AWS S3 Flashcards

1
Q

What are the storage classes available in AWS?

A

S3 standard

S3 standard IA

Zone IA

Intelligent tiering

Glacier

Glacier Deep Archive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What type of storage is S3?

A

Object storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the availability of S3?

A

4 x 9s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the durability of S3?

A

11 X 9s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How many availability zones is S3 data replicated to?

A

3 AZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the min size of data you can put in S3?

A

1 byte

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the max size of single file in S3?

A

5 TB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Is encryption at the object level or the bucket level?

A

Encryption is enabled and applied at the bucket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If one tenant has a bucket called ‘dog’ can you have a bucket called ‘dog’?

A

No buckets has to be unique with in a region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the two types of encryption available to S3?

A

Server side and Client side.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the encryption used on server side encryption for S3?

A

AES-256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Who holds the master key for S3 encryption?

A

AWS- in KMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Are all objects encrypted using the same master key? (are the keys changed over time)

A

No the keys are rotated each month.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The master keys is used in the process to encrypt a object, is this the only key?

A

No there is a per object key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is the per object key encrypted?

A

Yes it is encrypted by the master key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Is the object data encrypted at rest?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Where is the per object stored?

A

In a hidden S3 bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Is there other options available to encrypt a object?

A

Client side encryption using the SDK.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

If you put data in a single region is that data/objects replicated to other regions?

A

No data stays with in a region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Can you copy data and objects to other regions?

A

Yes we can with CRR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Would you make a html page available to people on the internet?

A

Use static web hosting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How can you delete a object after a week (period of time)

A

Use life cycle policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Can life cycle policies be applied to just one object with in a bucket?

A

Yes using the prefix parameter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How would you apply life cycle policies to a entire bucket?

A

Use the ‘Apply to Entire Bucket’ parameter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

If you do not need S3 data available on demand, how can you lower the cost of storage?

A

Use AWS Glacier.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

How can you move data into glacier storage?

A

Use life cycle policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

How can we ensure that when a object is updated or deleted that we can get the old data?

A

Use S3 versioning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Can versioning and life cycle policies be used at the same time?

A

No.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Can versioning be removed easily?

A

No.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is the minimum number of copies in availability zones of the S3 object are kept with in a region?

A

3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is WORM architecture?

A

Write one read many times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Is S3 a WORM architecture?

A

Yes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is eventual consistency?

A

When a object is update in S3 by many users across the availability zones, the object that is wrote last will be the one that all other copies become.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

When you write a object to S3 will all availability zones have a consistent copied of the object?

A

Yes new objects are synced across all availability zones before you get a ask back to say the write was OK.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Is there any region that dose not support read after write?

A

US-Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Do you get a sync write across all availability zones during a update?

A

No object is async wrote to the other availability zones with in the region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

When you delete a object are all objects dated before you get a ack to say the operations was successful?

A

No much like update the objects in the other availability zones are async deleted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is read after write?

A

Data is available to read in all availability zones after a ack is returned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Is data replicated across regions?

A

No data is not replicated across regions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What stops you data having bitrot (bitrot is where you data at rest get corrupt)?

A

AWS is checking objects on a regular basis to make sure there check sum is correct.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

When bitrot is detected what will AWS do about it?

A

AWS will restore the corrupt date using the redundant copies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Will all incoming object request be sent to the same availability zone?

A

No requests are load balanced across all availability zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What is S3 RRS?

A

Reduced redundancy storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

How durable is RRS storage?

A

4 x 9s.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What happens when a object is lost from RRS?

A

A ReduceRedundacyLostObject event is triggered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What is the max UTF-8 name size of a bucket?

A

1024 bytes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

S3 will partition based on key prefix, why is it important to not have the object name sequence?

A

Sequence naming of objects mean that the objects are clustered to gather and not spread out over the entire S3 cluster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Do you need to manage the server side encryption?

A

No it is automatically taken care by AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What are the 3 ways for access control on S3

A

Policies, ACL’s, IAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

How could you store some extra data like the object date, use name with the object?

A

Use metadata.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

How can you get visibility in to the incoming S3 requests for you objects?

A

Logs when turned on will save each request and response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

When are S3 logs kept?

A

You define a bucket for the logs?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Are S3 logs automatically deleted?

A

No you have to take care of this your self, you can set up a life cycle policy to delete the objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Why is glacier called write once read never?

A

This is because when you write it is take some time to retrieve that data when needed?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

With glacier how long dose it take to retrieve data to S3?

A

2 - 6hrs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What is the cost of glacier storage?

A

1c per GB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What is the cost of S3 storage?

A

8.5c per GB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What is the cost of RRS?

A

6.8c per GB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

If a object in S3 has a life cycle policy to delete the object after 30days and the object moves to glacier with will glacier do after the 30days?

A

Glacier will observe the S3 policy and delete the object after 30days.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

When a object is retrieved from glacier when is it put (a)S3 (b)RRS

A

(b) RRS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What AWS functionality is used to move S3 data from one storage class to anither

A

Life cycle policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Can I remove versioning from bucket once applied?

A

No but you can disable it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What is the max upload in s single put?

A

5GB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

I need to upload a single file that is 500GB in size, what is my best option for uploading the file?

A

Ensure you are using multipart upload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

When files are larger than 100MB what is the recommended option for upload?

A

Multi-part upload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

For PUT (new objects), can I read it and will it be consistent?

A

Yes, for S3 you have read after write consistency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

For HEAD and GET

A

Eventual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

For PUT and DELETES, what is the consistency model?

A

Eventual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Updates to a single key are?

A

Atomic, only one person can update the object at a time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Where is my object stored?

A

In a min of 3 AZ in a single region.

71
Q

Is encryption automatically enabled?

A

No

72
Q

I need to transition objects to Glacier from s3, do I have to manually copy?

A

No, you can set up a life cycle policy and have objects transitioned to Glacier. You get an option for previous or new objects.

73
Q

When I am uploading objects to s3, I would like to have the objects move direct to Glacier, do I have to set up a life cycle policy to move objects to Glacier?

A

No there is an option in the upload API to select the storage class.

74
Q

I need to log access to my S3 bucket, can I use CloudWatch for this?

A

A better option is to enable the server access logs by pointing as a bucket where the logs will be stored.

75
Q

I am storing data on S3 and I want it to be secure, what should I consider?

A
  • Security for transport in and out of S3: HTTPS - Encryption at REST: SSE - Access, who has access to the data: IAM
76
Q

I am using the API to send an object to S3, I want this object to be encrypted using SSE, what is the header I send?

A

x-amz-server-side-encryption

77
Q

What is the consistency model for S3?

A
  • PUTS for new objects are strong consistent (you can read after write)
  • PUT (Updates) and Deletes are eventually consistent.

-

78
Q

I have an object in S3 called Keith, I update it with a PUT and then call GET, am I guaranteed to get the object latest version?

A

No, updates on the existing object are eventually consistent.

79
Q

What are the access methods available to restrict or grant permissions on objects and buckets in s3?

A
  • IAM
  • ACL
  • Bucket and User policies

-

80
Q

In S3 I have to ensure objects are not deleted for 4 years due to regulatory requirements, how can I achieve this?

A

S3 has a lock on object feature then enable s you to lock the objects put in a bucket for a period of time.

81
Q

I provide files to my customers but I do not want to pay for the cost when my customer access the files. what is my best option for solving this?

A

Use requester pays feature of S3..

82
Q

When I have version control enabled on S3 bucket and I delete an object, what will happen?

A

The object will not be deleted but will assume a version ID

83
Q

I need to create a pre-shared key to enable users to upload data to S3, what do I need to be able to do to ensure the user I give the key to can upload the data?

A

Ensure I have upload permissions in the bucket

84
Q

There is a server on-prem that wants ot to connect to S3 using the most efficient way possible, minimizing latency and not using the internet,, the on-prem is using direct connect?

A

Create a public endpoint to connect to S3.

85
Q

When working with S3, can I use IAM policies to give web users access to the bucket?

A

No, IAM policies are used only in the context of IAM users and Roles. To give internet users access to a bucket or object in the bucket, you have to use a bucket policy, this will enable you to give access to Internet-based users.

86
Q

I want to ensure that only a certain IP can access a bucket, how can I do this?

A

Set up a bucket policy to allow access the bucket but with a condition of “IpAddress”

87
Q

I what to access an S3 bucket form another account, the account iD is 12345678, how cna I do this?

A

Create a bucket policy, in the bucket policy set the principal to the account name that needs to access the bucket.

“Principal” : “arn::aws:;iam::12345678:*”

88
Q

What is the difference between arn::aws::s3::keith-bucket and arn :: aws ::s3:: keith -bucket/*?

A

The first on refers to the bucket, the second one refers to the content of the bucket.

89
Q

When you create a bucket or an object, by default what ACL’s are granted?

A

The owner is granted full permissions.

90
Q

For S3 ACL’s what are the access domains?

A

Root user gets full permissions (list objects, write objects, read bucket permissions, write bucket permissions.

Access to other accounts

Public access

S3 log

91
Q

What is x-amz-acl?

A

it is the header when you upload an object to set the ACL to Private, public-0read, bucket-owner-read, bucket-owner-full-control

92
Q

Do ACL give you control over the object in a bucket?

A

Yes but only for predefined groups, accounts and public.

93
Q

What is a pre-signed URL?

A

A presigned URL can be used to give someone times limited access to download or upload a file to a bucket.

94
Q

I have a web application that enables users to download a ZIP file after they pay a fee, I wnat to ensure that only this user can download the file and for a time limited period like 24hrs, what option do I have?

A

I can have my application create a signed URL that the user can use to download a file, the signed URL is time limited for the required 24hrs.

95
Q

I have a requirement to provide a user with a secure upload for a file they have, what are by S3 options?

A

Create a signed URL, this way the user cna only upload the required file, the user will not have full access to the bucket or other files in the bucket. The signed URL expires after 24hrs.

96
Q

Can I use signed URLs with S3?

A

No a signed URL is a CloudFront function, S3 used signed URLs to secure and time limit the of upload and download of files

97
Q

Where can I use s3 storage?

A
  • Static content (S3 Standard)
  • Static website (S3 Standard)
  • The origin for CloudFront (S3 Standard)
  • Archive (Glacier)
  • Backup
  • Storage GW
98
Q

If I have a bucket called Keith and a directory called Cathy and an object in the Cathy directory what will the S3 key look like.

A

It will be s3://keith/Cathy/object name. The reason for this is S3 has a flat file structure, no directories just a key that is mead up by joining the object/prefix/buckenetname together.

99
Q

If I add ?torrent on the end of an amazones3 bucket URL, what am I doing?

A

I am requesting the file using torretc.

100
Q

Can I use ipv6 with s3?

A

Yes but not for torrent or for static website hosting.

101
Q

I wnat to use static web site hosting with IPv6 how cna I configure this with s3?

A

You cant as s3 static web site does not support IPv6

102
Q

What are S3 events?

A

They are a set of events theat occur in S3 thet can call external service like,

  • SNS
  • SQS

Lambda functions

103
Q

What sort of events can be generated by S3?

A
  • PUT
  • POST
  • COPY

Multi-part upload complete

All objects created

Object lost

Permanently deleted

All object delete events

Restore from glacier

104
Q

How can I calculate the cost of putting 10TB of object data in S3?

A

S3 is free to ingest data.

105
Q

Do I pay for data out to the internet for of s3?

A

Yes (approx 0.09 pm GB)

106
Q
A
107
Q

Do I pay for data out to the DirectCoonnet for s3?

A

Yes

108
Q

With S3 what do I pay for?

A
  • Storage GB per month, this depends on the tier of storage
  • Transfer of day out
  • Transfer of data between regions
  • Transfer of data over Direct connect or VPN
  • API calls like pouts/gets, etc.
109
Q

I have a requirement to replicate data from one bucket in us-east-1 to eu-west-1, what is my bets option?

A

You can use s3 replication to replicate the data.

110
Q

I have 20TB of CVS files and I need to query the data, the files are stored in s3, how can I query the data?

A

Atena

111
Q

I need to get a list of every object in by 20TB S3 bucket, what is my best option, call API or something else?

A

Use the S3 bucket inventory process, this will run and create an OCR Apache optimized row columnar set of files, you can use atena to query this data.

112
Q

How can I monitor the S3 as part of my global monitoring solution?

A

You cna use cloudwatch to monitor bucket metrics.

113
Q

What are the public access settings?

A

They enable you to stop people making the bucket public by accident.

114
Q

What is first-byte latency and how does it apply to s3 storage tiers?

A

S3 standard, IA, Zone IA, Intelligent tier first byte latency is millisecond. Glacier and Glacier Deep Archive is much larger latency to first byte.

115
Q

What is the durability of all the storage classes?

A

11x9%

116
Q

For all s3 storage classed how my zones are data stored in?

A

3, except for Zone IA thet is 1.

117
Q

What storage tier should you use for hot backup?

A

S3-IA.

118
Q

For Glacier deep archive, what is the minimum number of days an object must be kept for?

A

180-day minimum

119
Q

For Glacier deep archive, is the retreval time the same or shorter then Glacier?

A

It is longer

120
Q

How long will it take to get an object form Glacier Archive Storage?

A

Several hours

121
Q

For both Glacier and Glacier deep archive, what is the min storage charge?

A

40KB

122
Q

I am a hospital and I currently store 100TB of x-ray images on s3, I want to improve on my cost of storage, how can I do this? Xrays are looked at frequently for the first 90 days and then maybe once a year and after a year just if the patient comes back.

A

Set up a lifecycle policy to move to Standard IA after 90 days. Set up LCP to move to the glacier after a year.

123
Q

What is the minimum time I can store an object for in Standard IA

A

90dyas, deleting before this period and you are charged.

124
Q

What is the minimum storage charge for an object in Standard IA?

A

128KB

125
Q

What is the minimum storage charge for an object in Zone IA?

A

128KB

126
Q

What is the availability of Standard IA?

A

99.5%

127
Q

What is the availability of ZoneIA?

A

99%

128
Q

What is the availability of Standard ?

A

99.99%

129
Q

I am storing data that is reproducible for analysis, what storage class are bets to store it on for cost?

A

Zone IA, if the data fails or the zone is not available, you

can recreate the dat and process at another time, for this reason, Zone, IA is a good choice.

130
Q

For Glacier, how fast can I retrieve my storage and is there a cost?

A

You can retrieve storage form min to hrs and the cost is low to high.

131
Q

What is intilligent-tiering?

A

This is a tier of storage that will monitor your objects and if they are not used will move the objects to the Standard IA tier, if the object becomes used again, it will be moved back to Standard tier.

132
Q

I need to delete my objects after 60days, how can I do this?

A

Lifecycle policies.

133
Q

Is object versioning on the bucket or object level?

A

it is applied at the bucket level.

134
Q

When I have object versioning enabled and I upload a new object with the same key, what happens?

A

Both versions of the file will exist and each has a unique ID

135
Q

Where bucket version is enabled and I retrieve an object, what will happen?

A

You will get the most current version as you did not give a version ID.

136
Q

Where is have bucket versioning enabled, can I have two different versions of an object in different tiers of storage?

A

Yes.

137
Q

I have bucket version-enabled, I delete an object, what happens?

A

You get a delete marker.

138
Q

I have an object that is deleted and I wnat to retrieve it, how cna I do this?

A

You delete the delete marker and the bucket will reappear.

139
Q

I have a bucket with the object version-enabled, I wnat to get a previous version, how cna I do this?

A

Specify a version ID.

140
Q

When I delete an object in a bucket with versioning enables what will happen?

A

You get a delete marker and the object is still present, you can delete the delete marker to get the object back or you can request the object or any of its version by ID.

141
Q

Is it possible to delete a version of an object that is in a bucket with version control enabled?

A

Yes, just specify the version iD of the object.

142
Q

I wnat to set up cross-region replication, what do I need to do?

A

Enable version control.

143
Q

I have a requirement from my organization that legal document is retained for 3years after which they must be deleted, how can I do this?

A

This can be done by using objects locking and setting the period for 3years

144
Q

If object locking is enabled can you use regional replication?

A

No

145
Q

When you create a bucket who has access?

A

By default the resource owner (an account created) has access but no one else.

146
Q

What types of access control exists for s3?

A
  • You have IAM, this is where the bucket oners account is trusted by the bucket, with this you can use AWS IAM to gran users, roles or other accounts access t the bucket.
  • You also have bucket policies, this is where you can give users, accounts or even anonymous user access to the bucket, bucket policies can even use a condition like tags on buckets or the caller IP.
  • Access control lists (ACLs): can be used to grant users in another account. You cna also gran anonymous user access.
147
Q

When I generate a pre-signed URL and a user used the pre-signed URL to access the object, how ide is the pre-signed URL accessing the object under?

A

Under the ID of the user who created the pre-signed URL.

148
Q

If I do not have access to an s3 bucket and I generate a pre-signed URL, will the users of the pre-signed URL have access tot he objects?

A

No, the creator of the pre-signed URL must have access to the object as it is this user access key from STS that is been used to access the object.

149
Q

I have just enabled cross-region replication, I go to my another bucket in the other region and non of the objects are present, why?

A

Because cross-region replication is not retrospective.

150
Q

I have objects that are encrypted by client-side encryption, can I cross-region replication?

A

No, you can only use unencrypted objects or server-side encrypted objects.

151
Q

Can I use cross-region replication to another account?

A

Yes.

152
Q

We are storing our data on Amazon Simple Storage Service (S3). Our orgs security policy mandates that data is encrypted at rest. What options do I have?

A
  • Server-side encryption (AWS managed keys)
  • Server-side encryption (Client managed keys)
  • Client-side encryption
153
Q

Is it possible to have different encryptions keys for different versions of the same object?

A

Yes as each object is encrypted using different keys. The reason for this is each key is encrypted using the selected key and this can be different from object to object.

154
Q

When uploading an object to s3, how cna I get the s3 to encrypt using SSE?

A

You should send the encryption key and x-amz-server-side-encryption-customer-key-AES-256, x-amz-server-side-encryption in each API call.

155
Q

I have set up two buckets in us-east-1 and I wnat to replicate from one bucket to another, can I use cross-region replication?

A

No, the dest bucket has to be in a different region, it can be even in a different region in a sperate account.

156
Q

I am going to use cross-region replication between two buckets, I am using customer-managed keys, what is my configuration?

A

You cna use customer-managed keys, you can only use unencrypted dor AWSmanaged keys.

157
Q

When I create a cross-region replication, what is required by the s3 service for both the source and dest buckets?

A

S3 needs permissions and this is done in a role with two actions, one action allowing s3 access the source, one action allowing s3 access the dest.

158
Q

I need the ability to provide my global customer with access to static content in my s3 bucket in us-east-1, I am concerned about latency for a customer in Asia, should I replication using regional replication to another bucket for the asian customer or is there other options?

A

You could use s3 as an origin endpoint and use CloudFront to distribute your static files to global regions reducing the latency for your customers.

159
Q

I require backup for my on-prem files, these files are accessed once every 6mts as part of our disaster recovery, access to the data quickly is not needed, what s3 storage tier should I use?

A
  • Not s3 standard because it is the high price of the tiers and also is a hot tier.
  • Not s3 standard IA as this is hot storage, you could use it but you are paying a premium for it being hot.
  • No S3 Zone IA as it is hot also.
  • Glacier is a good option as it offers the ability to retrieve the data when needed and offers a lower price, as we are OK with retrieving data in hours Glacier is a good choice.
160
Q

I require backup for my on-prem files, these files are accessed once every 12mts as part of our disaster recovery, access to the data quickly needs to be in min, what s3 storage tier should I use?

A

Glacier as it offers the ability to retrieve data in the minutes and because it is only accessed once a year the cost of retrieval is less than a year of storage and retrieval cost of other storage tiers.

161
Q

I am backing up files and the software requires immediate access to the dat when needed, what s3 storage tier should I use?

A

zone in offers 11x9 but it is in a single zone (risk), Standard IA offers 11x9 and is lower prices then s3 standard.

162
Q

What are the options I have to encrypt object data in s3?

A

Server-side encryption with AWS keys

Server-side encryption with customer-provided keys

Customer encrypted data (where customer encrypts the data before it is sent to AWS S3)

163
Q

I wnat to use customer provided key and I am calling the API what do I need to pass in the API call?

A

You need to pass the x-amz-server-side-encryption-customer-key

164
Q

What is the difference between SSE-s3 (S3 managed keys) and SSE-KMS (KMS managed keys)?

A

With SSE-S3, keys are managed by S3, S3 encrypts the object with a key and stores it with the object.

With SSE-KMS, S3 asks KMS for a key and KMS return bot plane and encrypted keys under the CMK, the plane test key is used to encrypt the object and is then discarded, the encrypted keys are stored with her object.

165
Q

I wnat to ensure that only uploads to a bucket will be encrypted and use AES256, how cna I do this?

A

Bucket policy, you can create a policy with two statements, one for checking the header x-amz-server-side–encryption for AES256 and one for checking x-amz-server-side-encryption true.

166
Q

I have to upload 1TB of data to s3, I have a VPN and a DirectConect as a primary, I also am using endpoints in my VPC to connect with s3, how can I get the shortest time to upload the data when using the CLI?

A

use multipart upload as it enables parallel upload of sperate chunks of the data.

167
Q

I have a bucket in east-us-1 and I get uploads all the time from Asia, I want to improve the upload time, how cna I do this?

A

You can enable transfer acceleration on the bucket, this enables you to get new CloudFront endpoints that will be used to upload to and the CloudFront will send the data over the AWS network. TransferAccelerator dose does not require you to set up CloudFront, but you get to take advantage of it.

168
Q

I have a customer in Asia that is migrating its on-prem application to the us-east-1 region on AWS, we have a short window to transfer the 1TB of the file to s3 us-east-1, how cna I ensure the transfer happen as quickly as possible?

A

You cna use multi-part upload and transfer accelerator.

169
Q

I need a shared file system, how cna I set this up on s3?

A

You can, s3 is an object store, you could use EFS or FSx depending on the requirement for SMB(FSx) or NFS(EFS)

170
Q

I want to have s3 SSE encrypt my data when I make an API call, what is the header I need to set in the API call?

A

x-amz-server-sideencryption

171
Q

If I have a file in s3 and version is turned off, what will the version id be?

A

Null as the version id only starts when the versioning is turned on

172
Q

I have an s3 bucket with version disabled,

  • I upload file 1
  • I turn on version
  • I upload file 2 and 3
  • I upload file 2 again

What will be the state of the versions on the files?

A
  • File 1: null as it was created before a version was enabled
  • File 2: has two versions as it was uploaded and changed after a version was enabled
  • File 3: has one version as it was uploaded once after a version was turned on
173
Q
A