Storage

Question 1

Can you mount EBS across AZs?

Answer 1

No, to ensure the lowest latency this is not possible

Question 2

When to use provisioned IOPS?

Answer 2

When more than 10000 IOPS are needed

Question 3

What is an IOPS?

Answer 3

Measurement how many read/write actions can happen in a second - based on a standard package size

Question 4

What is throughput?

Answer 4

product of packet size and IOPS

Question 5

What are Bursting IOPS and Throughput

Answer 5

Burst: IOPS not used are generating credits that can be used to burst up to 3000 IOPS and therefore a higher throughput

Question 6

What must be considered for IOPS for EC2 and EBS?

Answer 6

Even though EBS volumes can have a high amount of IOPS it might be limited by the EC2 instance

Question 7

How to share (un)encrypted snapshots

Answer 7

Public shared snapshots can only be unencrypted.

Encrypted volumes can be shared to a specific account as long as the Customer Master Key is provided

Question 8

How are EFS volumes sized?

Answer 8

Automatic sizing

Question 9

When to (not) use S3-IA?

Answer 9

If called < 20 times/yr, smaller than 4Kb and listed shorter than 30days

Question 10

How to use Cross-Region Replication?

Answer 10

Versioning must be enabled. (Files are not syncronized to the regions, just copied)
CRR can be used for different accounts

Question 11

What is the vault lock?

Answer 11

When used a file cannot be deleted until a certain amount of time (10yrs e.g.)

Question 12

Describe the (three) Storage Gateway Options

Answer 12

File interface (Access via Network File System)
Volume interface (Data is accessed on local storage)
Tape interface (Connected to existing backup method -  and then stored in S3)

Question 13

What is the time interval at which EFS metric data gets sent to CloudWatch?

Answer 13

CloudWatch receives EFS metric data in one-minute intervals.

Question 14

Which are not replicated by default using S3 CRR?

Answer 14

Objects that existed before replication
Lifecycle policies
Server-side encryption using KMS-managed keys
Server-side encryption using customer-provided keys

Question 15

What is the limitation for HDD storage?

Answer 15

You cannot use them for a boot device

Question 16

When to use the cold HDD (sc1)

Answer 16

Infrequent access with minimized storage costs

Question 17

How to get 6000 IOPS

Answer 17

Using a volume size of 2000GB (2000 x 3IOPS)

Question 18

When is Pre-Warming an EBS volume neccessary?

Answer 18

In the past a new volume needed to be warmed in order to ensure the maximum capacity.
New volumes do not require this anymore.

However: if a volume is restored from S3 the blocks need to be initialized this causes some latency issues.
There a pre warming could be done.

Question 19

What are the volume status checks?

Answer 19

OK
WARNING
Degraded (performance under expectation)
Severely degraded (performance highly under expectations)
IMPARED
Stalled (performance severely under expectations)
Not Available (I/O is not measured - volume is offline)
INSUFFICIENT_DATA

Question 20

Can you modify an attached EBS volume?

Answer 20

Yes, it is possible to change the type, size and IOPS on an attached volume without detaching it.

Question 21

What is Eviction? (Elasticache)

Answer 21

When there’s no space and a file is added, an old file needs to be deleted

Question 22

What should be done in terms of Eviction on Elasticache?

Answer 22

Memcache(d): Scale out or Up (increase RAM)

Redis: Scale out (add read replicas)

Question 23

How many IOPS are given per GB for gp2 and io2

Answer 23

gp2: 3 (16000 max)
io1: 50 (64000 max)

Question 24

Describe the two consistency models in S3

Answer 24

Read after Write consistency for PUTS on new objects

Eventual Consistency for PUTS on existing object and DELETES

Question 25

What are you charged for in S3?

Answer 25

• Storage per GB
• Requests (GET, PUT)
• Storage Management (like Tagging)
• Accelerated Traffic
• Egress traffic

Question 26

What is the file gateway?

Answer 26

• uses S3 for storage
• accessed with NSF or SMB and therefore appears as a normal network storage
• has the all the advantages of S3

Question 27

What is the volume gateway?

Answer 27

• cloud backed storage
• iSCSI
• two types:
• • Gateway Stored Volumes: Storage is local, backup in AWS (as EBS snapshots)
• • Gateway Cached Volumes: S3 as primary storage, files are cached locally

Question 28

What is Tape Gateway?

Answer 28

• Data Archive in Glacier

- Can integrate with existing tape infrastructure

Question 29

Can a policy be attached to an S3 object?

Answer 29

No, only to buckets+

Question 30

What is the difference between a bucket policy and iam user policy?

Answer 30

“Who can access this S3 resource?”

“What can this user do in AWS?”

Question 31

What is an advantage of a bucket policy?

Answer 31

You can grant cross-account access to S3 bucket w/o IAM

Question 32

What is an S3 Access Control List (ACL)?

Answer 32

Precursor to Bucket Policies.
Can be on a Bucket, Folder or Object Level
Can only grant, not deny access
Has predefined groups (All users, All auth. users)

Question 33

S3: What is the maximum upload size for a single PUT operation to S3, and what is the maximum object size limit?

Answer 33

5GB for a PUT, 5TB for a single object.

Question 34

A user has launched a dedicated EBS-backed instance. You are curious where the EBS volume for this instance will be created.

Answer 34

The EBS volume will not be created on the same tenant hardware assigned to the dedicated instance.

Question 35

A root AWS account owner is trying to understand various options to set the permission to Amazon S3. Which option below is not an access control mechanism in Amazon S3?

• S3 Bucket access control list
• S3 Object access policy
• IAM User access policy
• S3 Bucket access policy

Answer 35

S3 Object access policy

Amazon S3 provides a set of operations to work with the Amazon S3 resources. Managing S3 resource access refers to granting others permissions to work with S3. There are three ways the root account owner can define access with S3:

Question 36

In AWS Storage Gateway, using a tape gateway’s virtual tape library (VTL), you can cost-effectively and durably archive backup data in____

Answer 36

Amazon Glacier

Question 37

After a retrival request to Glacier, how can the data be accessed

Answer 37

The retrieval request creates a temporary copy of your data in the S3 RRS or S3 Standard-IA storage class while leaving the archived data intact in S3 Glacier

Question 38

Which types of AWS Storage Gateway offer local caches for frequently accessed data? (Choose 2 answers)

Answer 38

Cached volume gateways
File gateways

Both file gateways and cached volume gateways provide local caches to store frequently accessed data. Stored volume gateways keep all files locally, so all stored data can be retrieve with reduced latency. Tape gateways are an archival method, and not ideal for data that needs to be readily available.

Question 39

When using a tape gateway in AWS Storage Gateway, files are accessible unless they are stored within a ____________, in which case they will need to be retrieved first, which may take several hours.

Answer 39

archived tape

Question 40

In Amazon Elastic File System (EFS), which of the following performance modes is ideal for applications where tens, hundreds, or thousands of Elastic Compute Cloud (EC2) instances access a file system?

Provisioned IOPS mode
Max I/O mode
General Purpose mode
Enhanced Throughput mode

Answer 40

Max I/O mode

Amazon EFS offers two performance modes: General Purpose mode and Max I/O mode

Question 41

Does Amazon EFS support Linux and Windows instances?

Answer 41

No, only Linux

Question 42

What is the potential size range for individual objects stored in Amazon S3?

Answer 42

0 bytes to 5 TB

Question 43

A user has launched an EC2 instance from an instance store-backed AMI. If the user reboots the instance, what will happen to the data on the instance store volume?

Answer 43

The data will be preserved. Rebooting an instance is equivalent to rebooting an operating system.

Question 44

A user has created a new EBS volume. The user wants to mount the volume on the instance to which it is attached. Which step is required before the user can mount the volume?

Answer 44

The user must create a file system on the volume.

Question 45

When using Amazon Glacier’s expedited retrieval option, which of the following is correct?

Amazon Glacier takes 1-5 minutes to retrieve data.
Amazon Glacier takes 5-12 hours to retrieve data.
Amazon Glacier takes 1 hour to retrieve data.
Amazon Glacier takes 3-5 hours to retrieve data.

Answer 45

Amazon Glacier takes 1-5 minutes to retrieve data.

Question 46

Which encryption method does AWS Storage Gateway use to encrypt all data by default?

Server-side encryption with KMS-managed keys (SSE-KMS)

Customer-side encryption with KMS-managed keys (CSE-KMS)

Server-side encryption with S3-managed keys (SSE-S3)

Server-side encryption with Customer-managed keys (SSE-C)

Answer 46

By default, Storage Gateway uses Amazon S3-Managed Encryption Keys (SSE-S3) to server-side encrypt all data it stores in Amazon S3. You have an option to use the Storage Gateway API to configure the different gateway types to encrypt data stored in the cloud using the AWS Key Management Service (KMS).

Question 47

True or False: Regarding Amazon CloudFront, an RTMP distribution must use an Amazon S3 bucket as the origin.

Answer 47

True

Question 48

When using Amazon Glacier’s bulk retrieval option, which of the following is correct?

Amazon Glacier takes 3-5 hours to retrieve data.
Amazon Glacier 1 hour to retrieve data.
Amazon Glacier takes 5-12 hours to retrieve data.
Amazon Glacier takes 1-5 minutes to retrieve data.

Answer 48

Amazon Glacier takes 5-12 hours to retrieve data.

Question 49

Which types of AWS Storage gateways have a limited amount of total storage per gateway? (

Answer 49

Stored volume gateway

Cached volume gateway

Question 50

What is AWS DataSync?

Answer 50

AWS DataSync makes it simple and fast to move large amounts of data online between on-premises storage and Amazon S3, Amazon Elastic File System (Amazon EFS), or Amazon FSx for Windows File Server. Manual tasks related to data transfers can slow down migrations and burden IT operations.

Question 51

What is initialization / pre warming and when to use it?

Answer 51

Reading all the blocks before the volume goes into production.

After restoring a volume from a S3 snapshot

Question 52

EBS: What changes can be done while a volume is attached?

Answer 52

Increase size (volume file size needs to be etended on the server)
change volume type
increase IOPS (for io1 volumes)

Question 53

What is the maximum IOPS capability of an io1 volume?

Answer 53

64.000

Question 54

EBS: What happens to the volumes if an EC2 instance is terminated?

Answer 54

Root Device will be deleted by default - can be disabled

Other Volumes will be detached

Question 55

What is the snowball edge?

Answer 55

Physical device with 100TB of storage.
Also has a computational unit inside that can run Lambda functions when data is transferred.
Also has S3 endpoints and NFS support

Question 56

NFS: What are the options for throughput and performance mode?

Answer 56

Bursting & Provisioned

General Purpose & Max I/O (used when 100s of instances are connected)

Question 57

Which AWS service allows your on-premises systems to access your files in S3 over NFS or SMB using a virtual appliance installed in your data center?

Answer 57

File Gateway

Question 58

S3: What are the three reasons for CRR?

Answer 58

Compliance (must be stored in multiple locations)
Latency
Disaster Recovery

Question 59

What is the scope of EFS?

Answer 59

Across multiple AZs within a region

Question 60

What are the security group settings for EFS?

Answer 60

Allow traffic from TCP Port 2049 from the security groups of the EC2 instances

Question 61

EBS: What is a Lifecycle Policy?

Answer 61

Data Lifecycle Manager enables you to automate the creation, retention, copy and deletion of EBS snapshots and EBS-backed AMIs. It also enables you to automate cross-account snapshot copy actions for snapshots that are shared with you, based on Amazon CloudWatch events.

To decide which Volumes are used you look for specific tags.

Question 62

S3: Can you encrypt metadata?

Answer 62

No.

Question 63

What is the difference in terms of backup/updating between block - and object storage?

Answer 63

In Object storage there is no concept of updating the delta, is always replaces the whole file

Question 64

What is the packet size limitation of HDD / SSD?

Answer 64

SSD: 256KB
HDD: 1MB

Question 65

What can be done to raise the max. IOPS?

Answer 65

Have more volumes in Raid0

Question 66

How are EBS Snapshots stored?

Answer 66

They are stored in S3, but not as object visible to the user.
Since they are not “real” objects it is possible to store only the changed delta data and therefore reducing the storage capacity needed

Question 67

Do you need to stop an instance to create a snapshot?

Answer 67

Boot volumes yes, additional volumes no.

But it makes sense to hold writes to get the best results.

Question 68

What are the advantages of instance storage?

Answer 68

SInce it lives on the same hardware it is included in the hourly costs and there cannot be network issues

Question 69

What are the size limits of Glacier?

Answer 69

1byte to 40TB

Question 70

What is the Vault Lock?

Answer 70

Files cannot be deleted for a duration of time, even if the company does not exist anymore

Question 71

Which command would you use to mount an EBS volume?

Answer 71

aws ec2 attach-volume –volume-id –instance-id

–device /dev/

Question 72

What is the

maximum allowed length of an S3 bucket name and are underscores allowed?

Answer 72

63 characters

no

Question 73

Which S3 storage class offers 99.99% availability?

Answer 73

S3 Standard

Question 74

Which S3 storage class offers 99.9% availability?

Answer 74

S3 Standard-IA

Question 75

Which S3 storage class offers 99.5% availability?

Answer 75

S3 One Zone-IA

Question 76

You currently have snapshots of your EBS volumes going to S3. You need to access the
snapshots. How would you access them?

Answer 76

Amazon EC2 API

Question 77

S3: What tool can be used to analyse S3 access permissions?

Answer 77

Access Analyzer for S3.

Question 78

S3; What are the expected retrieval times for Deep Archive Standard and Bulk?

Answer 78

Standard: 12h
Bulk: 24h

Question 79

CloudFront: What is origin redundancy?

Answer 79

A different origin in case of 400/500 errors from the origin

Question 80

CloudFront: How long is a file cached by default?

Answer 80

24h

Question 81

CloudFront: What is the single-file limit?

Answer 81

20GB

Question 82

You need to continually move large amounts of data from your on-premises datacenter to
AWS. What is the best way to accommodate large ongoing file transfers?

Answer 82

Transfer over AWS Direct Connec

Question 83

How does AWS Snowball guarantee that your AWS Snowball device has not been
tampered with before its arrival at an AWS datacenter?

Answer 83

Tamper-resistant enclosure

TPM chip

Question 84

You need to remove a large amount of data from Amazon S3 and bring it back to your
on-premises datacenter. The data is approximately 75 TB. What is the best method to
transfer the data back to your on-premises datacenter?

Answer 84

AWS Snowball

Question 85

What needs to be done in order to export Glacier Deep Archive data to a Snowball?

Answer 85

Restore the data from Amazon S3 Glacier and then create the export request.

Question 86

Which command is used to enable lifecycle management for Amazon EFS via the
AWS CLI?

Answer 86

aws efs put-lifecycle-configuration

Question 87

You need to protect the data that is stored in your Amazon EFS implementation. Which
of the following are methods that will allow you to safeguard the Amazon EFS data?

Answer 87

AWS Backup Service

EFS-to-EFS backup solution

Question 88

You have chosen to delete the CMK you were using for your Amazon EFS deployment.
How can you immediately delete the CMK?

Answer 88

The deletion of a CMK is irreversible so you can’t do it immediately; you have to
schedule the deletion. You can schedule it for anywhere from 7–30 days. If you must get
rid of it more immediately, you can revoke or disable the key.

Question 89

How can you reduce costs for using Amazon EFS across multiple availability zones?

Answer 89

When you create mount points for Amazon EFS, it is recommended to create them
in each availability zone as this will reduce the amount of cross-availability zone access,
which incurs additional cos

Question 90

What is the size difference between a Snowball and a Snowball Edge?

Answer 90

SB: 80TB
Edge: 100TB

Question 91

S3: Which of the following S3 operations costs nothing?

Answer 91

A. DELETE
B. LIST
C. GET

Question 92

Which can / cannot be a CloudFront origin?

Answer 92

Yes: A public S3 bucket, elastic load balancer, public web server
No: A Lambda function

Question 93

Which protocol does EFS use?

Answer 93

NFS

Question 94

On which type of gateway does AWS Storage Gateway allow you to use iSCSI?

Answer 94

Volume Gateway

Question 95

What is required to enable MFA Delete?

Answer 95

A bucket policy

Question 96

An SSE-C encrypted object named file.txt exists in an S3 bucket on which versioning is
enabled. What will happen if you try to delete this object?

Answer 96

Because versioning is enabled, S3 will only create a delete marker. There’s no need to
specify the encryption key to delete an object version.