IAM & S3

Question 1

What are the components that makeup IAM?

Answer 1

Users

Groups

Policies

Roles

Question 2

What is a group in IAM?

Answer 2

A collection of users. Each user inherits the permission of the group

Question 3

What is a policy in IAM?

Answer 3

Policies are made up of documents called policy documents and are formatted in JSON. They give permissions to what a user, group ,role can do

Question 4

What is a role in IAM?

Answer 4

You can create roles and assign to AWS resources

Question 5

What is a role used for?

Answer 5

Allow an AWS resource access to another resource or service

Question 6

What permissions do users have when first created?

Answer 6

None

Question 7

What are new users assigned when created?

Answer 7

Access Key ID

Secret access Keys

Question 8

Can you use access key and secret access keys to login to the AWS console?

Answer 8

No, they are used with APIs to provide programmatic access

Question 9

How many time can you view the access key ID and secret access keys

Answer 9

Once when created

Question 10

How can you better secure IAM

Answer 10

Use MFA for root create and customize password rotation policy

Question 11

Is S3 object-based or block-based?

Answer 11

Object

Question 12

What are the size ranges for S3?

Answer 12

0-5TB

Question 13

Can you have two buckets with the same name?

Answer 13

No

Question 14

What is the S3 URL format?

Answer 14

region.amazonaws.com/bucket name

Question 15

Is S3 suitable for an OS or DB?

Answer 15

No

Question 16

What is the status code for a successful put?

Answer 16

HTTP 200

Question 17

How can you protect against accidental deletion?

Answer 17

MFA delete

Question 18

What are the S3 fundamentals

Answer 18

Key Value

Version

Metadata

Subresources -

ACL

Torrents

Question 19

Describe the S3 consistency model

Answer 19

Read after writer for puts of new and eventual consistency for overwrite PUTS and DELETES

Question 20

What are the S3 tiers

Answer 20

S3 standard

S3 -IA

S3 - One Zone - IA

S3 - Intelligent Tiering

S3 Glacier

S3 - Deep Archive

Question 21

What can you use to better control access to buckets?

Answer 21

ACL or bucket policies

Question 22

True or false - Buckets are public when created?

Answer 22

False - They are private

Question 23

You need to track access to the bucket and all files for security purposes. How can you do that?

Answer 23

Enable access logging.

Question 24

What encryption options are available with data in transit?

Answer 24

SSL/TLS

Question 25

What encryption options are available with data at rest?

Answer 25

S3 - Managed keys - SSE-S3

AWS Key mgmt Service, managed keys - SSE-KMS

Server side Encryption with customer provided keys - SSE-C

Client side

Question 26

How does versioning store objects?

Answer 26

Stores all versions, including writes even if you delete

Question 27

Can S3 versioning be disabled?

Answer 27

No, it can only be suspended

Question 28

What feature of S3 can help automate object movement between storage tiers?

Answer 28

Lifecycle management

Question 29

What is required to enable cross-region replication?

Answer 29

Versioning on source and destination, regions must be unique

Question 30

Will existing files be replicated when cross-region replication is turned on?

Answer 30

No. All new files will be

Question 31

What is not replicated with CRR?

Answer 31

existing files put before replication was turned on and delete markers, deleted individual versions or delete markers

Question 32

What does CloudFront use to cache content to provide fast delivery?

Answer 32

Edge location

Question 33

What are the components of CloudFront?

Answer 33

Origin, Edge location, distribution

Question 34

What are the types of Origins?

Answer 34

S3 bucket,

EC2,

ELB,

R53

Question 35

What is a CF distribution?

Answer 35

Name of CDN which is made up of Edge locations

Question 36

What are the types of distributions?

Answer 36

Web - for websites RTMP - media streaming

Question 37

Are edge location RO?

Answer 37

No

Question 38

How are objects cached?

Answer 38

TTL value

Question 39

Is there a cost to invalidate a cached object?

Answer 39

Yes

Question 40

What is snowball used for?

Answer 40

To mass load import data to S3 or export

Question 41

What are the types of storage GW’s?

Answer 41

File GW

Volume GW - Stored volumes

Cached GW VTL

Question 42

What is AWS Storage Gateway?

Answer 42

It is a virtual appliance that can be used to cache S3 locally at a customer’s site.

Question 43

When should you use multi-part upload?

Answer 43

If you’re uploading large objects over a stable high-bandwidth network, use multipart uploading to maximize the use of your available bandwidth by uploading object parts in parallel for multi-threaded performance. If you’re uploading over a spotty network, use multipart uploading to increase resiliency to network errors by avoiding upload restarts. When using multipart uploading, you need to retry uploading only parts that are interrupted during the upload. You don’t need to restart uploading your object from the beginning.

Question 44

What is the maximum and minimum object sizes when using multipart upload?

Answer 44

5 MB to 5 TB

Question 45

When should you use pre-signed URLs?

Answer 45

The pre-signed URLs are useful if you want your user/customer to be able to upload a specific object to your bucket, but you don’t require them to have AWS security credentials or permissions.

Question 46

What is file gateway?

Answer 46

File Gateway is a configuration of the AWS Storage Gateway service that provides your applications a file interface to seamlessly store files as objects in Amazon S3, and access them using industry standard file protocols.