IAM & S3

Question 1

IAM

Answer 1

Identity Access Management. Allows you to manage users and their level of access to AWS console

Question 2

Policies

Answer 2

Gives permissions to what a user, group, or role is able to do

Question 3

IAM is Global or Region specific?

Answer 3

Global

Question 4

Most powerful policy

Answer 4

Administrator Access

Question 5

What account is created at first setup and has complete admin access?

Answer 5

Root Account

Question 6

What permissions do users have when first created?

Answer 6

none

Question 7

S3 acronym

Answer 7

Simple Storage Service

Question 8

S3 is _______ based

Answer 8

object

Question 9

T or F: S3 consists of key value pairs

Answer 9

T

Question 10

T or F: S3 has versioning

Answer 10

T

Question 11

Metadata

Answer 11

Data about the data you are storing

Question 12

T or F: You can store OS’s or DB’s on S3

Answer 12

F. It’s for files only

Question 13

Data consistency

Answer 13

Write new file, you can see it immediately. But if you update existing file or delete, it may take some time to propagate

Question 14

S3 is global or region specific?

Answer 14

Global

Question 15

6 S3 Storage Classes

Answer 15

1. S3 Standard 2. S3 IA (Infrequently Accessed) 3. S3 One Zone IA 4. S3 Intelligent Tiering 5. S3 Glacier 6. S3 Glacier Deep Archive

Question 16

S3 Standard

Answer 16

99.99% availability, 11 x 9’s for durability (you won’t lose your files)

Question 17

S3 IA

Answer 17

lower fee than S3 but you are charged retrieval fee

Question 18

S3 One Zone IA

Answer 18

just stored in one AZ. Lower cost option for IA

Question 19

S3 Intelligent Tiering

Answer 19

optimize costs by automatically moving data to most cost effective access tier

Question 20

S3 Glacier

Answer 20

data archiving. retrieval times configurable from minutes to hours

Question 21

S3 Glacier Deep Archive

Answer 21

lowest cost storage option. retrieval time 12 hours

Question 22

Cross Region Replication

Answer 22

Replicate your data files to S3 buckets across different regions

Question 23

T or F: S3 uses a shared name space

Answer 23

T

Question 24

Transfer Acceleration

Answer 24

use edge locations to move files across AWS backbone

Question 25

2 things you are charged for with S3

Answer 25

GB storage, data retrievals

Question 26

T or F: You can disable versioning on an S3 bucket

Answer 26

F. Once you enable it, you can’t disable it. Although you can suspend versioning for new objects

Question 27

LifeCycle

Answer 27

automates moving objects between different storage tiers

Question 28

S3 Object Lock

Answer 28

store objects using write once, read many (WORM) model

Question 29

WORM Model (Write once, read many)

Answer 29

helps you prevent object from being deleted or modified for fixed amount of time or indefinitely. Sometimes required through regulation.

Question 30

Governance Mode

Answer 30

users can’t overwrite or delete an object version or alter its lock settings unless they have special permissions

Question 31

Compliance Mode

Answer 31

protect object version can’t be overwritten or deleted by ANY user (even root user)

Question 32

Legal Hold

Answer 32

will just stay in effect until you remove it

Question 33

Glacier Vault Lock

Answer 33

deploy and enforce compliance controls for individual S3 Glacier vaults. Once locked, policy can no longer be changed

Question 34

Prefixes

Answer 34

folders and subfolders within S3 buckets. You get better performance if you spread read requests across prefixes.

Question 35

Multipart Uploads

Answer 35

splits big files into parts. Recommended for files over 100MBs and required for files over 5GBs

Question 36

Byte Range Fetches

Answer 36

Split big files into parts for downloads from S3

Question 37

S3 Select (Glacier Select)

Answer 37

enables apps to retrieve only subset of data from an object using simple SQL expressions. Improves performance. Faster and cheaper

Question 38

AWS Organizations

Answer 38

account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. Consolidate bills across your departments

Question 39

3 Ways to share s3 buckets across accounts

Answer 39

1. bucket policies & IAM - applies across entire bucket 2. bucket ACL’s & IAM - individual objects 3. Cross account IAM roles - programmatic and console access

Question 40

T or F: versioning is required on both source and destination buckets for cross region replication to work

Answer 40

T

Question 41

T o F: If an object that is public in one region is cross replicated to a new region, it is automatically public in the new region

Answer 41

F

Question 42

AWS Data Sync

Answer 42

sync data from on prem data center to AWS region

Question 43

Content Delivery Network (CDN) - For amazon this is CloudFront

Answer 43

deliver web content to a user based on geographic locations of the user, origin of the web content, and a content delivery server. Without CDN, your website may have latency issues

Question 44

Edge location (CloudFront)

Answer 44

location where content is cached in a CDN

Question 45

Origin (CloudFront)

Answer 45

Origin of all files that the CDN will distribute. Can be S3, EC2, ELB, etc

Question 46

distribution (CloudFront)

Answer 46

name given to CDN which consists of collection of edge locations

Question 47

TTL (Time to Live)

Answer 47

Amount of time an object will be cached at an edge location. This is configurable.

Question 48

CloudFront SignedURL

Answer 48

restrict access for individual files

Question 49

CloudFront Signed Cookies

Answer 49

restrict access for multiple files (like entire website). Ex. Netflix

Question 50

Snowball

Answer 50

data transport solution in or out of AWS. This is a big container transported by a semi truck. Once data transfer job verified, AWS performs software erasure of snowball appliance

Question 51

Storage Gateway

Answer 51

connects on prem software appliance to cloud based storage. Replicates data to AWS.

Question 52

T or F: Storage Gateways can be either a physical or virtual machine

Answer 52

T

Question 53

3 Types of Storage Gateways

Answer 53

1. File Gateway 2. Volume Gateway - either stored volumes or cached volumes 3. Tape Gateway

Question 54

File Gateway

Answer 54

files stored as objects in S3 buckets, acces through Network File System (NFS)

Question 55

Volume Gateway

Answer 55

presents your apps with disk volumes using iSCSI block protocol. Stores virtual hard disk drives in S3. Can be stored or cached volumes

Question 56

Stored Volumes

Answer 56

store primary data locally, while also backing up that data to AWS

Question 57

Cached Volumes

Answer 57

let you use S3 as primary data storage while retaining frequently accessed data locally in your storage gateway

Question 58

Tape Gateway

Answer 58

durable, cost effective solution to archive data in AWS cloud

Question 59

Athena

Answer 59

interactive query service using standard SQL for S3. Serverless.

Question 60

Macie

Answer 60

Security service using ML and NLP to discover, classify and protect sensitive data stored in S3. Good for PCI and preventing ID theft

Question 61

How many S3 buckets can you have per account?

Answer 61

100