S3

Question 1

What happens when you encrypt an object in S3?

Answer 1

It creates a new version of the object, which is encrypted. An old unencrypted version still exists

Question 2

What is MFA Delete and what is it used for?

Answer 2

It is Multi-Factor Auth Delete and it is used to prevent accidental deletes.

Question 3

What 2 things do you need MFA Delete to do?

Answer 3

• permanently delete an object

- suspend versioning on an object

Question 4

How do you enable MFA Delete?

Answer 4

The root account owner must enable it via the CLI

Question 5

What is the new way to enable encryption in S3?

Answer 5

Use the Console to enable default encryption

Question 6

What was the old way to enable encryption in S3?

Answer 6

Set the “x-amz-server-side-encrption:AES256”

Question 7

How do you calculate the total number of IP addresses of a given CIDR Block

Answer 7

Subtract the mask number from 32, then raise 2 to the power of the result:
/27 = 32 - 27 = 5
2^5 = 32

Question 8

What are the 5 steps of S3 cross region replication?

Answer 8

Select Bucket Replication tab
Select Source/Destination buckets
Make sure Versioning is enabled
Assign/Create IAM role
Copy previous files to the destination using command-line

Question 9

What is the default timeout for S3 pre-signed URLs?

Answer 9

3600 seconds (1 hour)

Question 10

How can you change the pre-signed URL timeout?

Answer 10

Use the –expires-in [seconds] argument

Question 11

What are 3 examples of why you would use a pre-signed URL?

Answer 11

• Allow logged in users to download premium content from a bucket
• You want to generate URLs dynamically for an ever-changing list of users
• Allow temp access to a bucket

Question 12

How do you make sure your generated URL is compatible with KMS?

Answer 12

Run “aws configure set default.s3.signature_version s3v4”

Question 13

Using the CLI, how do you generate a pre-signed URL?

Answer 13

Run “aws s3 presign s3://bucket/file –expires-in 300 –region us-east-1”

Question 14

What 3 services does Cloudfront work with?

Answer 14

• S3
• EC2
• Load Balancing

Question 15

What is Cloudfront Origin Access Identity

Answer 15

A Special Cloudfront user associated with your distribution

Question 16

What is the availability of S3, S3-IA and S3-RRS?

Answer 16

99.99%

Question 17

What is the availability of S3 One-Zone IA?

Answer 17

99.5%

Question 18

What are the 4 storage tiers of S3?

Answer 18

S3 standard
S3 IA
S3 IA-One Zone
Glacier

Question 19

Whats is the S3 durability?

Answer 19

99.999999999%

Question 20

What is S3 Analytics used for?

Answer 20

It is used to recommend what tier your data should be on

Question 21

What are items in Glacier called?

Answer 21

Archives

Question 22

What are Archives stored in?

Answer 22

Vaults

Question 23

What are the 3 Glacier retrieval options and how long do they take?

Answer 23

• Expedited (1 - 5 minutes)
• Standard (3 - 5 hours)
• Bulk (5 - 12 hours)

Question 24

What is a Lock Policy?

Answer 24

A policy you apply to a Vault that is immutable and usually used for regulatory/compliance

Question 25

What is the WORM Policy?

Answer 25

Write once read many

Question 26

How would you implement the WORM Policy?

Answer 26

Apply a Lock Policy

Question 27

What are the 4 types of Storage Gateways?

Answer 27

File Gateway
Stored Volumes
Cached Volumes
Tape Gateway

Question 28

What is Storage Gateway?

Answer 28

It is a bridge between AWS S3 and on-premise data

Question 29

What storage Gateway would you use for Files?

Answer 29

File Gateway

Question 30

What Storage Gateway would you use for Block Storage iSCSI?

Answer 30

Volume Gateway

Question 31

What Storage Gateway would you use for Physical Tapes?

Answer 31

Tape Gateway