Storage and Data Managment

Question 1

What should you use to protect your S3 data from accidental deletion and to provide an easy way to revert to a previous version of a file?

Answer 1

MFA delete and versioning

Question 2

What protection does MFA delete provide to S3?

Answer 2

It protects against accidental deletion and suspension of versioning

Question 3

You need to ensure S3 data is encrypted in transit. How do you do this?

Answer 3

SSL and TLS is required by default

Question 4

You need to to encrypt your S3 data and do not want to manage encryption keys. The keys should be changed frequently. What AWS service will you use?

Answer 4

S3 managed keys

Question 5

You need to to encrypt your S3 data and do not want to manage encryption keys. Also ensure the key used is encrypted and provide an audit trail to see when the key is used. What AWS service will you use?

Answer 5

AWS Key mgmt service, Managed Keys

Question 6

What is included in the PUT request header if the file is required to be encrypted at upload time?

Answer 6

x-amz-server-side-encryption :AES256 or :ams:kms

Question 7

How do you ensure S3 put requests are encrypted?

Answer 7

Use a bucket policy that denies any S3 PUT that does not include x-amz-server-side-encryption

Question 8

What is the default setting for root volume EBS retention?

Answer 8

Delete on termination

Question 9

An instance is created. After creation you realize you did not change the default for the instance store root volume retention to ensure the volume is not deleted on instance termination. How can this be changed?

Answer 9

You can’t . This can only be set when the instance is created

Question 10

An instance is created. After creation you realize you did not change the default for EBS root volume retention to ensure the volume is not deleted on instance termination. How can this be changed?

Answer 10

You can’t instance store will always be deleted on termination. They cannot be retained

Question 11

An instance is created. You have and EBS root volume and an additional EBS volume. You terminate the instance. What happens to the EBS volumes?

Answer 11

The root volume is deleted unless the default was changed. The additional volume will always be retained

Question 12

Can you encrypt an existing EFS filesystem?

Answer 12

No. It can only have encryption set at creation

Question 13

Can you encrypt an existing RDS database?

Answer 13

No. It can only have encryption set at creation

Question 14

You have an RDS DB that need to be encrypted. How do you do this?

Answer 14

Create a new RDS DB that is encrypted and migrate

Question 15

How do you migrate an existing EBS volume that you would like to encrypt?

Answer 15

Create a snapshot
copy the snapshot and apply encryption
Restore encrypted snapshot to a new encrypted volume

Question 16

At what point do you enable encryption on S3?

Answer 16

Anytime

Question 17

What is cloudHSM

Answer 17

harware security modules that protect keys

Question 18

What is cloudHSM

Answer 18

hardware security modules that protect keys

Question 19

You need a key mgmt solution to encrypt AWS data. multi-tenancy is not an issue

Answer 19

KMS

Question 20

You need a key mgmt solution to encrypt AWS data.

It cannot share hardware with other tenants and much use FIPS 140-2. Level 3 compliance and use asymetric.

Answer 20

CloudHSM

Question 21

What defines an AMI

Answer 21

template for root volume, OS and applications
Launch permissions
Block device mapping

Question 22

How do you use your AMI in multi regions?

Answer 22

You need to copy to the region where you require it

Question 23

What must you ensure is done to copy an AMI to another account?

Answer 23

Grant permission to the storage that backs the AMI

Question 24

Can you copy an encrypted AMI shared by another account?

Answer 24

No

Question 25

You want to copy an encrypted AMI that was shared with you. What do you do?

Answer 25

Copy the snapshot and re-encrypt

the sharing account must also share the underlying snapshot and encryption key used

Question 26

Can you copy an AMI that has an associated monthly billing?

Answer 26

No

Question 27

When should you use snowball edge?

Answer 27

When you need to move more that 100 TB and need to cluster snowballs together
Need Lambda functions and S3 compatibility

Question 28

Describe File gateway

Answer 28

NFS/SMB
network storage
Object storage
S3 backed

Question 29

Describe Volume gateway

Answer 29

iSCSI
Stored - all data stored locally and backed up to AWS
Cached - Data stored in S3 and frequently accessed data is stored locally

Question 30

What service can be used to query S3 data using standard SQL?

Answer 30

Athena

Question 31

You need to generate a business report on S3 data and analyze usage costs. What service can fulfill this?

Answer 31

Athena

Question 32

In addition to choosing the correct EBS volume type for your specific task, what else can be done to increase the performance of your volume? (Choose 3)

Answer 32

Ensure that your EC2 instances are types that can be optimized for use with EBS

Stripe volumes together in a RAID 0 configuration.

Schedule snapshots of HDD based volumes for periods of low use