[S3] Simple Storage Service

Question 1

S3 object-base consist of 5 properties?

Answer 1

1. Key
2. Value
3. VersionID
4. Metadata
5. Sub-resource: Access Control Lists / Torrent

Question 2

What specialty of S3 namespace?

bucket name must be ______ ;
receive _______ code

Answer 2

bucket name must be unique;

will receive HTTP200 code as URL

Question 3

How AWS keep data consistency?

_______ for PUTS of new objects;
_______ for overwrite PUTS and DELETES

Answer 3

• Read after Write consistency for PUTS of new objects

- Eventual Consistency for overwrite PUTS and DELETES (take time to propagate)

Question 4

What SLA on S3 availability & durability

Answer 4

99. 99% availability

99. 999999999% durability

Question 5

what feature of S3 to keep data security?

Answer 5

• tier storage available
• lifecycle management (intelligent)
• versioning
• encryption
• MFA delete
• secure by Access Control List & Bucket Policy

Question 6

How S3 charges?

Answer 6

1. storage size ( => 5TB)
2. requests & data retrievals
3. storage management
4. data transfer
5. Transfer Acceleration (CloudFront & Edge)
6. cross region replication

Question 7

How 3 type of policy to restrict bucket access?

Answer 7

1. Bucket Policies
2. Object Policies
3. IAM Policies to User & Groups

Question 8

How the sequence of S3 class from expensive to cheapest?

Answer 8

1. Standard
2. Infrequent Access
3. Intelligent Tiering
4. One Zone - IA
5. Glacier
6. Glacier - Deep Archive

Question 9

How Encryption method of S3 being use on data when…

1. Encryption at rest in server side : _______
2. encryption in-transit :
3. encryption on client side

Answer 9

1. Encryption In-Transit
   
   • SSL/TLS
2. Encryption At Rest (server side)
   
   • S3 Managed Key - SSE-S3
   • AWS KMS
   • Server side encryption w/ Customer Provided Keys - SSE-C
3. Client side Encryption

Question 10

What is S3 Lifecycle management?

Answer 10

• automate moving objects between different storage tiers
• can be used in conjunction with versioning
• can apply to current & previous version

Question 11

What VAULT policy can apply in S3?

Answer 11

• S3 object lock by Write Once Read Many model include Government mode & Compliance mode
• S3 Glacier Vault Lock

Question 12

you can achieve a high number of request ____ put/copy/post/delete and ___ get/head request per second per prefix

Answer 12

you can achieve a high number of request 3500 put/copy/post/delete and 5500 get/head request per second per prefix

Question 13

in S3, by using 2 prefix, you can achieve _____ requests per second

Answer 13

by using 2 prefix, you can achieve 11000 requests per second

Question 14

use _____ when upload file to S3;

use _____ when download file from S3

Answer 14

use multiparts uploads when upload file to S3;

use S3 byte-range fetches when download file from S3

Question 15

____ use simple SQL expression to retrieve only subset of data in stead of retrieving entire object to get data by ___ & ___

Answer 15

S3 Select use SQL expression to retrieve only subset of data in stead of retrieving entire object to get data by rows & columns

Question 16

____ with ____ allow highly regulated industries to run SQL query directly to Glacier to satisfy compliance as well as save on storage cost

Answer 16

Glacier Select with lifecycle policies allow highly regulated industries to write data directly to Glacier to satisfy compliance as well as save on storage cost

Question 17

best practice with AWS Organization:

1. ____ on root account & _____ on root account password
2. ____ purpose on billing account
3. use ______ policies on either OU or account

Answer 17

best practice with AWS Organization:

1. MFA on root account & strong & long on root account password
2. Billing purpose on billing account
3. use Service Control policies on either OU or account

Question 18

3 different way to share S3 bucket across account?

1. Bucket ____ & IAM which apply to entire bucket;
2. Bucket ____ & IAM which apply to individual object;
3. _____ IAM allow programmatic & console access

Answer 18

3 different way to share S3 bucket across account?

1. Bucket Policies & IAM which apply to entire bucket;
2. Bucket ACLs & IAM which apply to individual object;
3. Cross account IAM Roles allow programmatic & console access

Question 19

When setup S3 bucket cross region replication,

1. ____ must be enable to source & destination bucket
2. file in existing bucket ____ replicated automatically
3. subsequent updated files ____ replicated automatically
4. ____ & ____ are not replicated

Answer 19

When setup S3 bucket cross region replication,

1. Versioning must be enable to source & destination bucket
2. file in existing bucket NOT replicated automatically
3. subsequent updated files WILL replicated automatically
4. delete markers & individual deleted version are not replicated

Question 20

DataSync is use for

1. move large amount of data from ___ to AWS
2. used with ___ & ___ compatible file system
3. replication can be done by ___, day or week
4. require to install ____
5. can use to replicate ___ to ___

Answer 20

DataSync is use for

1. move large amount of data from on-premise to AWS
2. used with EFS- & SMB- compatible file system
3. replication can be done by hour, day or week
4. require to install DataSync Agent
5. can use to replicate EFS to EFS

Question 21

What 5 options can be choose under Storage Gateway?

Answer 21

1. File gateway
2. Volume gateway
   stored volumes
   cached volumes
3. Gateway Virtual Tape Library

Question 22

____ is serverless, interactive query service in S3 commonly used to analyze log data

Answer 22

Athena is serverless, interactive query service in S3 commonly used to analyze log data

Question 23

Using ____ , you can give your federated users single sign-on (SSO) access to the AWS Management Console.

Answer 23

Using SAML (Security Assertion Markup Language 2.0), you can give your federated users single sign-on (SSO) access to the AWS Management Console.

Question 24

what file language is policy write in?

Answer 24

JSON

Question 25

How AWS Storage Gateway as a way of using AWS S3 managed storage to supplement on-premise storage with VPC?

Answer 25

it is a physical or virtual appliance that can be used to cache S3 locally at customer site