Storage Flashcards
Can you mount EBS across AZs?
No, to ensure the lowest latency this is not possible
When to use provisioned IOPS?
When more than 10000 IOPS are needed
What is an IOPS?
Measurement how many read/write actions can happen in a second - based on a standard package size
What is throughput?
product of packet size and IOPS
What are Bursting IOPS and Throughput
Burst: IOPS not used are generating credits that can be used to burst up to 3000 IOPS and therefore a higher throughput
What must be considered for IOPS for EC2 and EBS?
Even though EBS volumes can have a high amount of IOPS it might be limited by the EC2 instance
How to share (un)encrypted snapshots
Public shared snapshots can only be unencrypted.
Encrypted volumes can be shared to a specific account as long as the Customer Master Key is provided
How are EFS volumes sized?
Automatic sizing
When to (not) use S3-IA?
If called < 20 times/yr, smaller than 4Kb and listed shorter than 30days
How to use Cross-Region Replication?
Versioning must be enabled. (Files are not syncronized to the regions, just copied)
CRR can be used for different accounts
What is the vault lock?
When used a file cannot be deleted until a certain amount of time (10yrs e.g.)
Describe the (three) Storage Gateway Options
File interface (Access via Network File System) Volume interface (Data is accessed on local storage) Tape interface (Connected to existing backup method - and then stored in S3)
What is the time interval at which EFS metric data gets sent to CloudWatch?
CloudWatch receives EFS metric data in one-minute intervals.
Which are not replicated by default using S3 CRR?
Objects that existed before replication
Lifecycle policies
Server-side encryption using KMS-managed keys
Server-side encryption using customer-provided keys
What is the limitation for HDD storage?
You cannot use them for a boot device
When to use the cold HDD (sc1)
Infrequent access with minimized storage costs
How to get 6000 IOPS
Using a volume size of 2000GB (2000 x 3IOPS)
When is Pre-Warming an EBS volume neccessary?
In the past a new volume needed to be warmed in order to ensure the maximum capacity.
New volumes do not require this anymore.
However: if a volume is restored from S3 the blocks need to be initialized this causes some latency issues.
There a pre warming could be done.
What are the volume status checks?
OK
WARNING
Degraded (performance under expectation)
Severely degraded (performance highly under expectations)
IMPARED
Stalled (performance severely under expectations)
Not Available (I/O is not measured - volume is offline)
INSUFFICIENT_DATA
Can you modify an attached EBS volume?
Yes, it is possible to change the type, size and IOPS on an attached volume without detaching it.
What is Eviction? (Elasticache)
When there’s no space and a file is added, an old file needs to be deleted
What should be done in terms of Eviction on Elasticache?
Memcache(d): Scale out or Up (increase RAM)
Redis: Scale out (add read replicas)
How many IOPS are given per GB for gp2 and io2
gp2: 3 (16000 max)
io1: 50 (64000 max)
Describe the two consistency models in S3
Read after Write consistency for PUTS on new objects
Eventual Consistency for PUTS on existing object and DELETES
What are you charged for in S3?
- Storage per GB
- Requests (GET, PUT)
- Storage Management (like Tagging)
- Accelerated Traffic
- Egress traffic
What is the file gateway?
- uses S3 for storage
- accessed with NSF or SMB and therefore appears as a normal network storage
- has the all the advantages of S3
What is the volume gateway?
- cloud backed storage
- iSCSI
- two types:
- Gateway Stored Volumes: Storage is local, backup in AWS (as EBS snapshots)
- Gateway Cached Volumes: S3 as primary storage, files are cached locally
What is Tape Gateway?
- Data Archive in Glacier
- Can integrate with existing tape infrastructure
Can a policy be attached to an S3 object?
No, only to buckets+
What is the difference between a bucket policy and iam user policy?
“Who can access this S3 resource?”
“What can this user do in AWS?”
What is an advantage of a bucket policy?
You can grant cross-account access to S3 bucket w/o IAM
What is an S3 Access Control List (ACL)?
Precursor to Bucket Policies.
Can be on a Bucket, Folder or Object Level
Can only grant, not deny access
Has predefined groups (All users, All auth. users)
S3: What is the maximum upload size for a single PUT operation to S3, and what is the maximum object size limit?
5GB for a PUT, 5TB for a single object.
A user has launched a dedicated EBS-backed instance. You are curious where the EBS volume for this instance will be created.
The EBS volume will not be created on the same tenant hardware assigned to the dedicated instance.
A root AWS account owner is trying to understand various options to set the permission to Amazon S3. Which option below is not an access control mechanism in Amazon S3?
- S3 Bucket access control list
- S3 Object access policy
- IAM User access policy
- S3 Bucket access policy
S3 Object access policy
Amazon S3 provides a set of operations to work with the Amazon S3 resources. Managing S3 resource access refers to granting others permissions to work with S3. There are three ways the root account owner can define access with S3:
In AWS Storage Gateway, using a tape gateway’s virtual tape library (VTL), you can cost-effectively and durably archive backup data in____
Amazon Glacier
After a retrival request to Glacier, how can the data be accessed
The retrieval request creates a temporary copy of your data in the S3 RRS or S3 Standard-IA storage class while leaving the archived data intact in S3 Glacier
Which types of AWS Storage Gateway offer local caches for frequently accessed data? (Choose 2 answers)
Cached volume gateways
File gateways
Both file gateways and cached volume gateways provide local caches to store frequently accessed data. Stored volume gateways keep all files locally, so all stored data can be retrieve with reduced latency. Tape gateways are an archival method, and not ideal for data that needs to be readily available.
When using a tape gateway in AWS Storage Gateway, files are accessible unless they are stored within a ____________, in which case they will need to be retrieved first, which may take several hours.
archived tape
In Amazon Elastic File System (EFS), which of the following performance modes is ideal for applications where tens, hundreds, or thousands of Elastic Compute Cloud (EC2) instances access a file system?
Provisioned IOPS mode
Max I/O mode
General Purpose mode
Enhanced Throughput mode
Max I/O mode
Amazon EFS offers two performance modes: General Purpose mode and Max I/O mode
Does Amazon EFS support Linux and Windows instances?
No, only Linux
What is the potential size range for individual objects stored in Amazon S3?
0 bytes to 5 TB
A user has launched an EC2 instance from an instance store-backed AMI. If the user reboots the instance, what will happen to the data on the instance store volume?
The data will be preserved. Rebooting an instance is equivalent to rebooting an operating system.
A user has created a new EBS volume. The user wants to mount the volume on the instance to which it is attached. Which step is required before the user can mount the volume?
The user must create a file system on the volume.
When using Amazon Glacier’s expedited retrieval option, which of the following is correct?
Amazon Glacier takes 1-5 minutes to retrieve data.
Amazon Glacier takes 5-12 hours to retrieve data.
Amazon Glacier takes 1 hour to retrieve data.
Amazon Glacier takes 3-5 hours to retrieve data.
Amazon Glacier takes 1-5 minutes to retrieve data.
Which encryption method does AWS Storage Gateway use to encrypt all data by default?
Server-side encryption with KMS-managed keys (SSE-KMS)
Customer-side encryption with KMS-managed keys (CSE-KMS)
Server-side encryption with S3-managed keys (SSE-S3)
Server-side encryption with Customer-managed keys (SSE-C)
By default, Storage Gateway uses Amazon S3-Managed Encryption Keys (SSE-S3) to server-side encrypt all data it stores in Amazon S3. You have an option to use the Storage Gateway API to configure the different gateway types to encrypt data stored in the cloud using the AWS Key Management Service (KMS).
True or False: Regarding Amazon CloudFront, an RTMP distribution must use an Amazon S3 bucket as the origin.
True
When using Amazon Glacier’s bulk retrieval option, which of the following is correct?
Amazon Glacier takes 3-5 hours to retrieve data.
Amazon Glacier 1 hour to retrieve data.
Amazon Glacier takes 5-12 hours to retrieve data.
Amazon Glacier takes 1-5 minutes to retrieve data.
Amazon Glacier takes 5-12 hours to retrieve data.
Which types of AWS Storage gateways have a limited amount of total storage per gateway? (
Stored volume gateway
Cached volume gateway
What is AWS DataSync?
AWS DataSync makes it simple and fast to move large amounts of data online between on-premises storage and Amazon S3, Amazon Elastic File System (Amazon EFS), or Amazon FSx for Windows File Server. Manual tasks related to data transfers can slow down migrations and burden IT operations.
What is initialization / pre warming and when to use it?
Reading all the blocks before the volume goes into production.
After restoring a volume from a S3 snapshot
EBS: What changes can be done while a volume is attached?
Increase size (volume file size needs to be etended on the server) change volume type increase IOPS (for io1 volumes)
What is the maximum IOPS capability of an io1 volume?
64.000
EBS: What happens to the volumes if an EC2 instance is terminated?
Root Device will be deleted by default - can be disabled
Other Volumes will be detached
What is the snowball edge?
Physical device with 100TB of storage.
Also has a computational unit inside that can run Lambda functions when data is transferred.
Also has S3 endpoints and NFS support
NFS: What are the options for throughput and performance mode?
Bursting & Provisioned
General Purpose & Max I/O (used when 100s of instances are connected)
Which AWS service allows your on-premises systems to access your files in S3 over NFS or SMB using a virtual appliance installed in your data center?
File Gateway
S3: What are the three reasons for CRR?
Compliance (must be stored in multiple locations)
Latency
Disaster Recovery
What is the scope of EFS?
Across multiple AZs within a region
What are the security group settings for EFS?
Allow traffic from TCP Port 2049 from the security groups of the EC2 instances
EBS: What is a Lifecycle Policy?
Data Lifecycle Manager enables you to automate the creation, retention, copy and deletion of EBS snapshots and EBS-backed AMIs. It also enables you to automate cross-account snapshot copy actions for snapshots that are shared with you, based on Amazon CloudWatch events.
To decide which Volumes are used you look for specific tags.
S3: Can you encrypt metadata?
No.
What is the difference in terms of backup/updating between block - and object storage?
In Object storage there is no concept of updating the delta, is always replaces the whole file
What is the packet size limitation of HDD / SSD?
SSD: 256KB
HDD: 1MB
What can be done to raise the max. IOPS?
Have more volumes in Raid0
How are EBS Snapshots stored?
They are stored in S3, but not as object visible to the user.
Since they are not “real” objects it is possible to store only the changed delta data and therefore reducing the storage capacity needed
Do you need to stop an instance to create a snapshot?
Boot volumes yes, additional volumes no.
But it makes sense to hold writes to get the best results.
What are the advantages of instance storage?
SInce it lives on the same hardware it is included in the hourly costs and there cannot be network issues
What are the size limits of Glacier?
1byte to 40TB
What is the Vault Lock?
Files cannot be deleted for a duration of time, even if the company does not exist anymore
Which command would you use to mount an EBS volume?
aws ec2 attach-volume –volume-id –instance-id
–device /dev/
What is the
maximum allowed length of an S3 bucket name and are underscores allowed?
63 characters
no
Which S3 storage class offers 99.99% availability?
S3 Standard
Which S3 storage class offers 99.9% availability?
S3 Standard-IA
Which S3 storage class offers 99.5% availability?
S3 One Zone-IA
You currently have snapshots of your EBS volumes going to S3. You need to access the
snapshots. How would you access them?
Amazon EC2 API
S3: What tool can be used to analyse S3 access permissions?
Access Analyzer for S3.
S3; What are the expected retrieval times for Deep Archive Standard and Bulk?
Standard: 12h
Bulk: 24h
CloudFront: What is origin redundancy?
A different origin in case of 400/500 errors from the origin
CloudFront: How long is a file cached by default?
24h
CloudFront: What is the single-file limit?
20GB
You need to continually move large amounts of data from your on-premises datacenter to
AWS. What is the best way to accommodate large ongoing file transfers?
Transfer over AWS Direct Connec
How does AWS Snowball guarantee that your AWS Snowball device has not been
tampered with before its arrival at an AWS datacenter?
Tamper-resistant enclosure
TPM chip
You need to remove a large amount of data from Amazon S3 and bring it back to your
on-premises datacenter. The data is approximately 75 TB. What is the best method to
transfer the data back to your on-premises datacenter?
AWS Snowball
What needs to be done in order to export Glacier Deep Archive data to a Snowball?
Restore the data from Amazon S3 Glacier and then create the export request.
Which command is used to enable lifecycle management for Amazon EFS via the
AWS CLI?
aws efs put-lifecycle-configuration
You need to protect the data that is stored in your Amazon EFS implementation. Which
of the following are methods that will allow you to safeguard the Amazon EFS data?
AWS Backup Service
EFS-to-EFS backup solution
You have chosen to delete the CMK you were using for your Amazon EFS deployment.
How can you immediately delete the CMK?
The deletion of a CMK is irreversible so you can’t do it immediately; you have to
schedule the deletion. You can schedule it for anywhere from 7–30 days. If you must get
rid of it more immediately, you can revoke or disable the key.
How can you reduce costs for using Amazon EFS across multiple availability zones?
When you create mount points for Amazon EFS, it is recommended to create them
in each availability zone as this will reduce the amount of cross-availability zone access,
which incurs additional cos
What is the size difference between a Snowball and a Snowball Edge?
SB: 80TB
Edge: 100TB
S3: Which of the following S3 operations costs nothing?
A. DELETE
B. LIST
C. GET
Which can / cannot be a CloudFront origin?
Yes: A public S3 bucket, elastic load balancer, public web server
No: A Lambda function
Which protocol does EFS use?
NFS
On which type of gateway does AWS Storage Gateway allow you to use iSCSI?
Volume Gateway
What is required to enable MFA Delete?
A bucket policy
An SSE-C encrypted object named file.txt exists in an S3 bucket on which versioning is
enabled. What will happen if you try to delete this object?
Because versioning is enabled, S3 will only create a delete marker. There’s no need to
specify the encryption key to delete an object version.
