Skip to content

Latest commit

 

History

History
1093 lines (874 loc) · 32.6 KB

README.md

File metadata and controls

1093 lines (874 loc) · 32.6 KB
Raw

Storage

You provision an EBS volume, but it appears to run at a slow rate of IOPS through no apparent fault of your own. Why might that be? AWS always wipes the physical disk from its last usage, so you might experience slower IOPS until it has finished.
With Auto scaling groups, where do you configure instance tags? The ASG!
_____ let you categorize your EC2 resources in different ways, for example, by purpose, owner, or environment. tags 
To help you manage your Amazon EC2 instances you can assign your own metadata in the form of Tags
How can objects be organized? Names Prefixes

Metadata

S3 object lifecycle tags S3 inventory

Cost Allocation S3 bucket tags help with... Tracking storage costs and other criteria on S3 by organizing your billing report
bucket policyuse cases grant permissions to users (in an AWS account) Manage cross-account permissions
How many S3 buckets can I have per account by default? 100
How to add tags to many objects with a single request? S3 Batch Operations
Can a bucket owner allow unauthenticated requests/uploads? Yes - as "public bucket" policy or by a WRITE/FULL_CONTROL for All Users ACL
bucket subresources cors website logging versioning lifecycle policy and acl
You are designing a site for a new start up which generates cartoon images for people automatically. Customers will log on to the site, upload an image which is stored in S3. The application then passes a job to AWS SQS and a fleet of EC2 instances poll the queue to receive new processing jobs. These EC2 instances will then turn the picture in to a cartoon and will then need to store the processed job somewhere. Users will typically download the image once (immediately), and then never download the image again. What is the most commercially feasible method to store the processed images? Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours.
You can have ____ tags on an object 10
What are the valid methodologies for encrypting data on S3? SSE-CSSE-S3 SSE-KMSS3 Encryption Client (or another client library)
A business can tolerate losing some of their S3 objects, as they can be regenerated. However, they must be stored persistently and retrieved immediately. Which storage class could be cheapest for this case? RRS
With Glacier, you can retrieve up to _____ of your average monthly usage each month. 5%
In S3 Lifecycle, Transition actions define when objects _____, Expiration actions define when objects _____ Moves to another storage class Are deleted
A bucket owner has some permissions over another account's objects. These are... Access denial

Archival Deletion Restoration

In S3 Batch Operations, a logical unit of work made up of Operations is a...  Job
To allow anonymous access to an S3 bucket, you would use... bucket policy
To restrict access to a bucket based on referrer, you would use... bucket policy
Capability policies are applied on an IAM _____ or _____ user or group
Largest filesize you can upload in a single PUT operation 5GB
An S3 object's data is encrypted using AWS encryption solutions. Is its metadata also encrypted? No! Don't store secrets in there!
Each S3 Object is uniquely identified by its containing _____, its _____ and its current _____ BucketKeyVersion
You could make an S3 bucket routable only inside your AWS network via... An S3 access point that accepts requests only from your VPC
The storage class _____ cheaply stores object data in a one Availability Zone only, and therefore is neither as available nor resilient from data center disasters. S3 One Zone-IA
Storage Class minimum storage durations IA - 30 days

S3 Glacier - 90 days

S3 Glacier Deep Archive - 180 days

In a versioning-enabled bucket, can you change the storage class of an object's specific version? No
S3 VersioningCan you delete a specific version? Yes
bucket policy, bucket ACL, object ACL are examples of _____ permissions  resource-based
In a bucket, you can set per object permissions and manage objects not owned by the bucket owner via... Object ACL
With S3 bucket ACLs you can only grant access to _____ AWS accounts. root
In S3, PUT / GET requests on new objects have _____ consistency, whereas PUT / DELETE on existing objects has _____ consistency. read-write

eventual

Can you make an Object's requester pay for its data transfer? Yes - via "Requester Pays"
S3 Glacier Deep Archive default retrieval time is around _____ 12 hours
S3 Glacier Deep Archive "bulk retrieval" reduces Deep Archive _____ costs and returns data in 48 hours. retrieval 

48

Are all S3 storage classes resilient? No. S3 One Zone-IA stores data in only one Availability Zone
Protect S3 objects from unintended changes via... Versioning
An S3 Versioned object gets deleted. What happens? An artificial delete marker becomes the current version of the object. Retrieving it returns only 404 Not Found errors.

All versions still remain in the bucket!!! You can still GET a noncurrent version of an object by specifying its version ID. 

CORS stands for... Cross-Origin Resource Sharing
Anonymous modification of public bucket objects' ACLs can be prevented by disabling public write access using _____ S3 Block Public Access
Can S3 Buckets be used for namespace organization? Yes
Can S3 Buckets be used as units of aggregation for usage reporting? Yes
Once S3 Glacier completes retrieval, you have _____ hours to access it. 24
How can you manage cost allocation in S3? Bucket tags
Can enabling S3 versioning increase costs? Yes - you might be storing thousands of versions of an object
To manage a browser's cross-origin requests to S3 hosted websites, you can use... CORS (Cross-Origin Resource Sharing)
In S3, you could set up log expiration by using... Lifecycles
An S3 Glacier retrieval usually completes in around _____ hours. 5
S3 url syntax consists of... _____.s3._____.amazonaws.com/_____ BUCKETNAME.s3.REGION.amazonaws.com/KEYNAME
In S3 storage class terminology, what does "IA" stand for? Infrequent Access
Infrequent Access (IA) storage classes are often used for _____ and other old data. Backups
Cheapest object storage option in AWS S3 Glacier Deep Archive
S3 Glacier objects are not available for real-time access. They must be _____ before accessing. unarchived
S3 Glacier expedited retrieval time ~5 minutes
If you manipulate an archived S3 object before the minimum storage duration period, you are billed... For the entire minimum storage duration period (90 days Glacier, 180 days Deep Archive)
Are all storage classes highly available? No, S3 One Zone-IA's AZ might fail to provide file access.
S3 Versioning assigns a version _____ for an object to distinguish it from other versions of the same key ID
The "_____ Object" request permission allows uploading to a bucket. PUT
S3 Policies are evaluated by creating a list of policies from _____ at run-time. resource-based permissions and IAM policies
Resource policies are applied on... A resource
Largest filesize that can exist on S3 5TB
A Glacier Archive's maximum total size 4TB
S3 SSE-C stands for... Server-Side Encryption with Customer-provided keys
S3 SSE-KMS stands for... Server-Side Encryptionwith CMKs stored in AWS KMS
Where can you find when an S3 Object was last modified? The object's metadata
You can use IAM to grant individual access to individual objects using object _____ tags
To manage a browser's JavaScript GET requests to S3 hosted websites (e.g. to load web fonts from a bucket), you can use... CORS (Cross-Origin Resource Sharing)
S3 RRS stands for... Reduced Redundancy Storage
The S3 storage class that automatically selects the cost-effective storage class for objects, with no fee for selection but extra fees for analysing usage is _____ S3 Intelligent-Tiering
The two S3 storage classes intended for infrequent access are... S3 Standard-IA S3 One Zone-IA
Can public bucket objects have their ACLs anonymously modified? Yes!!! Prevent this by using S3 Block Public Access to disable public write access
You can analyze S3 ACLs and policies using... S3 Access Analyzer
A Glacier archive can have up to _____ archives unlimited
Can you upload directly to Glacier? Yes - via the API
How do S3 uploads resume? on failure
S3 SSE-S3 stands for... Server-Side Encryption with S3-Managed Keys
Can S3 Buckets be used for access control? Yes
Can S3 Buckets be used to identify owners of files? Yes
Can you add custom name-value pairs to an S3 Object's metadata? Yes
Does an S3 Object's metadata include HTTP metadata? Yes - such as Content-Type.
Is S3 Intelligent-Tiering a good solution for Data Lakes? Yes
How can you ensure compliance in S3? S3 Object Lock
Can an S3 bucket be configured as a failover endpoint? Yes - if it is web-enabled.
The AWS service designed for long term data archival is... S3 Glacier
Can you mount a new EBS to an EC2 instance manually via SSH'ing into it? Yes
Do Infrequent Access (IA) storage classes come with slow data retrieval? No! It is still counted in miliseconds.
The _____ storage class stores infrequently accessed data across multiple AZ's. S3 Standard-IA
Can you attach an EBS volume to more than one EC2 instance at the same time? No
Amazon S3 is a _____ Based Storage solution. Object
To move an EBS volume to a different AZ, you could create a _____ and recreate it in the new AZ. Snapshot
EBS resource level permissions are ____, ___ and ____ ATTACH, DETACH, DELETE
_____ storage is a type of storage used for data on persistent disks, such as SSDs and HDDs. File systems and databases make use of it. Block
Storage Classesfor frequently accessed objects S3 Standard RRS (Reduced Redundancy)
Can you create an EBS-backed AMI? Yes
How are EBS Snapshots backed up to S3? Incrementally
If you terminate an EC2 instance, would its EBS volume remain? Only if instructed to during creation.
Are Amazon's EBS volumes encrypted by default? No
If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the instance? No
What does EBS stand for? Elastic Block Storage
In S3, can you can have events that trigger notifications? Yes
Is enabling versioning on a bucket permanent? Yes
When an EC2 instance's network throughput towards an EBS volume is prioritized, that instance is called _____ EBS Optimized
Is data on S3 Standard considered successfully stored once uploaded to a single AZ? No - you don't get a success until it is replicated across AZs
If an Amazon EBS volume is not the root volume, can you detach it without stopping the instance? Yes
Can you create your own RAID 0/5/10 with EBS volumes? Yes
In order to enable encryption at rest using EC2 and Elastic Block Store you need to configure encryption when _____ the EBS volume. creating
Does an EBS volume have to be in the same AZ as an EC2 instance it attaches to? Yes
Are Storage Gateway copies up to S3 synchronous? No - Asynchronous
EBS data is redundantly stored in multiple physical locations within the same _____ Availability Zone
S3 Transfer Acceleration is... CDN-accelerated premium long-distance transfer service global customers uploading to one bucket  transfering large data across continents when unable to utilize all available bandwidth when uploading to S3
You are hosting the website "example.com" in eu-west-1. There is a static DR site available on S3 in the event that the primary site would go down, and the bucket name is called �examplecom�. The static website's S3 URL would be https://_____.s3-website-_____.amazonaws.com https://examplecom.s3-website-eu-west-1.amazonaws.com
Is S3 a durable key-value store? Yes
EBS volume data is replicated across multiple servers in a single _____ to prevent the loss of data from the failure of any single component.   Availability Zone
An EBS volume is stored in a single _____, meaning it cannot tolerate its failure. Availability Zone
Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance? Yes
Is S3 storage structure hierarchical? No - you can make your own prefixes to make it appear so however.
Can you create regional buckets? Yes
Objects consist of two parts: Object data Metadata
Can GET requests return data that is currently still being uploaded? No
Can you lock S3 objects for concurrent operations? No - use a database instead. Or hack it with tags.
From within AWS, can you make the update of one key depend on the update of another key? No
Default Encryption is enabled for a replication destination bucket What happens depending on whether the objects in the source bucket are encrypted? unencrypteddestination files are encrypted with the destination bucket's default encryption encryptedthe same encryption is used at the destination
To be able to recreate an EBS volume at a later date, a _____ can be stored. snapshot of it
In S3, should you store notifications? No
There are no transfer costs from EC2 to S3 within the same _____ region
S3 website hosting URL format is _____.s3.-website-_____.amazonaws.com BUCKETNAME.s3-website-REGION.amazonaws.com
Are Instance store volumes faster than EBS? Yes. 
In S3, is data encrypted at rest decrypted as it is sent to the customer at download? Yes
A named, uniquely-addressable, regional S3 Glacier archive container is called a... Vault
Amazon EBS snapshots are compressed and updated ____, so the storage used in any snapshot is generally much less than the storage consumed on an Amazon EBS volume.  incrementally
Can an instance store volume be detached/reattached from an EC2 instance? No
What 2 things can you do together to protect objects in a bucket from being accidentally overwritten or deleted. Enable bucket versioning and MFA delete
Can you restrict access to an S3 bucket by date? Yes
You can enforce that only encrypted objects be uploaded to your S3 bucket via _____ bucket policy
Is S3 considered a durable key-value store? Yes
When you view the block device mapping for your EC2 instance, can you see the instance store volumes? No
A snapshot's status is considered _____ until it is complete. pending
Do Bucket names have to be regionally unique? Yes
In an S3 "requester pays" bucket, who pays for the storing of data? The owner
What user are unauthenticated requests made by? the anonymous user, ACL ID 65a011a29cdf8ec533ec3d1ccaae921c
Is the namespace of buckets shared and global among all AWS users? Yes
Are buckets associated with a region? Yes
EBS volumes behave like raw, unformatted, external block devices that atach to _____ EC2 instances
Are snapshots updated incrementally? Yes
Where are EBS Snapshots stored? S3
In S3, should you store your website database? No
Does Glacier cost around a penny per GB? Yes
I/O size is capped at 256 KiB for _____ volumes and 1,024 KiB for ____ volumes SSD  magnetic
When you provision IOPS, you're not guaranteed to get that much throughput from the EC2 instance it's attached to, but it guarantees that the volume can _____ handle that much IOPS. You still might need to use EBS Optimization, a larger instance size or a network optimized instance.
An EBS volume can be configured as encrypted at-rest, but the encryption/decryption actually happens on _____ and then copied encrypted to the EBS volume. its EC2 instance
Instance store volumes are acceptable when storing _____ data, or synchronizing data between multiple server for _____ temporary fault-tolerance
What does CORS stand for? Cross Origin Resource Sharing
_____ allows to integrate on-premises IT environments with cloud storage AWS Storage Gateway
To prevent the deletion of EBS volumes created and attached to an instance at launch when the instance is terminated, you can modify the _____ instance launch flag. DeleteOnTermination
Does disabling automated backups also disable point-in-time recovery? Yes
Can I delete a snapshot of the root device of an EBS volume used by a registered AMI? Yes
Fundamental container for data storage Bucket
How could you encrypt some already existing Amazon S3 objects? S3 batch operations
Named, configurable network endpoints attachable to S3 Buckets are called... Access points
Can you create an Access Point for someone else's bucket? No
Storage ClassesList all 7 storage classes S3 StandardS3 Standard-IAS3 One Zone-IA S3 GlacierS3 Glacier Deep Archive S3 Intelligent-Tiering RRS (not recommended)
In S3 Batch Operations, an API action such as copying objects is called a... Operation
The recommended storage service for a database is... EBS
Can the snapshots with AWS Marketplace product codes be made public? No
Can you have provisioned IOPS with your EBS volumes? Yes
Are snapshots encrypted automatically? No
Can you manage Lifecycle of objects based on their tags? Yes
What service can be used to quickly import external data to S3? Snowball
_____ upload is required for objects larger than 5GB. Multipart
Are you charged full for each EBS snapshot? No - only for total storage used, as snapshots are incremental.
Why might a bucket not show up in your list of available endpoints? Bucket is web-disabled
Are you charged by number of requests to your S3 files? Yes
How does S3 high availability work? Data is eventually replicated across multiple data center servers
An object you uploaded is missing from the list. Why? It might not have been replicated to your location yet.
S3 Bucket Request Authorization Flow Diagram
In S3 Batch Operations, a job's unit of execution over a single object (such as an API call) is called a... Task
An EC2 instance terminates. Is all of the instance's local data on the hard drive deleted? Yes
Can you set different IAM permissions to S3 Objects based on their tags? Yes
You upload a file to S3 after enabling default encryption. What happens depending on whether you've included encryption information in the header? no headerbucket default encryption is used encryption headerheader encryption is used
A request is made using root credentials of AWS account 1111-1111-1111 for a bucket operation owned by AWS account 2222-2222-2222. No IAM users are involved in this request. Because the request is made using root credentials of an AWS account, the user context is _____. In the bucket context, Amazon S3 examines _____. If the bucket owner (AWS account 2222-2222-2222) has not authorized AWS account 1111-1111-1111 to perform the requested operation, Amazon S3 denies the request. ignored the bucket policy
A request is sent by Jill, an IAM user in AWS account 1111-1111-1111, which also owns the bucket. Because the request is from an IAM principal, in the user context, Amazon S3 evaluates all policies that belong to the parent AWS account to determine if Jill has permission to perform the operation. In this example, parent AWS account 1111-1111-1111, to which the principal belongs, is also the bucket owner. As a result, in addition to the user policy, Amazon S3 also evaluates the bucket policy and bucket ACL in the same context, because they belong to the same account. Because Amazon S3 evaluated the bucket policy and bucket ACL as part of the user context, it does not evaluate the _____. bucket context
A request is sent by Jill, an IAM user whose parent AWS account is 1111-1111-1111, but the bucket is owned by another AWS account, 2222-2222-2222. Because the request is from an IAM principal, Amazon S3 evaluates the _____ by reviewing the policies authored by the account to verify that Jill has the necessary permissions. If Jill has permission, then Amazon S3 moves on to evaluate the bucket context; if not, it denies the request. In the bucket context, Amazon S3 verifies that bucket owner 2222-2222-2222 has granted Jill (or her parent AWS account) permission to perform the requested operation. If she has that permission, Amazon S3 grants the request and performs the operation. user context
Can Lifecycle policies target folders? Yes
To determine whether the requester has permission to perform an operation, S3 considers the following contexts, in order: _____, _____, _____ User, Bucket, Object 
Object Operation authentication flow User Context > Bucket Context > Object Context
The bucket owner sends a request for a bucket operation using the root credentials of the AWS account. Because the request is made by using root credentials of an AWS account, the user context is _____. In the bucket context, Amazon S3 reviews _____. Amazon S3 authorizes the request. ignored the bucket policy, to determine if the requester has permission to perform the operation
IAM user Jill, whose parent AWS account is 1111-1111-1111, sends an object operation request (for example, Get object) for an object owned by AWS account 3333-3333-3333 in a bucket owned by AWS account 2222-2222-2222. Jill will need permission from the parent AWS account, the bucket owner, and the object owner. Because the request is from an IAM principal, Amazon S3 evaluates the user context to verify that the parent AWS account 1111-1111-1111 has given Jill permission to perform the requested operation. If she has that permission, Amazon S3 evaluates the bucket context. Otherwise, Amazon S3 denies the request. In the bucket context, the bucket owner, AWS account 2222-2222-2222, is the context authority. Amazon S3 evaluates the bucket policy to determine if the bucket owner has explicitly denied Jill access to the object. In the object context, the context authority is AWS account 3333-3333-3333, the object owner. Amazon S3 evaluates the object ACL to determine if Jill has permission to access the object. If she does, Amazon S3 authorizes the request. User Context > Bucket Context > Object Context
An EC2 instance terminates. What happens to any EBS volumes attached to it? They are preserved - except the OS volume.
If I want to run a database on an EC2 instance, which is the most recommended Amazon storage option? EBS
The max number of S3 buckets you can have in your account by default is... 100
The S3 "Infrequent Access" storage class requires a minimum object size of? 128KB
Are Server-Side encryption options mutually exclusive? Yes
Why choose a Region for an S3 bucket? Cost Latency Law
Two PUT requests are simultaneously made to an object. What happens? The latest timestamp wins, older is ignored.
S3 Default EncryptionDoes it retroactively re-encrypt previously existing objects? No
Fundamental entity stored in S3 Objects
If you upload an object using an IAM user/role, do the objects belong to the bucket owner? No - to the user/role
When using versioning on a bucket, the latest version of the object called the _____ version. Live
A glacier job typically completes in how much time? 3-5 hours
An on-premise virtual appliance that can be used to cache S3 locally at a customers site is called... AWS Storage Gateway
Can S3 endpoints be accessed across a VPC peering connection? No
Can S3 version its objects? Yes
With S3 versioning, do you pay for the space required for every version of a file kept? Yes
An S3 object can be as small as ____ 0Bytes