S3 Glacier

Question 1

S3 Glacier

Answer 1

Long-term archival solution optimized for infrequently used data, or “cold data” and Glacier is a REST-based web service.

Question 2

How much can be stored in Glacier?

Answer 2

You can store an unlimited number of archives and an unlimited amount of data.

Question 3

True/False. You can specify Glacier as the storage class at the time you create an object.

Answer 3

False. You CANNOT specify Glacier as the storage class at the time you create an object.

Question 4

Durability of Glacier.

Answer 4

It is designed to provide an average annual durability of 99.999999999% for an archive. Glacier synchronously stores your data across multiple AZs before confirming a successful upload.

Question 5

How does Glacier prevent corruption?

Answer 5

To prevent corruption of data packets over the wire, Glacier uploads the checksum of the data during data upload. It compares the received checksum with the checksum of the received data and validates data authenticity with checksums during data retrieval.

Question 6

How do you use Glacier?

Answer 6

Glacier works together with Amazon S3 lifecycle rules to help you automate archiving of S3 data and reduce your overall storage costs. Requested archival data is copied to S3 One Zone-IA

Question 7

What is Vault?

Answer 7

-A container for storing archives.
-Each vault resource has a unique address with form: https://region-specific endpoint/account-id/vaults/vaultname
-You can store an unlimited number of archives in a vault.
-Vault operations are Region specific.

Question 8

What is Archive?

Answer 8

-Can be any data such as a photo, video, or document and is a base unit of storage in Glacier.
-Each archive has a unique address with form: https://region-specific-endpoint/account-id/vaults/vault-name/archives/archive-id

Question 9

What is a Job?

Answer 9

-You can perform a select query on an archive, retrieve an archive, or get an inventory of a vault. Glacier Select runs the query in place and writes the output results to Amazon S3.
-Select, archive retrieval, and vault inventory jobs are associated with a vault. A vault can have multiple jobs in progress at any point in time.

Question 10

What is Notification Configuration?

Answer 10

Because jobs take time to complete, Glacier supports a notification mechanism to notify you when a job is complete.

Question 11

Glacier Operations.

Answer 11

-Retrieving an archive (asynchronous operation)
-Retrieving a vault inventory (list of archives) (asynchronous operation)
-Create and delete vaults
-Get the vault description for a specific vault or for all vaults in a region
-Set, retrieve, and delete a notification configuration on the vault
-Upload and delete archives. You cannot update an existing archive.
-Glacier jobs — select, archive-retrieval, inventory-retrieval

Question 12

True/False. Vault operations are not region specific.

Answer 12

False. Vault operations are region specific.

Question 13

True/False. Vault names must be unique within an account and the region in which the vault is being created.

Answer 13

True.

Question 14

How can you delete a Vault?

Answer 14

You can delete a vault only if there are no archives in the vault as of the last inventory that Glacier computed and there have been no writes to the vault since the last inventory.

Question 15

What vault information can be retrieved from a vault?

Answer 15

You can retrieve vault information such as the vault creation date, number of archives in the vault, and the total size of all the archives in the vault.

Question 16

True/False. Glacier maintains an inventory of all archives in each of your vaults for disaster recovery or occasional reconciliation.

Answer 16

True.

Question 17

What is a vault inventory?

Answer 17

A vault inventory refers to the list of archives in a vault. Glacier updates the vault inventory approximately once a day. Downloading a vault inventory is an asynchronous operation.

Question 18

How can you assign your own metadata to a Glacier Vault?

Answer 18

You can assign your own metadata to Glacier vaults in the form of tags. A tag is a key-value pair that you define for a vault.

Question 19

What is Glacier Vault Lock?

Answer 19

Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual Glacier vaults with a vault lock policy.

Question 20

True/False. You can specify controls such as “write once read many” (WORM) in a vault lock policy and lock the policy from future edits.

Answer 20

True.

Question 21

True/False. You can change a policy on a locked Vault.

Answer 21

False. Once locked, the policy can no longer be changed.

Question 22

What archive operations are supported by Glacier?

Answer 22

Glacier supports the following basic archive operations: upload, download, and delete. Downloading an archive is an asynchronous operation.

Question 23

True/False. You cannot upload an archive in a single operation or upload it in parts.

Answer 23

False. You can upload an archive in a single operation or upload it in parts.

Question 24

Using multipart upload API, what is the max upload size for large archives?

Answer 24

Using the multipart upload API, you can upload large archives, up to about 10,000 x 4 GB.

Question 25

True/False. You can upload archives to Glacier by using the management console.

Answer 25

False. You cannot upload archives to Glacier by using the management console. Use the AWS CLI or write code to make requests, by using either the REST API directly or by using the AWS SDKs.

Question 26

True/False. You can delete an archive using S3 Glacier management console.

Answer 26

False. You cannot delete an archive using the Amazon S3 Glacier (Glacier) management console. Glacier provides an API call that you can use to delete one archive at a time.

Question 27

True/False. After you upload an archive, you can update its content and its description.

Answer 27

False. After you upload an archive, you cannot update its content or its description. The only way you can update the archive content or its description is by deleting the archive and uploading another archive.

Question 28

True/False. Glacier does not support any additional metadata for the archives.

Answer 28

True.

Question 29

What is Glacier Select?

Answer 29

You can perform filtering operations using simple SQL statements directly on your data in Glacier. You can run queries and custom analytics on your data that is stored in Glacier, without having to restore your data to a hotter tier like S3.

Question 30

What access tiers are provided by Glacier when you perform select queries?

Answer 30

-Expedited – data accessed is typically made available within 1–5 minutes. -Standard – data accessed is typically made available within 3–5 hours. -Bulk – data accessed is typically made available within 5–12 hours.

Question 31

Glacier data retrieval policies.

Answer 31

Set data retrieval limits and manage the data retrieval activities across your AWS account in each region.

Question 32

What type of data retrieval policies exist in Glacier?

Answer 32

Three types of policies: -Free Tier Only – you can keep your retrievals within your daily free tier allowance and not incur any data retrieval cost. -Max Retrieval Rate – ensures that the peak retrieval rate from all retrieval jobs across your account in a region does not exceed the bytes-per-hour limit you set. -No Retrieval Limit

Question 33

Encryption for S3 Glacier?

Answer 33

Glacier encrypts your data at rest by default and supports secure data transit with SSL.

Question 34

True/False. Data stored in Amazon Glacier is immutable, meaning that after an archive is created it cannot be updated.

Answer 34

True.

Question 35

What permissions are required for Glacier?

Answer 35

Access to Glacier requires credentials that AWS can use to authenticate your requests. Those credentials must have permissions to access Glacier vaults or S3 buckets.

Question 36

True/False. Glacier requires all requests to be signed for authentication Protection.

Answer 36

True. To sign a request, you calculate a digital signature using a cryptographic hash function that returns a hash value that you include in the request as your signature.

Question 37

True/false. Glacier does not support policies at the vault level.

Answer 37

Valse. Glacier supports policies only at the vault level.

Question 38

True/False. You cannot attach identity-based policies to IAM identities.

Answer 38

False. You CAN attach identity-based policies to IAM identities.

Question 39

What are vault policies?

Answer 39

A Glacier vault is the primary resource and resource-based policies are referred to as vault policies.

Question 40

What is Event History?

Answer 40

When activity occurs in Glacier, that activity is recorded in a CloudTrail event along with other AWS service events in Event History.

Question 41

How is S3 Glacier priced?

Answer 41

-You are charged per GB per month of storage -You are charged for retrieval operations such as retrieve requests and amount of data retrieved depending on the data access tier – Expedited, Standard, or Bulk -Upload requests are charged. -You are charged for data transferred out of Glacier. -Pricing for Glacier Select is based upon the total amount of data scanned, the amount of data returned, and the number of requests initiated. -There is a charge if you delete data within 90 days.

Question 42

Max number of Glacier Vaults.

Answer 42

Under a single AWS account, you can have up to 1000 vaults.