Storage - S3, EBS, EFS, Cloudfront, Storage GW, Snowball, ++

Question 1

-Use if you need more than 10,000 IOPS -Can provision up to 20,000 IOPS per volume

1. General purpose SSD
2. Provisioned IOPS
3. Throughput optimized HDD (ST1)
4. Cold HDD (SC1)
5. Magnetic Standard - Legacy

Answer 1

2. Provisioned IOPS

Question 2

Designed for IO intensive apps such as large relational or NoSQL databases a) General purpose SSD b) Provisioned IOPS c) Throughput optimized HDD (ST1) d) Cold HDD (SC1) e)Magnetic Standard - Legacy

Answer 2

b) Provisioned IOPS

Question 3

T or F If a spot instance is terminated by EC2, you will not be charged for a partial hour of usage. However, if you terminate the instance yourself, you will be charged for the complete hour in which the instance ran.

Answer 3

True

Question 4

_____ allows you to create storage volumes and attach them to EC2 instances

Answer 4

EBS - elastic block storage

Question 5

once attached, you can create a filesystem on top of these volumes, run a database, or use them in any other way you would use a block device.

Answer 5

EBS volumes

Question 6

____ volumes are placed in a specific availability zone, where they are auto replicated to protect you from the failure of a single component.

Answer 6

EBS volumes

Question 7

EBS volumes types

Answer 7

-General purpose SSD -Provisioned IOPS -Throughput optimized HDD (ST1) -Cold HDD (SC1) -Magnetic Standard - Legacy

Question 8

ratio of 3 IOPS per GB with up to 10,000 IOPS and the ability to burst up to 3,000 IOPS for extended period of time for volumes at 3334 GB and above. a) General purpose SSD b) Provisioned IOPS c) Throughput optimized HDD (ST1) d) Cold HDD (SC1) e)Magnetic Standard - Legacy

Answer 8

a) General purpose SSD

Question 9

Lowest cost per GB of all EBS volume types that is bootable. Ideal for workloads where data is accessed infrequently and applications where the lowest storage cost is important. a) General purpose SSD b) Provisioned IOPS c) Throughput optimized HDD (ST1) d) Cold HDD (SC1) e)Magnetic Standard - Legacy

Answer 9

e) Magnetic Storage

Question 10

-Big data -data warehouses -log processing -can’t be boot volume a) General purpose SSD b) Provisioned IOPS c) Throughput optimized HDD (ST1) d) Cold HDD (SC1) e)Magnetic Standard - Legacy

Answer 10

c) Throughput optimized HDD (ST1)

Question 11

• Lowest cost storage for infrequently accessed workloads
• file server
• can’t be boot volume
  a) General purpose SSD
  b) Provisioned IOPS
  c) Throughput optimized HDD (ST1)
  d) Cold HDD (SC1)
  e) Magnetic Standard - Legacy

Answer 11

d) Cold HDD (SC1)

Question 12

Types of compliance in AWS

Answer 12

• Service Organization Controls (SOC) 1/International Standard on Assurance Engagements (ISAE) 3402, SOC 2, and SOC 3
• Federal Information Security Management Act (FISMA), Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), and Federal Risk and Authorization Management Program (FedRAMP)
• Payment Card Industry Data Security Standard (PCI DSS) Level 1
• International Organization for Standardization (ISO) 9001, ISO 27001, and ISO 27018

Question 13

What languages does Elastic Beanstalk support?

Answer 13

PHP, Java, Python, Ruby, Node.js, .NET, and Go.

Question 14

Name some EBS facts

Answer 14

• persistent block-level storage volumes
• each volume is automatically replicated within its Availability Zone
• low-latency performance

Question 15

How does storage gateway work?

Answer 15

It provides low-latency performance by maintaining a cache of frequently accessed data on-premises while securely storing all of your data encrypted in Amazon S3 or Amazon Glacier.

Question 16

Why use Dynamo DB?

Answer 16

fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. great fit for mobile, web, gaming, ad-tech, Internet of Things, and many other applications.

Question 17

What is CloudTrail

Answer 17

web service that records AWS API calls for an account and delivers log files for audit and review.

Question 18

Common use cases for S3

Answer 18

Backup and archive for on-premises or cloud data Content, media, and software storage and distribution Big data analytics Static website hosting Cloud-native mobile and Internet application hosting Disaster recovery

Question 19

S3 storage classes

Answer 19

general purpose, infrequent access, and archive.

Question 20

How does block storage operate?

Answer 20

Block storage operates at a lower level—the raw storage device level—and manages data as a set of numbered, fixed-size blocks.

Question 21

How does file storage operate?

Answer 21

File storage operates at a higher level—the operating system level—and manages data as a named hierarchy of files and folders.

Question 22

What protocols do block storage use? SAN - Storage Area Network

Answer 22

iSCSI or Fiber Channel

Question 23

What protocols does file storage use? NAS - Network Attached Storage

Answer 23

Common Internet File System (CIFS) Network File System (NFS)

Question 24

What protocol does S3 use?

Answer 24

Application Program Interface (API) built on standard HTTP verbs

Question 25

An S3 ______ contains both data and metadata

Answer 25

object

Question 26

Objects reside in containers called ______

Answer 26

buckets

Question 27

How are S3 objects identified?

Answer 27

unique user-specified keys (filename)

Question 28

Amazon S3 objects are automatically replicated on multiple devices in multiple facilities within a region. T or F?

Answer 28

True

Question 29

Amazon S3 automatically partitions buckets to support very high request rates and simultaneous access by many clients. T or F?

Answer 29

True

Question 30

Which storage option provides network-attached shared file storage (NAS storage) using the NFS v4 protocol.

Answer 30

Amazon Elastic File System (AWS EFS)

Question 31

Which storage option provides block level storage for Amazon Elastic Compute Cloud (Amazon EC2) instances.

Answer 31

EBS

Question 32

Bucket names can contain:

Answer 32

63 lowercase letters, numbers, hyphens, and periods.

Question 33

How many buckets can you have per account by default?

Answer 33

100

Question 34

Best practice

Answer 34

It is a best practice to use bucket names that contain your domain name and conform to the rules for DNS names. This ensures that your bucket names are your own, can be used in all regions, and can host static websites.

Question 35

What sizes can S3 objects be?

Answer 35

0 bytes to 5TB

Question 36

How many objects can a single bucket store?

Answer 36

Unlimited

Question 37

What is included in system metadata?

Answer 37

the date last modified, object size, MD5 digest, and HTTP Content-Type.

Question 38

When can you create user metadata on an object?

Answer 38

Only at the time the object is created.

Question 39

A S3 key consists of what?

Answer 39

up to 1024 bytes of Unicode UTF-8 characters, including embedded slashes, backslashes, dots, and dashes.

Question 40

What is the URL format of S3?

Answer 40

http://mybucket.s3.amazonaws.com/jack.doc http://mybucket.s3.amazonaws.com/fee/fi/fo/fum/jack.doc

Question 41

Is there a file or folder hierarchy in S3?

Answer 41

There is no actual file and folder hierarchy. A key may contain delimiter characters like slashes or backslashes to help you name and logically organize your Amazon S3 objects, but to Amazon S3 it is simply a long key name in a flat namespace. For convenience, the Amazon S3 console and the Prefix and Delimiter feature allow you to navigate within an Amazon S3 bucket as if there were a folder hierarchy. However, remember that a bucket is a single flat namespace of keys with no structure.

Question 42

The S3 API includes:

Answer 42

Create/delete a bucket Write an object Read an object Delete an object List keys in a bucket

Question 43

What type of API does S3 use?

Answer 43

REST (Representational State Transfer) API. uses standard HTTP or HTTPS requests to create and delete buckets, list keys, and read and write objects.

Question 44

How does REST work in S3?

Answer 44

REST maps standard HTTP “verbs” (HTTP methods) to the familiar CRUD (Create, Read, Update, Delete) operations. Create is HTTP PUT (and sometimes POST); read is HTTP GET; delete is HTTP DELETE; and update is HTTP POST (or sometimes PUT).

Question 45

Best practice

Answer 45

Always use HTTPS for Amazon S3 API requests to ensure that your requests and data are secure.

Question 46

What are some of the high level interfaces people use to interact with S3 instead of the REST interface itself?

Answer 46

These include the AWS Software Development Kits (SDKs) (wrapper libraries) for iOS, Android, JavaScript, Java, .NET, Node.js, PHP, Python, Ruby, Go, and C++, the AWS Command Line Interface (CLI), and the AWS Management Console.

Question 47

What does durability mean according to AWS?

Answer 47

Durability addresses the question, “Will my data still be there in the future?”

Question 48

What does availability mean according to AWS?

Answer 48

Availability addresses the question, “Can I access my data right now?”

Question 49

how many 9s are Amazon’s S3 storage DURABILITY of objects over a given year designed for?

Answer 49

99.9999999999% - 11 total 9s Amazon S3 achieves high durability by automatically storing data redundantly on multiple devices in multiple facilities within a region. It is designed to sustain the concurrent loss of data in two facilities without loss of user data. Amazon S3 provides a highly durable storage infrastructure designed for mission-critical and primary data storage.

Question 50

how many 9s are Amazon’s S3 storage AVAILABILITY of objects over a given year designed for?

Answer 50

99.99% - 4 total 9s

Question 51

If high durability is not required, what is the best storage to use?

Answer 51

RRS - Reduced Redundancy Storage

Question 52

What durability does RRS offer?

Answer 52

99.99% with a lower cost of storage

Question 53

Best Practice

Answer 53

Even though Amazon S3 storage offers very high durability at the infrastructure level, it is still a best practice to protect against user-level accidental deletion or overwriting of data by using additional features such as versioning, cross-region replication, and MFA Delete.

Question 54

Why is S3 considered an eventually consistent system?

Answer 54

your data is automatically replicated across multiple servers and locations within a region, changes in your data may take some time to propagate to all locations. As a result, there are some situations where information that you read immediately after an update may return stale data.

Question 55

What is meant by an eventually consistent system?

Answer 55

Eventual consistency means that if you PUT new data to an existing key, a subsequent GET might return the old data. Similarly, if you DELETE an object, a subsequent GET for that object might still read the deleted object. In all cases, updates to a single key are atomic—for eventually-consistent reads, you will get the new data or the old data, but never an inconsistent mix of data.

Question 56

For PUTs to new objects….

Answer 56

Amazon S3 provides read-after-write consistency.

Question 57

for PUTs to existing objects (object overwrite to an existing key) and for object DELETEs…

Answer 57

Amazon S3 provides eventual consistency.

Question 58

Types of controls put on S3

Answer 58

coarse-grained access controls (Amazon S3 Access Control Lists [ACLs]), and fine-grained access controls (Amazon S3 bucket policies, AWS Identity and Access Management [IAM] policies, and query-string authentication).

Question 59

S3 ACLs allow you to grant:

Answer 59

READ, WRITE, or FULL-CONTROL at the object or bucket level. ACLs are a legacy access control mechanism, created before IAM existed. ACLs are best used today for a limited set of use cases, such as enabling bucket logging or making a bucket that hosts a static website be world-readable.

Question 60

Differences between IAM policies and S3 policies:

Answer 60

S3: They are associated with the bucket resource instead of an IAM principal. They include an explicit reference to the IAM principal in the policy. This principal can be associated with a different AWS account, so Amazon S3 bucket policies allow you to assign cross-account access to Amazon S3 resources.

Question 61

What does a policy in effect do in s3?

Answer 61

you can specify who can access the bucket, from where (by Classless Inter-Domain Routing [CIDR] block or IP address), and during what time of day.

Question 62

Can IAM policies be associated directly with IAM principals?

Answer 62

yes

Question 63

What does a prefix and delimiter parameters do for S3?

Answer 63

lets you organize, browse, and retrieve the objects within a bucket hierarchically. Typically, you would use a slash (/) or backslash () as a delimiter and then use key names with embedded delimiters to emulate a file and folder hierarchy within the flat object key namespace of a bucket.

Question 64

What are the S3 storage classes?

Answer 64

Standard Intelligent-Tiering (S3 Intelligent-Tiering) Standard – Infrequent Access (Standard-IA) One Zone-Infrequent Access (S3 One Zone-IA) Reduced Redundancy Storage (RRS) Amazon Glacier Glacier Deep Archive (S3 Glacier Deep Archive)

Question 65

Amazon S3 Standard (S3 Standard)

Answer 65

S3 Standard offers high durability, availability, and performance object storage for frequently accessed data. Because it delivers low latency and high throughput, S3 Standard is appropriate for a wide variety of use cases, including cloud applications, dynamic websites, content distribution, mobile and gaming applications, and big data analytics. S3 Storage Classes can be configured at the object level and a single bucket can contain objects stored across S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, and S3 One Zone-IA. You can also use S3 Lifecycle policies to automatically transition objects between storage classes without any application changes.

Question 66

Amazon S3 Standard (S3 Standard) Key features

Answer 66

Low latency and high throughput performance Designed for durability of 99.999999999% of objects across multiple Availability Zones Resilient against events that impact an entire Availability Zone Designed for 99.99% availability over a given year Backed with the Amazon S3 Service Level Agreement for availability Supports SSL for data in transit and encryption of data at rest S3 Lifecycle management for automatic migration of objects to other S3 Storage Classes

Question 67

Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering)

Answer 67

The S3 Intelligent-Tiering storage class is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. It works by storing objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, Amazon S3 monitors access patterns of the objects in S3 Intelligent-Tiering, and moves the ones that have not been accessed for 30 consecutive days to the infrequent access tier. If an object in the infrequent access tier is accessed, it is automatically moved back to the frequent access tier. There are no retrieval fees when using the S3 Intelligent-Tiering storage class, and no additional tiering fees when objects are moved between access tiers. It is the ideal storage class for long-lived data with access patterns that are unknown or unpredictable. S3 Storage Classes can be configured at the object level and a single bucket can contain objects stored in S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, and S3 One Zone-IA. You can upload objects directly to S3 Intelligent-Tiering, or use S3 Lifecycle policies to transfer objects from S3 Standard and S3 Standard-IA to S3 Intelligent-Tiering. You can also archive objects from S3 Intelligent-Tiering to S3 Glacier.

Question 68

Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering) Key features:

Answer 68

Same low latency and high throughput performance of S3 Standard Small monthly monitoring and auto-tiering fee Automatically moves objects between two access tiers based on changing access patterns Designed for durability of 99.999999999% of objects across multiple Availability Zones Resilient against events that impact an entire Availability Zone Designed for 99.9% availability over a given year Backed with the Amazon S3 Service Level Agreement for availability Supports SSL for data in transit and encryption of data at rest S3 Lifecycle management for automatic migration of objects to other S3 Storage Classes

Question 69

Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

Answer 69

S3 Standard-IA is for data that is accessed less frequently, but requires rapid access when needed. S3 Standard-IA offers the high durability, high throughput, and low latency of S3 Standard, with a low per GB storage price and per GB retrieval fee. This combination of low cost and high performance make S3 Standard-IA ideal for long-term storage, backups, and as a data store for disaster recovery files. S3 Storage Classes can be configured at the object level and a single bucket can contain objects stored across S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, and S3 One Zone-IA. You can also use S3 Lifecycle policies to automatically transition objects between storage classes without any application changes.

Question 70

Amazon S3 Standard-Infrequent Access (S3 Standard-IA) Key features:

Answer 70

Same low latency and high throughput performance of S3 Standard Designed for durability of 99.999999999% of objects across multiple Availability Zones Resilient against events that impact an entire Availability Zone Data is resilient in the event of one entire Availability Zone destruction Designed for 99.9% availability over a given year Backed with the Amazon S3 Service Level Agreement for availability Supports SSL for data in transit and encryption of data at rest S3 Lifecycle management for automatic migration of objects to other S3 Storage Classes

Question 71

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer 71

S3 One Zone-IA is for data that is accessed less frequently, but requires rapid access when needed. Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA. S3 One Zone-IA is ideal for customers who want a lower-cost option for infrequently accessed data but do not require the availability and resilience of S3 Standard or S3 Standard-IA. It’s a good choice for storing secondary backup copies of on-premises data or easily re-creatable data. You can also use it as cost-effective storage for data that is replicated from another AWS Region using S3 Cross-Region Replication. S3 One Zone-IA offers the same high durability†, high throughput, and low latency of S3 Standard, with a low per GB storage price and per GB retrieval fee. S3 Storage Classes can be configured at the object level, and a single bucket can contain objects stored across S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, and S3 One Zone-IA. You can also use S3 Lifecycle policies to automatically transition objects between storage classes without any application changes.

Question 72

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) Key Features:

Answer 72

Same low latency and high throughput performance of S3 Standard Designed for durability of 99.999999999% of objects in a single Availability Zone† Designed for 99.5% availability over a given year Backed with the Amazon S3 Service Level Agreement for availability Supports SSL for data in transit and encryption of data at rest S3 Lifecycle management for automatic migration of objects to other S3 Storage Classes

Question 73

Amazon S3 Glacier (S3 Glacier)

Answer 73

S3 Glacier is a secure, durable, and low-cost storage class for data archiving. You can reliably store any amount of data at costs that are competitive with or cheaper than on-premises solutions. To keep costs low yet suitable for varying needs, S3 Glacier provides three retrieval options that range from a few minutes to hours. You can upload objects directly to S3 Glacier, or use S3 Lifecycle policies to transfer data between any of the S3 Storage Classes for active data (S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, and S3 One Zone-IA) and S3 Glacier.

Question 74

Amazon S3 Glacier (S3 Glacier) Key Features:

Answer 74

Designed for durability of 99.999999999% of objects across multiple Availability Zones Data is resilient in the event of one entire Availability Zone destruction Supports SSL for data in transit and encryption of data at rest Low-cost design is ideal for long-term archive Configurable retrieval times, from minutes to hours S3 PUT API for direct uploads to S3 Glacier, and S3 Lifecycle management for automatic migration of objects

Question 75

Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive)

Answer 75

S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class and supports long-term retention and digital preservation for data that won’t be regularly accessed. It is designed for customers — particularly those in highly-regulated industries, such as the Financial Services, Healthcare, and Public Sectors — that retain data sets for 7-10 years or longer to meet regulatory compliance requirements. S3 Glacier Deep Archive can also be used for backup and disaster recovery use cases, and is a cost-effective and easy-to-manage alternative to magnetic tape systems, whether they are on-premises libraries or off-premises services. S3 Glacier Deep Archive complements Amazon S3 Glacier, which is ideal for more active archives where data is regularly retrieved and needed in minutes. All objects stored in S3 Glacier Deep Archive are replicated and stored across at least three geographically-dispersed Availability Zones, protected by 99.999999999% of durability, and can be restored within 12 hours.

Question 76

Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive) Key features:

Answer 76

Designed for durability of 99.999999999% of objects across multiple Availability Zones Lowest cost storage class designed for long-term retention of data that will be retained for 7-10 years Ideal alternative to magnetic tape libraries Retrieval time within 12 hours S3 Lifecycle management for automatic migration of objects

Question 77

performance across S3 storage class

Answer 77

Question 79

Bucket lifecycle

Answer 79

Store backup data initially in Amazon S3 Standard.After 30 days, transition to Amazon Standard-IA.After 90 days, transition to Amazon Glacier.After 3 years, delete.

Question 80

How do you encrypt S3 data in transit?

Answer 80

Amazon S3 Secure Sockets Layer (SSL) API endpoints. This ensures that all data sent to and from Amazon S3 is encrypted while in transit using the HTTPS protocol.

Question 81

How do you encrypt data at rest in S3?

Answer 81

Server-Side Encryption (SSE).

All SSE performed by Amazon S3 and AWS Key Management Service (Amazon KMS) uses the 256-bit Advanced Encryption Standard (AES).

Question 82

SSE-S3 (AWS-Managed Keys)

Answer 82

This is a fully integrated “check-box-style” encryption solution where AWS handles the key management and key protection for Amazon S3. Every object is encrypted with a unique key. The actual object key itself is then further encrypted by a separate master key. A new master key is issued at least monthly, with AWS rotating the keys. Encrypted data, encryption keys, and master keys are all stored separately on secure hosts, further enhancing protection.

Question 83

SSE-KMS (AWS KMS Keys)

Answer 83

This is a fully integrated solution where Amazon handles your key management and protection for Amazon S3, but where you manage the keys. SSE-KMS offers several additional benefits compared to SSE-S3. Using SSE-KMS, there are separate permissions for using the master key, which provide protection against unauthorized access to your objects stored in Amazon S3 and an additional layer of control. AWS KMS also provides auditing, so you can see who used your key to access which object and when they tried to access this object. AWS KMS also allows you to view any failed attempts to access data from users who did not have permission to decrypt the data.

Question 84

SSE-C (Customer-Provided Keys)

Answer 84

This is used when you want to maintain your own encryption keys but don’t want to manage or implement your own client-side encryption library. With SSE-C, AWS will do the encryption/decryption of your objects while you maintain full control of the keys used to encrypt/decrypt the objects in Amazon S3.

Question 85

Client-Side Encryption

Answer 85

Client-side encryption refers to encrypting data on the client side of your application before sending it to Amazon S3.

You have the following two options for using data encryption keys:

:Use an AWS KMS-managed customer master key.

Use a client-side master key.

Question 86

Best Practice

Answer 86

For maximum simplicity and ease of use, use server-side encryption with AWS-managed keys (SSE-S3 or SSE-KMS).

Question 87

Versioning

Answer 87

Amazon S3 versioning helps protects your data against accidental or malicious deletion by keeping multiple versions of each object in the bucket, identified by a unique version ID. Versioning allows you to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. If a user makes an accidental change or even maliciously deletes an object in your S3 bucket, you can restore the object to its original state simply by referencing the version ID in addition to the bucket and object key. Versioning is turned on at the bucket level. Once enabled, versioning cannot be removed from a bucket; it can only be suspended

Question 88

MFA Delete

Answer 88

MFA Delete adds another layer of data protection on top of bucket versioning. MFA Delete requires additional authentication in order to permanently delete an object version or change the versioning state of a bucket. In addition to your normal security credentials, MFA Delete requires an authentication code (a temporary, one-time password) generated by a hardware or virtual Multi-Factor Authentication (MFA) device. Note that MFA Delete can only be enabled by the root account.

Question 89

Pre-Signed URLs

Answer 89

All Amazon S3 objects by default are private, meaning that only the owner has access. However, the object owner can optionally share objects with others by creating a pre-signed URL, using their own security credentials to grant time-limited permission to download the objects. When you create a pre-signed URL for your object, you must provide your security credentials and specify a bucket name, an object key, the HTTP method (GET to download the object), and an expiration date and time. The pre-signed URLs are valid only for the specified duration. This is particularly useful to protect against “content scraping” of web content such as media files stored in Amazon S3.

Question 90

Multipart Upload

Answer 90

better support uploading or copying of large objects

through parallel transfers

the ability to pause and resume, and the ability to upload objects where the size is initially unknown.

Multipart upload is a three-step process: initiation, uploading the parts, and completion (or abort).

Parts can be uploaded independently in arbitrary order, with retransmission if needed. After all of the parts are uploaded, Amazon S3 assembles the parts in order to create an object.

you should use multipart upload for objects larger than 100 Mbytes, and you must use multipart upload for objects larger than 5GB.

s. When using the high-level APIs and the high-level Amazon S3 commands in the AWS CLI (aws s3 cp, aws s3 mv, and aws s3 sync), multipart upload is automatically performed for large objects.

Question 91

best Practice

Answer 91

You can set an object lifecycle policy on a bucket to abort incomplete multipart uploads after a specified number of days. This will minimize the storage costs associated with multipart uploads that were not completed.

Question 92

Range Gets

Answer 92

It is possible to download (GET) only a portion of an object in both Amazon S3 and Amazon Glacier by using something called a Range GET. Using the Range HTTP header in the GET request or equivalent parameters in one of the SDK wrapper libraries, you specify a range of bytes of the object. This can be useful in dealing with large objects when you have poor connectivity or to download only a known portion of a large Amazon Glacier backup

Question 93

Cross-Region Replication

Answer 93

Cross-region replication is a feature of Amazon S3 that allows you to asynchronously replicate all new objects in the source bucket in one AWS region to a target bucket in another region. Any metadata and ACLs associated with the object are also part of the replication. After you set up cross-region replication on your source bucket, any changes to the data, metadata, or ACLs on an object trigger a new replication to the destination bucket. To enable cross-region replication, versioning must be turned on for both source and destination buckets, and you must use an IAM policy to give Amazon S3 permission to replicate objects on your behalf.

used to reduce the latency required to access objects in Amazon S3 by placing objects closer to a set of users or to meet requirements to store backup data at a certain distance from the original source data.

Question 94

Best Practice

Answer 94

If turned on in an existing bucket, cross-region replication will only replicate new objects. Existing objects will not be replicated and must be copied to the new bucket via a separate command.

Question 95

Logging

Answer 95

In order to track requests to your Amazon S3 bucket, you can enable Amazon S3 server access logs. Logging is off by default, but it can easily be enabled. When you enable logging for a bucket (the source bucket), you must choose where the logs will be stored (the target bucket). You can store access logs in the same bucket or in a different bucket. Either way, it is optional (but a best practice) to specify a prefix, such as logs/ or yourbucketname/logs/, so that you can more easily identify your logs.

Question 96

Logs include this information:

Answer 96

• Requestor account and IP address
• Bucket name
• Request time
• Action (GET, PUT, LIST, and so forth)
• Response status or error code

Question 97

Event Notifications

Answer 97

sent in response to actions taken on objects uploaded or stored in Amazon S3. Event notifications enable you to run workflows, send alerts, or perform other actions in response to changes in your objects stored in Amazon S3. You can use Amazon S3 event notifications to set up triggers to perform actions, such as transcoding media files when they are uploaded, processing data files when they become available, and synchronizing Amazon S3 objects with other data stores.

Question 98

Event notifications 2

Answer 98

Amazon S3 event notifications are set up at the bucket level, and you can configure them through the Amazon S3 console, through the REST API, or by using an AWS SDK. Amazon S3 can publish notifications when new objects are created (by a PUT, POST, COPY, or multipart upload completion), when objects are removed (by a DELETE), or when Amazon S3 detects that an RRS object was lost. You can also set up event notifications based on object name prefixes and suffixes. Notification messages can be sent through either Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon SQS) or delivered directly to AWS Lambda to invoke AWS Lambda functions.

Question 99

Best Practice

Answer 99

If you are using Amazon S3 in a GET-intensive mode, such as a static website hosting, for best performance you should consider using an Amazon CloudFront distribution as a caching layer in front of your Amazon S3 bucket.

Question 100

Glacier Archives

Answer 100

In Amazon Glacier, data is stored in archives. An archive can contain up to 40TB of data, and you can have an unlimited number of archives. Each archive is assigned a unique archive ID at the time of creation. (Unlike an Amazon S3 object key, you cannot specify a user-friendly archive name.) All archives are automatically encrypted, and archives are immutable—after an archive is created, it cannot be modified.

Question 101

Glacier Vaults

Answer 101

Vaults are containers for archives. Each AWS account can have up to 1,000 vaults. You can control access to your vaults and the actions allowed using IAM policies or vault access policies.

Question 102

Vaults Locks

Answer 102

You can easily deploy and enforce compliance controls for individual Amazon Glacier vaults with a vault lock policy. You can specify controls such as Write Once Read Many (WORM) in a vault lock policy and lock the policy from future edits. Once locked, the policy can no longer be changed.

Question 103

Glacier data retrieval

Answer 103

You can retrieve up to 5% of your data stored in Amazon Glacier for free each month, calculated on a daily prorated basis. If you retrieve more than 5%, you will incur retrieval fees based on your maximum retrieval rate. To eliminate or minimize those fees, you can set a data retrieval policy on a vault to limit your retrievals to the free tier or to a specified data rate.

Question 104

Amazon Glacier versus Amazon Simple Storage Service (Amazon S3)

Answer 104

Amazon Glacier is similar to Amazon S3, but it differs in several key aspects. Amazon Glacier supports 40TB archives versus 5TB objects in Amazon S3. Archives in Amazon Glacier are identified by system-generated archive IDs, while Amazon S3 lets you use “friendly” key names. Amazon Glacier archives are automatically encrypted, while encryption at rest is optional in Amazon S3. However, by using Amazon Glacier as an Amazon S3 storage class together with object lifecycle policies, you can use the Amazon S3 interface to get most of the benefits of Amazon Glacier without learning a new interface.

Question 105

____ provides developers and IT teams with secure, durable, and highly-scalable object storage.

Answer 105

S3

Question 106

____ is easy to use with a simple web services interface to store and retrieve any amount of data from anywhere on the web.

Answer 106

S3

Question 107

This object based storage is a safe place to store your files. This is because data is spread across multiple devices and facilities.

Answer 107

S3

Question 108

S3 can be from ____ bytes to ____ TB

Answer 108

0 to 5

Question 109

How much storage do you get with S3?

1. 5TB
2. 10TB
3. 100TB
4. unlimited

Answer 109

Unlimited

Question 110

S3 files are stored in _______

Answer 110

buckets

Question 111

S3 is a universal namespace. What is meant by this?

Answer 111

Names must be unique globally per bucket

Question 112

When you upload a file to S3, you will receive a _______ code if the upload was successful

1. HTTP 200 code
2. HTTP 300 code
3. HTTP 400 code
4. HTTp 500 code

Answer 112

HTTP 200 code

Question 113

Read after write consistency for _____ of new objects

1. Gets
2. Puts
3. Deletes

Answer 113

Puts

Question 114

S3’s data consistency model includes eventual consistency for overwrite ____ and _____ (can take time to propogate).

1. Puts and Gets
2. Puts and Deletes
3. Gets and Deletes
4. Post and Gets

Answer 114

Puts and Deletes

Question 115

T or F

S3 is a simple key value store

Answer 115

True

Question 116

S3 is object based. Objects consist of the following:

______ - The name of the object

_______ - the data, made of sequence of bytes

Answer 116

key : value

Question 117

______ is important for versioning

Answer 117

version ID

Question 118

______ data about data

Answer 118

metadata

Question 119

_________ - bucket specific configuration: bucket policies, access control lists, cross origin resource sharing (CORS), transfer acceleration

Answer 119

subresources

Question 120

S3 is built for ______ availability for the S3 platform.

1. 9.99%
2. 99.9%
3. 99.99%
4. 99.999999999%

Answer 120

99.9%

Question 121

Amazon guarantee for S3 is ______ availability.

1. 9.99%
2. 99.9%
3. 99.99%
4. 99.999999999%

Answer 121

99.9%

Question 122

Amazon guarantees _______ durability for S3 info

1. 9.99%
2. 99.9%
3. 99.99%
4. 99.999999999%

Answer 122

99.999999999%

Question 123

Which of the following is a feature of S3?

1. Tiered storage available
2. lifecycle management
3. versioning
4. encryption

Answer 123

all of the above

Question 124

How do you secure your data in S3?

_____ and ______

Answer 124

ACL (access control lists) and bucket policies

Question 125

S3 has 99.99% availability and 99.999999999% durability, stored redundancy across multiple devices in multiple facilities, and is designed to sustain the loss of 2 facilities concurrently.

1. S3
2. S3-IA
3. S3-One Zone IA
4. Reduced Redundancy Storage
5. Glacier

Answer 125

S3

Question 126

For data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3, but you are charged a retrieval fee.

1. S3
2. S3-IA
3. S3-One Zone IA
4. Reduced Redundancy Storage
5. Glacier

Answer 126

S3-IA

Question 127

Very Cheap. Archive only. Optimized for data that is infrequently accessed and it takes 3-5 hours to restore from glacier.

1. S3
2. S3-IA
3. S3-One Zone IA
4. Reduced Redundancy Storage
5. Glacier

Answer 127

Glacier

Question 128

Same as IA, however data is stored in a single AZ only, still 99.999999999% durability, but only 99.5% availability. Cost is 20% less than regular S3-IA.

1. S3
2. S3-IA
3. S3-One Zone IA
4. Reduced Redundancy Storage
5. Glacier

Answer 128

S3 One Zone IA

Question 129

Designed to provide 99.99% durability and 99.99 availability of objects over a given year. Used for data that can be recreated if list. (ie: thumbnails). Considered legacy

1. S3
2. S3-IA
3. S3-One Zone IA
4. Reduced Redundancy Storage
5. Glacier

Answer 129

Reduced Redundancy Storage

Question 130

99.999999999% durability and 99.99% availability

1. standard S3
2. standard IA
3. one zone IA
4. Glacier
5. Reduced Redundancy

Answer 130

Standard S3

Question 131

99.99999999999% durability and 99.9% availability. retrieval fee for objects.

1. standard S3
2. standard IA
3. one zone IA
4. Glacier
5. Reduced Redundancy

Answer 131

standard IA

Question 132

99.99% durability and 99.99% availability

1. standard S3
2. standard IA
3. one zone IA
4. Glacier
5. Reduced Redundancy

Answer 132

Reduced redundancy

Question 133

99.999999999% durability and 99.95% availability. not resilient to loss of AZ.

1. standard S3
2. standard IA
3. one zone IA
4. Glacier
5. Reduced Redundancy

Answer 133

one zone IA

Question 134

99.999999999% durability and 99.99% availability (after restore). no real time access. 4-5 hours to access.

Answer 134

glacier

Question 135

Automatically moved your data to most cost-effective tier based on how frequently you access each object.

1. S3
2. S3-IA
3. s5
4. S3 intelligent tiering

Answer 135

S3 intelligent tiering

Question 136

What are the 2 tiers in S3 intelligent tiering?

_____ and _____

Answer 136

frequent and infrequent

Question 137

T or F

S3 intelligent tiering optimizes cost

Answer 137

True

Question 138

This S3 option has no fees for accessing your data, but a small monthly fee for monitoring and automation. $.025 per 1,000 objects.

1. S3-IA
2. S3-one zone
3. reduced redundancy
4. s3 intelligent tiering

Answer 138

S3 intelligent tiering

Question 139

S3 intelligent tiering has ______ durability and _____ availability

Answer 139

99.999999999% durability and 99.9% availability

Question 140

T or F

S3 intelligent tiering has unknown or infrequent access patterns

Answer 140

True

Question 141

S3 is charged for storage per _____

1. MB
2. KB
3. GB
4. TB

Answer 141

GB

Question 142

T or F

S3 is charged for API requests (Get, Put, Copy, etc.)

Answer 142

True

Question 143

Storage management pricing is handled by which?

1. inventory
2. analytics
3. object tags

Answer 143

all of the above

Question 144

T or F

You are charged for moving data out of S3.

Answer 144

true

Question 145

T or F

In S3, you are charged for transfer acceleration which uses cloudfrton to optomize transfers.

Answer 145

true

Question 146

T or F

By default, all newly created buckets are public

Answer 146

False

By default, all newly created buckets are private

Question 147

You can setup access control to your buckets using ____ and _____

Answer 147

bucket policies and access control lists.

bucket policies: applied at bucket level

access control lists: applied at object level

Question 148

T or F

S3 buckets can be configured to create access logs, which by all requests made to S3 bucket. These logs can be written to another bucket.

Answer 148

True

Question 149

T or F

S3 does encryption in transit with SSL/TLS

Answer 149

True

Question 150

Types of S3 at rest encryption:

_____ and _____

Answer 150

server side encryption

client side encryption

Question 151

SSE-S3 is ______

Answer 151

s3 managed keys

Question 152

SSE-KMS

Answer 152

aws key management service, managed keys

Question 153

SSE-C

Answer 153

server side encryption with customer provided keys.

Question 154

Every time a file is uploaded to S3, a ____ request is initiated

Answer 154

Put

Question 155

What type of request is this?

PUT/myfile HTTP/1.1

Host: mybucket.s3.amazonaws.com

Date: Wed, 25 Apr 2018 09:50:00 GMT

Authorization: authorization string

content-type: text/plain

content-length: 27364

x-amz-meta-author: Faye

expect: 100-continue

[27364 bytes of object data]

Answer 155

Put request

Question 156

where is the x-amz-server-side-encryption parameter placed?

Answer 156

in the header when a file is to be encrypted at upload time.

Question 157

What are the two options currently available for x-amz-server-side-encryption?

Answer 157

AES-256 and AWS-KMS

Question 158

When this parameter is included in the header of the PUT request, it tells S3 to encrypt the object at the time of upload, using the specified encryption method.

Answer 158

x-amz-server-side-encryption

Question 159

you can enforce the use of server side encryption by using a ____ _____ which denies any S3 PUT request which doesn’t include the x-amz-server-side encryption parameter in the request header

Answer 159

bucket policy

Question 160

A _____ is a system of distributed servers that delivers webpages and other web content to a user based on the geographic locations of the user, the origin of a webpage, and a content delivery service.

Answer 160

CDN - content delivery network

Question 161

CDN

This is the location where content is cached and can also be written. Sprate to an AWS region/AZ

Answer 161

edge location

Question 162

CDN

This is the origin of all the files that the CDN will distribute. Origins can be an S3 bucket, and EC2 instance, an ELB, or Route53.

Answer 162

Origin

Question 163

This is the name given to the CDN, which consists of a collection of Edge Locations

Answer 163

Distribution

Question 164

CDN

Typically used for websites

Answer 164

Web distribution

Question 165

CDN

Used for media streaming

Answer 165

RTMP

Question 166

T or F

CloudFront can be used to deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations. Requests for you content are auto routed to nearest edge location, so content is delivered with the best possible performance.

Answer 166

True

Question 167

T or F

Amazon CF is optimized to work with other AWS services like S3, EC2, LB, and Route53. CF also works seamlessly with any non-aws origin server, which stores the original, definitive versions of your files.

Answer 167

True

Question 168

Cloudfront distribution types:

___ distribution

____ distribution

Answer 168

web - used for websites, HTTP/HTTPS

RTMP - Adobe real time messaging protocol- used for media streaming/Flash multimedia content

Question 169

________ enables fast, east, and secure tranfers of files over long ditances between your end users and an S3 bucket.

Answer 169

Transfer acceleration

Question 170

_______ takesw advantage of Cloudformation’s globally distributed edge locations. As the data arrives at an edge location, data is routed to S3 over an optimized network path.

Answer 170

Transfer Acceleration

Question 171

T or F

S3 is designed to support very high requests rates

Answer 171

True

Question 172

T or F

if your S3 buckets are routinely receiving > 100 PUT/LIST/Delete or > 300 GET requests per second, then there are some best practive guidelines that will help optimize S3 performance.

Answer 172

True

Question 173

_____ use cloudformation content deliver service to get best performance. CF will cache your most frequently accessed objects and will reduce latency for your Get requests.

1. Get-Intensive workloads
2. Mixed request type workloads

Answer 173

Get intensive workloads

Question 174

A mix of Get, Put, Delete, Get bucket, the key names you use for your objects can impact performance for intensive workloads.

1. Get-Intensive workloads
2. Mixed request type workloads

Answer 174

MIxed request type workloads

Question 175

S3 uses the ____ ____ to determine which partition an object will be stored in.

Answer 175

key name

Question 176

T or F

The use of non-sequential key names

ie: names prefixed with a time stamp or alphabetical sequence decreases the likliehood of having multiple objects stored on the same partition.

Answer 176

False

The use of sequential key names

ie: names prefixed with a time stamp or alphabetical sequence increases the likliehood of having multiple objects stored on the same partition.

Question 177

T or F

for heavy workloads, sequential key names in S3 can cause IO issues and contention

Answer 177

True

Question 178

T or F . S3

By using a random prefix to key names, you can force S3 to distribute your key across multiple partitions, distributing the IO workload

Answer 178

True

Question 179

T or F

in 2018, amazon announced a massive increase in S3 performance.

3,500 put requests per second

5,500 get requests

Answer 179

True

Question 180

T or F

S3’s new increase in performance negates the previous guidance to randomize your object keynames to achieve faster performance.

Answer 180

True

Question 181

T or F

S3’s logical and sequential naming patterns can be used without any performance implication.

Answer 181

True