A

S3 Event Notifications

36
Q
  • This person is financially responsible for the networking cost that comes from the dowload.
  • Helpful when you want to share large datasets w other accounts
  • (blank) must be authenticated in AWS (cannot be anonymous)
A

Requester Pays

37
Q

Serverless query service to perform analytics against S3 objects

A

Amazon Athena

38
Q

Use cases: Business intelligence, analytics, reporting, analyze & query VPC Flow Logs, ELB Logs, Cloud Trail etc..

A

Amazon Athena

39
Q

Exam Tip: Analyze data in S3 using serverless SQL

A

Amazon Athena

40
Q
  • Adopt a WORM model (write once read many)
  • Lock the policy for future edits (can no longer be changed)
  • Helpful for compliance and data retention
A

Glacier Vault Lock

41
Q
  • Adopt a WORM (Write Once Read Many) model

* Block an object version deletion for a specified amount of time

A

S3 Object Lock (versioning must be enabled)

42
Q

Users can’t overwrite or delete an object version or alter its lock settings unless they have special permissions

What mode is this?

A

Governance Mode

43
Q

A protected object version can’t be overwritten or deleted by any user, including the root user in your AWS account.

It’s retention mode can’t be changed, and its retention period can’t be shortened.

What mode is this?

A

Compliance mode

44
Q

What is an extra level of security to prevent accidental deletions?

A

MFA Delete

45
Q

How can you verify that some employees tried to access files that they dont have access to, without them knowing?

A

S3 Access Logs

46
Q

Allows you to replicate data from an S3 bucket to another in the same/different AWS Region

A

S3 Replication

47
Q

Temporary URLs that you generate to grant time-limited access to some actions in your S3 bucket.

A

S3 Pre-Signed URLs