Advanced Amazon S3 & Athena

Question 1

Who can enable/disable MFA-Delete?

Answer 1

Only the bucket owner (root account)

Question 2

Why do you need MFA?

Answer 2

• Permanently delete an object version

* Suspend versioning on the bucket

Question 3

What do you need before using MFA-Delete?

Answer 3

Enable Versioning on the S3 bucket

Question 4

When are bucket policies evaluated?

Answer 4

Before “default encryption”

Question 5

Any request made to S3, from any account, authorized or denied, will be logged into another S3 bucket

Answer 5

S3 Access Logs

Question 6

Concerning S3 Access Logs, what should you NEVER do?

Answer 6

Never set your logging bucket to be the monitored bucket

Question 7

Compliance, lower latency access, replication across accounts

What use case is this?

Answer 7

CRR (Cross Region Replication)

Question 8

What use case is this?

Log aggregation, live replication between production and test accounts

Answer 8

SRR (Same Region Replication)

Question 9

Is there any way to replicate a delete between two buckets?

Answer 9

No.

Question 10

How many S3 storage classes are there?

Answer 10

6

Question 11

Use Cases: Big Data analytics, mobile & gaming applications, content distribution

Answer 11

S3 Standard - General Purpose

Question 12

• High durability of objects across multiple AZ (99.999999999%)
• Sustain 2 concurrent facility failures
• 99.99% Availability over a given year

Answer 12

S3 Standard - General Purpose

Question 13

• Suitbale for data that is less frequently accessed, but requires rapid access when needed
• High durability (99.9999999999%) of objects across multiple AZs

99.9% Availability

•Use Cases: As a data store for disaster recovery, backups

Answer 13

S3 Standard - Infrequent Access (IA)

Question 14

• 99.5% Availability
• Low latency and high throughput performance
• Supports SSL for data at transit and encryption rest
• Stored in single AZ
• Use Cases: Storing secondary backup copies of on-premises data, or storing data you can recreate

Answer 14

S3 One Zone - Infrequent Access (IA)

Question 15

• Low latency & high throughput
• Resilient against events that impact an entire AZ
• Small monthly monitoring and auto tiering fee
• Automatically moves objects between two access tiers based on changing access patterns

Answer 15

S3 Intelligent Tiering

Question 16

• Low cost object meant for archiving/backup
• Data is retained for the long term (10s of years)
• Each item in Glacier is called “Archive” (up to 40TB)

Answer 16

Amazon Glacier

Question 17

Amazon Glacier has 3 retrieval options:

What are they?

Answer 17

• Expedited (1 to 5 min)
• Standard (3 to 5 hours)
• Bulk (5 to 12 hours)

Question 18

What is the minimum storage duration on Amazon Glacier?

Answer 18

90 days

Question 19

What is the mínimum storage duration on Amazon Glacier Deep Archive?

Answer 19

180 days

Question 20

Amazon Glacier Deep Archive - for long term storage - cheaper

What are the retrieval options?

Answer 20

Standard (12 hours)

Bulk (48 hours)

Question 21

Moving objects can be automated using a what?

Answer 21

Lifecycle configuration

Question 22

• Move objects to Standard IA class 60 days after creation
• Move to Glacier for archiving after 6 months

What lifecycle rule is this?

Answer 22

Transition Actions

Question 23

• Access log files can be set to delete after 365 days
• Can be used to delete old versions of files (if versioning is enabled)
• Can be used to delete incomplete multi-part uploads

What lifecycle rule is this?

Answer 23

Expiration Actions

Question 24

For infrequently accessed object, where should you move them?

Answer 24

Standard IA

Question 25

For archive objects you don’t need in real time, what should you use?

Answer 25

Glacier or Deep_Archive

Question 26

Helps to transition objects from Standard to Standard_IA

Answer 26

S3 Analytics

Question 27

Send file to an AWS edge location which will forward the data to the S3 bucket in the target region

Answer 27

S3 Transfer Acceleration

Question 28

Parallelize the GETs and speed up the download

Answer 28

S3 Byte Range Fetches

Question 29

Amazon S3 automatically scales to high request rates, latency 100-200 ms Your application can achieve at least 3,500 PUT/COPY/POST/DELETE and 5,500 GET/HEAD requests per second per prefix in a bucket.

Answer 29

S3 Baseline Performance

Question 30

When you upload it, it calls the (blank) KMS API

Answer 30

GenerateDataKey

Question 31

When you download, it calls the (blank) KMS API

Answer 31

Decrypt

Question 32

Any time on the exam you see server side filtering, think what?

Answer 32

S3 Select & Glacier Select

Question 33

* Retrieve less data using SQL by performing server side filtering * Can filter by rows & columns (simple SQL statements) * Less network transfer, less CPU cost client-side

Answer 33

S3 Select & Glacier Select

Question 34

What does S3 Event Notifications target?

Answer 34

SNS SQS Lambda Functions

Question 35

Use case: generate thumbnails of images uploaded to S3

Answer 35

S3 Event Notifications

Question 36

* This person is financially responsible for the networking cost that comes from the dowload. * Helpful when you want to share large datasets w other accounts * (blank) must be authenticated in AWS (cannot be anonymous)

Answer 36

Requester Pays

Question 37

Serverless query service to perform analytics against S3 objects

Answer 37

Amazon Athena

Question 38

Use cases: Business intelligence, analytics, reporting, analyze & query VPC Flow Logs, ELB Logs, Cloud Trail etc..

Answer 38

Amazon Athena

Question 39

Exam Tip: Analyze data in S3 using serverless SQL

Answer 39

Amazon Athena

Question 40

* Adopt a WORM model (write once read many) * Lock the policy for future edits (can no longer be changed) * Helpful for compliance and data retention

Answer 40

Glacier Vault Lock

Question 41

* Adopt a WORM (Write Once Read Many) model | * Block an object version deletion for a specified amount of time

Answer 41

S3 Object Lock (versioning must be enabled)

Question 42

Users can’t overwrite or delete an object version or alter its lock settings unless they have special permissions What mode is this?

Answer 42

Governance Mode

Question 43

A protected object version can't be overwritten or deleted by any user, including the root user in your AWS account. It’s retention mode can't be changed, and its retention period can't be shortened. What mode is this?

Answer 43

Compliance mode

Question 44

What is an extra level of security to prevent accidental deletions?

Answer 44

MFA Delete

Question 45

How can you verify that some employees tried to access files that they dont have access to, without them knowing?

Answer 45

S3 Access Logs

Question 46

Allows you to replicate data from an S3 bucket to another in the same/different AWS Region

Answer 46

S3 Replication

Question 47

Temporary URLs that you generate to grant time-limited access to some actions in your S3 bucket.

Answer 47

S3 Pre-Signed URLs