Identity and Access Management & S3 Flashcards

Question 1

Q

You are a solutions architect who works with a large digital media company. The company has decided that they want to operate within the Japanese region and they need a bucket called “testbucket” set up immediately to test their web application on. You log in to the AWS console and try to create this bucket in the Japanese region however you are told that the bucket name is already taken. What should you do to resolve this?

Answer

A

Bucket names are global, not regional. This is a popular bucket name and is already taken. You should choose another bucket name.

Question 2

Q

What is the minimum file size that I can store on S3?

Question 3

Q

S3 has eventual consistency for which HTTP Methods?

Answer

A

overwrite PUTS and DELETES

Question 4

Q

How many S3 buckets can I have per account by default?

Question 5

Q

What does S3 stand for?

Answer

A

Simple Storage Service

Question 6

Q

Which of the following options allows users to have secure access to private files located in S3?

CloudFront Origin Access Identity
Public S3 buckets
CloudFront Signed URLs
CloudFront Signed Cookies

Answer

A

CloudFront Origin Access Identity
CloudFront Signed URLs
CloudFront Signed Cookies

Why is this correct?
There are three options in the question which can be used to secure access to files stored in S3 and therefore can be considered correct. Signed URLs and Signed Cookies are different ways to ensure that users attempting access to files in an S3 bucket can be authorised. One method generates URLs and the other generates special cookies but they both require the creation of an application and policy to generate and control these items. An Origin Access Identity on the other hand, is a virtual user identity that is used to give the CloudFront distribution permission to fetch a private object from an S3 bucket. Public S3 buckets should never be used unless you are using the bucket to host a public website and therefore this is an incorrect option.

There are three options in the question which can be used to secure access to files stored in S3 and therefore can be considered correct. Signed URLs and Signed Cookies are different ways to ensure that users attempting access to files in an S3 bucket can be authorised. One method generates URLs and the other generates special cookies but they both require the creation of an application and policy to generate and control these items. An Origin Access Identity on the other hand, is a virtual user identity that is used to give the CloudFront distribution permission to fetch a private object from an S3 bucket. Public S3 buckets should never be used unless you are using the bucket to host a public website and therefore this is an incorrect option.

Question 7

Q

One of your users is trying to upload a 7.5GB file to S3. However, they keep getting the following error message: “Your proposed upload exceeds the maximum allowed object size.”. What solution to this problem does AWS recommend?

Answer

A

Design your application to use the Multipart Upload API for all objects.

Question 8

Q

AWS S3 has four different URLs styles that it can be used to access content in S3. The Virtual Hosted Style URL, the Path-Style Access URL, the Static web site URL, and the Legacy Global Endpoint URL. Which of these represents a correct formatting of the Virtual Hosted Style URL style

https: //s3.us-west-2.amazonaws.com/my-bucket/slowpuppy.tar
https: //my-bucket.s3.us-west-2.amazonaws.com/fastpuppy.csv
https: //my-bucket.amazonaws.com/lazycat.docx
http: //my-bucket.s3-website.us-east-2.amazonaws.com/index.htm
http: //my-bucket.s3-website-ap-southeast-2.amazonaws.com/index.php
https: //www.my-registered-domain-guru/index.html

Answer

A

https://my-bucket.s3.us-west-2.amazonaws.com/fastpuppy.csv

Virtual style puts your bucket name 1st, s3 2nd, and the region 3rd. Path style puts s3 1st and your bucket as a sub domain. Legacy Global endpoint has no region. S3 static hosting can be your own domain or your bucket name 1st, s3-website 2nd, followed by the region. AWS are in the process of phasing out Path style, and support for Legacy Global Endpoint format is limited and discouraged. However it is still useful to be able to recognize them should they show up in logs.

Question 9

Q

What is the availability of S3-OneZone-IA?

Answer

A

99.50%

OneZone-IA is only stored in one Zone. While it has the same Durability, it may be less Available than normal S3 or S3-IA.

Question 10

Q

You work for a busy digital marketing company who currently store their data on-premise. They are looking to migrate to AWS S3 and to store their data in buckets. Each bucket will be named after their individual customers, followed by a random series of letters and numbers. Once written to S3 the data is rarely changed, as it has already been sent to the end customer for them to use as they see fit. However, on some occasions, customers may need certain files updated quickly, and this may be for work that has been done months or even years ago. You would need to be able to access this data immediately to make changes in that case, but you must also keep your storage costs extremely low. The data is not easily reproducible if lost. Which S3 storage class should you choose to minimize costs and to maximize retrieval times?

Answer

A

S3 - IA

The need for immediate access is an important requirement along with cost. Glacier has a long recovery time at a low cost or a shorter recovery time at a high cost, and 1Zone-IA has a lower Availability level which means that it may not be available when needed.

Question 11

Q

S3 has what consistency model for PUTS of new objects

Answer

A

Read After Write Consistency

Question 12

Q

You have been asked to set up a recovery process that generates the lowest possible cost for retrieving information from Glacier. There is petabytes of information that need to be retrieved if this process is to be enacted. Which retrieval option would allow you to achieve this?

Answer

A

Bulk

Cost of retrieval of information from Glacier can go up dependent on how quickly you require the data and how much data is to be retrieved. Expedited retrievals allow you to quickly access your data stored in the S3 Glacier storage class when occasional urgent requests for a subset of archives are required, but at the highest cost. Standard retrievals allow you to access any of your archived objects within several hours, this is faster than bulk (averaging around 12 hours) but more expensive. Bulk retrievals are the lowest-cost retrieval option in Amazon S3 Glacier, enabling you to retrieve large amounts, even petabytes, of data inexpensively.

Question 13

Q

What is the availability of objects stored in S3?

Question 14

Q

You run a meme creation website where users can create memes and then download them for use on their own sites. The original images are stored in S3 and each meme’s metadata in DynamoDB. You need to decide upon a low-cost storage option for the memes, themselves. If a meme object is unavailable or lost, a Lambda function will automatically recreate it using the original file from S3 and the metadata from DynamoDB. Which storage solution should you use to store the non-critical, easily reproducible memes in the most cost-effective way?

Answer

A

S3 - 1Zone-IA

Question 15

Q

You run a popular photo-sharing website that depends on S3 to store content. Paid advertising is your primary source of revenue. However, you have discovered that other websites are linking directly to the images in your buckets, not to the HTML pages that serve the content. This means that people are not seeing the paid advertising, and you are paying AWS unnecessarily to serve content directly from S3. How might you resolve this issue?

Answer

A

Remove the ability for images to be served publicly to the site and then use signed URLs with expiry dates.

Question 16

Q

You work for a major news network in Europe. They have just released a new mobile app that allows users to post their photos of newsworthy events in real-time, which are then reviewed by your editors before being copied to your website and made public. Your organization expects this app to grow very quickly, essentially doubling its user base each month. The app uses S3 to store the images, and you are expecting sudden and sizable increases in traffic to S3 when a major news event takes place (as users will be uploading large amounts of content.) You need to keep your storage costs to a minimum, and it does not matter if some objects are lost. With these factors in mind, which storage media should you use to keep costs as low as possible?

Answer

A

S3 - One Zone-Infrequent Access

The key driver here is cost, so an awareness of cost is necessary to answer this. Full S3 is quite expensive at around $0.023 per GB for the lowest band. S3 standard IA is $0.0125 per GB, S3 One-Zone-IA is $0.01 per GB, and Legacy S3-RRS is around $0.024 per GB for the lowest band. Of the offered solutions SS3 One-Zone-IA is the cheapest suitable option. Glacier cannot be considered as it is not intended for direct access, however it comes in at around $0.004 per GB. Of course you spotted that RRS is being deprecated, and there is no such thing as S3 - Provisioned IOPS. In this case OneZone IA should be fine as users will ‘post’ material but only the organization will access it and only to find relevant material. The question states that there is no concern if some material is lost.

Question 17

Q

What is Amazon Glacier?

Answer

A

An AWS service designed for long term data archival.

Question 18

Q

You have been asked to advise on a scaling concern. The client has an elegant solution that works well. As the information base grows they use CloudFormation to spin up another stack made up of an S3 bucket and supporting compute instances. The trigger for creating a new stack is when the PUT rate approaches 100 PUTs per second. The problem is that as the business grows that number of buckets is growing into the hundreds and will soon be in the thousands. You have been asked what can be done to reduce the number of buckets without changing the basic architecture.

Answer

A

Change the trigger level to around 3000 as S3 can now accommodate much higher PUT and GET levels.

Until 2018 there was a hard limit on S3 puts of 100 PUTs per second. To achieve this care needed to be taken with the structure of the name Key to ensure parallel processing. As of July 2018 the limit was raised to 3500 and the need for the Key design was basically eliminated. Disk IOPS is not the issue with the problem. The account limit is not the issue with the problem.

Question 19

Q

You work for a health insurance company that amasses a large number of patients’ health records. Each record will be used once when assessing a customer, and will then need to be securely stored for a period of 7 years. In some rare cases, you may need to retrieve this data within 24 hours of a claim being lodged. Given these requirements, which type of AWS storage would deliver the least expensive solution?

Answer

A

Glacier

The recovery rate is a key decider. The record shortage must be; safe, durable, low cost, and the recovery can be slow. All features of Glacier.

Question 20

Q

Which of the following is not a feature of IAM?

IAM allows you to set up biometric authentication, so that no passwords are required.
IAM offers fine-grained access control to AWS resources.
IAM offers centralized control of your AWS account.
IAM integrates with existing active directory account allowing single sign-on.

Answer

A

IAM allows you to set up biometric authentication, so that no passwords are required.

Question 21

Q

In what language are policy documents written?

Question 22

Q

An application you are working on has a new app. The development team for this app requires access to a bucket that is located within your team’s aws account. The other team requires programmatic and console level access to your team’s bucket. How would you share this bucket with this other team’s account?

Answer

A

Setting up a cross account IAM Role

Setting up a cross account IAM role is currently the only method that will allow IAM users to access cross account S3 buckets both programmatically and via the AWS console.

Question 23

Q

You have a client who is considering a move to AWS. In establishing a new account, what is the first thing the company should do?

Answer

A

Set up an account using their company email address.

Question 24

Q

You are a developer at a fast-growing startup. Until now, you have used the root account to log in to the AWS console. However, as you have taken on more staff, you will need to stop sharing the root account to prevent accidental damage to your AWS infrastructure. What should you do so that everyone can access the AWS resources they need to do their jobs?

Create a customized sign-in link such as “yourcompany.signin.aws.amazon.com/console” for your new users to use to sign in with.
Give your users the root account credentials so that they can also sign in.
Create an additional AWS root account for each new user.
Create individual user accounts with minimum necessary rights and tell the staff to log in to the console using the credentials provided.

Answer

A

Create a customized sign-in link such as “yourcompany.signin.aws.amazon.com/console” for your new users to use to sign in with.
Create individual user accounts with minimum necessary rights and tell the staff to log in to the console using the credentials provided.

Question 25

Q

Which statement best describes IAM?

IAM allows you to manage permissions for AWS resources only.
IAM allows you to manage users’ passwords only. AWS staff must create new users for your organization. This is done by raising a ticket.
IAM allows you to manage users, groups, roles, and their corresponding level of access to the AWS Platform.
IAM stands for Improvised Application Management, and it allows you to deploy and manage applications in the AWS Cloud.

Answer

A

AM allows you to manage users, groups, roles, and their corresponding level of access to the AWS Platform.

Question 26

Q

Power User Access allows ____.

Answer

A

Access to all AWS services except the management of groups and users within IAM.

Question 27

Q

Every user you create in the IAM systems starts with ____.

Answer

A

No Permissions

Question 28

Q

You are a security administrator working for a hotel chain. You have a new member of staff who has started as a systems administrator, and she will need full access to the AWS console. You have created the user account and generated the access key id and the secret access key. You have moved this user into the group where the other administrators are, and you have provided the new user with their secret access key and their access key id. However, when she tries to log in to the AWS console, she cannot. Why might that be?

Answer

A

You cannot log in to the AWS console using the Access Key ID / Secret Access Key pair. Instead, you must generate a password for the user, and supply the user with this password and your organization’s unique AWS console login URL.

Question 29

Q

What is an additional way to secure the AWS accounts of both the root account and new users alike?

Answer

A

Implement Multi-Factor Authentication for all accounts.

Question 30

Q

A __ is a document that provides a formal statement of one or more permissions.

Question 31

Q

Which of the following is not a component of IAM?

Roles
Users
Organizational Units
Groups

Answer

A

Organizational Units

Question 32

Q

What is the default level of access a newly created IAM User is granted?

Answer

A

No access to any AWS services.

Question 33

Q

When you create a new user, that user ____.

Will be able to interact with AWS using their access key ID and secret access key using the API, CLI, or the AWS SDKs assuming programmatic access was enabled.
Will be able to log in to the console only after multi-factor authentication is enabled on their account.
Will only be able to log in to the console in the region in which that user was created.
Will be able to log in to the console anywhere in the world, using their access key ID and secret access key.

Answer

A

Will be able to interact with AWS using their access key ID and secret access key using the API, CLI, or the AWS SDKs assuming programmatic access was enabled.

Question 34

Q

A new employee has just started work, and it is your job to give her administrator access to the AWS console. You have given her a user name, an access key ID, a secret access key, and you have generated a password for her. She is now able to log in to the AWS console, but she is unable to interact with any AWS services. What should you do next?

Answer

A

Grant her Administrator access by adding her to an Administrators’ group.

Question 35

Q

You have created a new AWS account for your company, and you have also configured multi-factor authentication on the root account. You are about to create your new users. What strategy should you consider in order to ensure that there is good security on this account.

Answer

A

Enact a strong password policy: user passwords must be changed every 45 days, with each password containing a combination of capital letters, lower case letters, numbers, and special symbols.

Question 36

Q

What level of access does the “root” account have?

Answer

A

Administrator Access

Question 37

Q

You are a solutions architect working for a large engineering company that are moving from a legacy infrastructure to AWS. You have configured the company’s first AWS account and you have set up IAM. Your company is based in Andorra, but there will be a small subsidiary operating out of South Korea, so that office will need its own AWS environment. Which of the following statements is true?

You will then need to configure Users and Policy Documents for each region, respectively.
You will need to configure your policy documents regionally, however your users are global.
You will need to configure your users regionally, however your policy documents are global.
You will need to configure Users and Policy Documents only once, as these are applied globally.

Answer

A

You will need to configure Users and Policy Documents only once, as these are applied globally.

Question 38

Q

In terms of IAM, what are Users?

Answer

A

End users such as people, employees of an organization, etc

Question 39

Q

In terms of IAM, what are Groups?

Answer

A

A collection of users. Each user in the group will inherit the permissions of the group.

Question 40

Q

In terms of IAM, what are Policies?

Answer

A

Polices are made up of documents, called Policy documents. These documents are in a format called JSON and they give permissions as to what a User/Group/Role is able to do.

Question 41

Q

In terms of IAM, what does an Object consist of?

Answer

A

Consists of kay&value, version ID, metadata, and various sub-resources such as access control lists and torrents.

Question 42

Q

Define IAM

Answer

A

Identity and Access Management is a global AWS service allows you to manage user and their level of access to the AWS Console.

Centralized control of your AWS account
Shared Access to your AWS account
Granular Permissions
Identity Federation
Multi-factor Authentication
Provide temporary access for users/devices and services where necessary
allows you to set up your own password rotation policy
integrates with many different AWS services
Supports PCI DSS Compliance (CC transactions)

Question 43

Q

S3 Standard Storage Features

Answer

A

99.9(11x9) durability, stored redundantly across multiple devices in multiple facility, and is designed to sustain the loss of 2 facilities concurrently.

Question 44

Q

S3 IA Storage is best used for:

Answer

A

Infrequently accessed - for data that is accessed less frequently, but requires rapid access when needed. lower fee than S3, but you are charged a retrieval fee.

Question 45

Q

S3 One Zone - IA Storage is best used for:

Answer

A

For where you want a lower-cost option for infrequently accessed data, but do not require the multiple availability zone data resilience.

Question 46

Q

S3 Intelligent Tiering is designed to:

Answer

A

Designed to optimize costs by automatically moving data to the most cost effective access tier, without performance impact of operational overhead

Question 47

Q

S3 Glacier Storage Features

Answer

A

secure, durable, and low-cost storage for data archiving. You can reliably store any amount of data at costs that are competitive with or cheaper than on-premises solutions. Retrieval times configurable from minutes to hours.

Question 48

Q

S3 Glacier Deep Archive is:

Answer

A

lowest cost storage class where a retrieval time of 12 hours is acceptable.

Question 49

Q

Using S3, you can get billed for the following:

6

Answer

A

storage
requests
storage management tier
data transfer pricing
transfer acceleration
cross region replication pricing

Question 50

Q

What does Cross Region Replication do?

Answer

A

automatically replicates objects to your other buckets for high availability and disaster recovery.

Question 51

Q

What is MFA Delete?

Answer

A

If selected, will require MFA to delete objects from buckets

Question 52

Q

Define S3

Answer

A

Simple Storage Service provides developers and IT teams with secure, durable, highly-scalable object storage.

Question 53

Q

S3 has __________ consistency for PUTS of new Objects

Answer

A

Read after write consistency for PUTS of new Objects(Read file immediately after writing it top S3)

Question 54

Q

S3 is a _________ namespace, meaning bucket names must be unique __________.

Answer

A

It’s a universal namespace, meaning bucket names must be unique globally.

Question 55

Q

S3 has ________ consistency for overwrite PUTS and DELETES.

Answer

A

Eventual Consistency for overwrite PUTS and DELETES(If you update a file it takes a second to propagate the changes)

Question 56

Q

What is the size range a file can be stored in S3?

Answer

A

Files can be 0 bytes to 5 TB

Question 57

Q

What does the HTTP 200 represent?

Answer

A

Successful S3 upload status code

Question 58

Q

List the six different S3 storage types from most expensive to cheapest.

Answer

A

standard
IA
intelligent tiering
one zone - IA
glacier
glacier deep archive

Question 59

Q

S3 buckets are public by default T/F

Question 60

Q

S3 buckets are private by default T/F

Question 61

Q

What’s the difference between bucket policies and ACLs?

Answer

A

bucket policy = bucket level

ACL can go down to the object level

Question 62

Q

Encryption in transit is achieved by using which following cryptographic protocols?

Answer

A

achieved by SSL/TLS

secure socket layer
Transport Layer Security

Question 63

Q

What are the 3 types of encryption at rest available on AWS?

Answer

A

(server side)S3 managed keys - SSE-S3
AWS key management service, managed keys - SSE-KMS

(Server side) encryption with customer provided keys - SSE-C
Client side encryption – customer encrypts data before uploading it to AWS via asymmetric encryption

Question 64

Q

What is Versioning

Answer

A

Stores all version of an object, once enabled, cannot be disabled, only suspended.
Integrates with Lifecycle rules
Versioning has MFA DELETE capability

Answer 58

A

Automates moving your objects between different storage tiers
can be used in conjunction with versioning
can be applied to current versions and previous versions

Answer 59

A

store objects using a write once, read many (WORM) model. It can help you prevent objects from being deleted or modified for a fixed amount of time or indefinitely.

You can use it to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion.

Answer 60

A

Governance Mode - users can’t overwrite or delete an object version or alter its lock settings unless they have special permissions. With Govt mode, you protect objects against being deleted by most users, but you can still grant some users permission to alter retention settings or delete the object if necessary.

Compliance Mode - protected object version cant be overwritten or deleted by any user, including the root user in your AWS account. When an object is locked in compliance mode, its retention mode can’t be changed and its retention period can’t be shortened. Compliance mode ensures an object version cant be overwritten or deleted for the duration of the retention period.

Answer 61

A

protects an object for a fixed amount of time. When you place a retention period on an object version, Amazon S3 stores a timestamp in the object version’s metadata to indicate when the retention period expires. After the retention period expires, the object version can be overwritten or deleted unless you also placed a legal hold on the object version.

Answer 62

A

S3 object lock enables you to place a legal hold on an object version. Like a retention period, a legal hold prevents an object version from being overwritten or deleted. However, a legal hold doesn’t have an associated retention period and remains in effect until removed. Legal holds can. be freely placed and removed by any user who has the s3:PutObjectLegalHold permission

Answer 63

A

deploy and enforce compliance controls for individual S3 Glacier vaults with a Vault Lock policy. You can specify controls, suck as WORM, in a Vault Lock policy and lock the policy from future edits. Once locked, the policy can no longer be changed.

Answer 64

A

-Spread out reads across different prefixes.
-Use multipart uploads for files of 100MB. required for files of 5 GB
-Upload in parallel
-Parallelize your download by specifying byte ranges
if there is a failure in the download its only for a specific byte range.

Answer 65

A

S3 Byte-Range Fetches

Answer 66

A

S3 Byte-Range Fetches

Answer 67

A

trail between bucket name and file name. You can achieve a hight number of requests : 3,500 PUT/COPY/POST/DELETE and 5,500 GET/Head requests per second per prefix

Answer 68

A

when using SSE-KMS you must observe the KMS limits.
5,500, 10,000, or 30,000 requests per second
when you upload a file, you will call “GenerateDataKey” in the KMS API

when you download, you will call “Decrypt” in the KMS API.

uploading/downloading counts towards the KMS quota. limits are region specific. cannot request increase of limit.

use byte-range fetches for downloads

Answer 69

A

Glacier Select allows you to run SQL queries against Glacier directly.

Answer 70

A

enables apps to retrieve only a subset of data from an object by using simple SQL expressions. By using s3 Select to retrieve only the data needed by your application, (in rows or columns) you can achieve drastic performance increases – in many cases, you can get as much as a 400% improvement.

Let’s assume all your data is stored in S3 in zip files that contain CSV files. Without S3 Select, you would need to download, decompress, and process the entice CSV to get the data you need.

Answer 71

A

always enable MFA on root account
always use strong and complex password on root account
paying account should be used for billing purposes only. do not deploy resources into the paying account
enable/disable AWS services using Service Control policies (SCP) either on OU or on individual accounts.

Answer 72

A

using bucket polices & IAM (applies to entire bucket)

using bucket ACLs & IAM (individual objects) programatic access only

cross account IAM Roles. Programmatic AND console access

Answer 73

A

fast easy and secure transfers of files over long distances between your end users and an S3 bucket. Takes advantage of edge locations to route data to S3 over an optimized network path.

Instead of uploading directly to your S3 bucket, you can use a distinct URL to upload directly to an edge location which will then transfer that file to S3

Answer 74

A

used to move large amounts of data from on-premises to AWS
used with NFS- and SMB-compatible file systems
replication can be done hourly, daily, or weekly
install the DataSync agent to start the replication
can be used to replicated EFS to EFS

Answer 75

A

endpoints for AWS that are used for caching content. Typically this consists of CloudFront. This is separate to an AWS Region/AZ.

Answer 76

A

the origin of all the files that the CDN will distribute. This can be either an S3 Bucket, an EC2 instance, an elastic load balancer, or route 53.

Answer 77

A

name given to CDN which consists of a collection of Edge Locations

web distro - typically used for websites
RTMP - used for media streaming

Answer 78

A

No - you can write to them as well

Answer 79

A

TTL (Time to Live)

Answer 80

A

Yes, but it’s gonna cost ya.

Answer 81

A

origin access identity

use To restrict access to content that you serve from Amazon S3 buckets, follow these steps:

Create a special CloudFront user called an origin access identity (OAI) and associate it with your distribution.

Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there.

After you take these steps, users can only access your files through CloudFront, not directly from the S3 bucket.

Answer 82

A

AWS SDK

The AWS SDK for JavaScript is a collection of software tools for the creation of applications and libraries that use Amazon Web Services (AWS) resources

Answer 83

A

Use signed URLs/cookies when you want to secure content so that only the people you authorize are able to access it.

Answer 84

A

Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Transferring data with snowball is simple fast, secure, and can be as little as one-fifth the cost of high-speed internet.

It comes in either 50 or 80TB size. uses multiple layers of security designed to protect your data including tamper-resistant enclosures, 256-bit encryption, and an industry-standard trusted platform module (TPM) designed to ensure both security and full chain-of-custody of your data. Once the data transfer job has been processed and verified, AWS performs a software erasure of the snowball appliance

Answer 85

A

is a 100TB data transfer device with on-board storage and compute abilities. You can use Snowball Edge to move large amounts of data into and out of AWS, as a temporary storage tier for large local datasets, or to support local workloads in remote or offline locations.

connects to your existing application and infrastructure using standard storage interfaces, streamlining the data transfer process and minimizing setup and integration. Snowball Edge can cluster together to form a local storage tier and process your data on-premises, helping ensure your applications continue to run even when they are not able to access the cloud

Answer 86

A

is a n Exabyte-scale data transfer service user to move extremely large amounts of data to AWS. You can transfer up to 100PB per Snowmobile, a 46-foot long ruggedized shipping container, pulled by a semi-trailer truck. Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. Transferring data with Snowmobile is secure, fast and cost effective.

Answer 87

A

t3 - 2TB or more (269 days to upload 100TB)
100Mbps - 5TB or more (120 days to upload 100TB)
1000Mbps - 60TB or more(12 days)

Answer 88

A

service that connects an on-premises software appliance with cloud-baes storage to provide seamless and secure integration between an organizations on-premises IT environment and AWS’s storage infrastructure. The service enables you to securely store date to the AWS cloud for scalable and cost-effective storage.

software app can be downloaded as a VM image that lets you install on a host in your datacenter. Once you’ve installed your gateway and associated it with your AWS account through the activation process, you can use the AWS Management Console to create the storage gateway option that is right for you.

Answer 89

A

File gateway (NFS &amp; SMB)
Volume Gateway (iSCSI)
    -stored volumes
    -cached volumes
Tape Gateway(VTL)

Answer 90

A

files are stored as objects in your S3 buckets, accessed through a network file system (NFS) mount point. Ownership, permission, and timestamps are durably stored in S3 in the user-metadata of the object associated with the file. Once objects are transferred to S3, they can be managed as native S3 objects, and bucket policies such as versioning, lifecycle management, and cross-region replication apply directly to objects stored in your bucket

Answer 91

A

the volume interface present your application with disk volumes using the iSCSI block protocol.

Data written to these volumes can be asynchronously backed up as point-in-time snapshots of your volumes, and stored in the cloud as Amazon EBS snapshots.

Snapshots are incremental backups that capture only changed blocks. All snapshot storage is also compressed to minimize your storage charges.

Answer 92

A

Personally Identifiable Information

Answer 93

A

Security service that uses machine learning and NLP (natural language processing) to discover, classify and protect sensitive data stored in S3

uses AI to recognize if your S3 objects contain sensitive data such as PII
dashboards, reporting and alerts
works directly with data stored in S3
can also analyze cloudtrail logs
great for PCI-DSS and preventing ID theft

Answer 94

A

Interactive query service which enables you to analyze and query data located in S3 using standard SQL

Answer 95

A

Full access except IAM management

Answer 96

A

Secure Socket Layer keys for encryption

Answer 97

A

Transport Layer Security (old SSL)

Answer 98

A

Use SQL to directly access glacier or S3 files

Brainscape's Knowledge GenomeTM

Identity and Access Management & S3 Flashcards

Brainscape's Knowledge Genome^TM