S3 Flashcards

1
Q

True or False: S3 is public by default and anyone can access any bucket.

A

False. S3 is private by default and only root user has access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an S3 bucket policy?

A

An S3 bucket policy is a form of resource policy that can be attached to a bucket to control access to the bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the principal key in a resource policy?

A

The key that tells us who is impacted by the policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an Access Control List?

A

Legacy form of bucket policy. Inflexible and simple permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is S3 Static Website Hosting?

A

Allows access to S3 objects via HTTP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an index document?

A

An index document in static website hosting points to a specific object in a bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an error document?

A

An error document is what is shown when there is a server wide error eg 404.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When might you want to use S3 static website hosting?

A

For offloading large amounts of data and for out of band pages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does versioning let you do?

A

Versioning allows you to create multiple versions of the same object within a bucket. Operations that modify an object would create a new object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What metadata on an object atores the version number?

A

The id. Id is set to null without versioning, and highest id returns current version.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why does versioning increase costs?

A

Space is taken up by all versions of an object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What operations does MFA Delete apply to?

A

Changing bucket versioning state and deleting versions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Multipart Upload?

A

Allows an object to be split up to up to 10,000 pieces when uploading to S3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is S3 Transfer Acceleration?

A

A system that uses AWS Edge networks in order for an object to be uploaded to a bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is KMS?

A

KMS = Key Management Service. It is regional, public, and allows for creation storage and management of encryption keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What level of security does KMS provide?

A

FIPS 140-2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a Customer Master Key?

A

A Customer Master Key (CMK) is the main thing KMS manages. It is backed by the physical encryption material and can encrypt up to 4 KB of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Are customer master keys generated by KMS or imported?

A

Both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are Data Encryption Keys?

A

DEKs are generated by a CMK and used to encrypt more than 4 KB of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

True or False: DEK is not stored by KMS

A

True. DEK is provided to you then discarded. You, or a service, does the data encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

CMKs are isolated to a __________ and never leave

A

region

22
Q

Do CMKs support rotation?

A

Yes, they are rotated every 3 years for AWS managed and 1 year for Customer managed

23
Q

What algorithm does S3 use for encryption?

A

AES 256

24
Q

How do you encrypt a bucket in S3?

A

You don’t. Only objects can be cnrypted.

25
Q

Who manages the 1. keys and 2. encryption in SSE-C?

A
  1. Customer

2. S3

26
Q

Who manages the 1. keys and 2. encryption in SSE-S3?

A
  1. S3

2. S3

27
Q

What encryption method on S3 is the default?

a. SSE-C
b. SSE-S3
c. SSE-KMS

A

SSE-S3

28
Q

How does SSE-KMS differ from SSE-S3?

A

KMS manages the keys used for encryption.

29
Q

What is the default storage class in S3?

A

Standard.

30
Q

In S3 standard, are you charged a data retrieval fee?

A

No

31
Q

In S3 standard, how many AZs are objects replicated across?

A

3+

32
Q

In S3 Standard-IA, whar is the minimum duration charge?

A

30 days

33
Q

What kind of documents might you use S3 Standard IA for?

A

Important documents that dont require frequent access

34
Q

What kind of documents would you use S3 One Zone IA for?

A

Noncritical and replaceable documents that dont require frequent access.

35
Q

What kind of retrieval latency is experienced with the Glacier storage class?

A

Minutes to hours

36
Q

What kind of retrieval latency is experienced with Glacer Deep Archive?

A

Hours or days

37
Q

True or False: It is a good idea to use Glacier Deep Archive for primary backups

A

False!!!!

38
Q

What does S3 intelligent tiering do?

A

Monitors objects and moves them to different storage classes based on access.

39
Q

What advantages does S3 intelligent tiering offer?

A

May help reduce costs if object access is unpredictable

Reduces admin overhead

40
Q

What is S3 Lifecycle configuration?

A

A set of rules defined on a bucket or set of objects that can either move between storage classes or delete the objects.

41
Q

What two types of replication exist in S3?

A

Cross Region replication and same region replication

42
Q

Why would you want to use cross region replication?

A

Global resilience and latency reduction

43
Q

Why would you want to use same region replication?

A

Log aggregation, prod/test sync

44
Q

True or false: you dont need versioning on to use replication

A

False

45
Q

What storage classes cannot be used with replication?

A

Glacier and Glacier Deep Archive

46
Q

What is a presigned URL?

A

Giving a url to s3 objects with embedded user permissions

47
Q

True or False: You can only generate presigned urls for objects you have access to

A

False

48
Q

Why are S3 Select and S3 Glacier select important?

A

Allow you to pre filter an object in S3, reduces workload an app has to do

49
Q

What are S3 Events?

A

Notifications that are generated when something occurs in S3 bucket. Notif can be passed to SNS, SQS, etc

50
Q

S3 logging is a thing

A

S3 logging is a thing