S3

Question 1

What does S3 stand for?

Answer 1

Simple Storage Service

Question 2

What is Amazon S3?

Answer 2

A secure, durable, highly scalable object storage for developers

Question 3

What type of storage does S3 provide?

Answer 3

Object-based, where an object is a file

Question 4

What is the size range for an S3 object?

Answer 4

0 bytes to 5 TB

Question 5

What is the limit on S3 storage?

Answer 5

Unlimited

Question 6

What are objects stored in?

Answer 6

Buckets

Question 7

Can two S3 buckets from different users, in different regions, hold the same name?

Answer 7

Buckets must have globally unique names (S3 is a universal namespace)

Question 8

Which code is received if the upload of a file to S3 is successful?

Answer 8

HTTP 200

Question 9

What do objects consist of? (5)

Answer 9

• Key
• Value
• Version ID
• Metadata
• Subresources

Question 10

What is the key of an object?

Answer 10

The name of the object

Question 11

What is the value of an object?

Answer 11

The data, made up in a sequence of bytes

Question 12

What is the metadata of an object?

Answer 12

Data about the data you’re storing

Question 13

What are the subresources of an object? (3)

Answer 13

• Subordinates to objects
• Subresources do not exist on their own, must always be associated with another entity
• Subresources associated with S3 objects: access control lists & torrents

Question 14

How do you control access to buckets? (2)

Answer 14

• A bucket access control list (ACL)

- Bucket policies

Question 15

What is S3 not suitable for? (2)

Answer 15

• Installation of an operating system

- Hosting a database

Question 16

How does data consistency work for S3? (2)

Answer 16

• Read after write consistency for PUTS of new objects

- Eventual consistency for overwrite PUTS and DELETES

Question 17

What level of data consistency is achieved when uploading a new file?

Answer 17

Read after write consistency

Question 18

What level of data consistency is achieved when overwriting/updating/deleting an existing file?

Answer 18

Eventual consistency

Question 19

What does read after write consistency mean?

Answer 19

The file can be read straight after writing it

Question 20

What does eventual consistency mean? (2)

Answer 20

• If you overwrite/update/delete an existing file, you might get v1 or v2 when you read it straight away
• But after waiting a period of time the file will be consistent and you’ll only get v2

Question 21

What does it mean to PUT an object?

Answer 21

To upload, overwrite or update that object

Question 22

What level of availability does Amazon S3 Standard guarantee?

Answer 22

99.9% availability

Question 23

What level of durability does Amazon S3 Standard guarantee?

Answer 23

99.99999999999% durability (11 9s)

Question 24

What are the features of S3 Standard? (2)

Answer 24

• Stored redundantly across multiple devices in multiple facilities
• Designed to sustain the loss of 2 facilities concurrently

Question 25

What are the features of S3 - IA (Infrequently Accessed)? (3)

Answer 25

• Data accessed less frequently, but requires rapid access when needed
• Lower fee than S3
• Charged a retrieval fee

Question 26

What are the features of S3 One Zone - IA? (2)

Answer 26

• Low cost option for infrequently accessed data

- Data that does not require multiple availability zone resilience

Question 27

What are the features of S3 - Intelligent Tiering? (2)

Answer 27

• Cost-effective option

- Uses machine learning to automatically move data to the most cost-effective tier without performance impact

Question 28

What are the features of S3 Glacier? (2)

Answer 28

• Secure, durable, low-cost storage for data archiving

- Configure retrieval time from minutes to hours

Question 29

What are the features of S3 Glacier Deep Archive? (2)

Answer 29

• S3’s lowest cost storage class

- A retrieval time of 12 hours is acceptable

Question 30

How many availability zones is the data stored on for all S3 storage classes bar S3 One Zone - IA?

Answer 30

At least three

Question 31

Which storage classes charge a retrieval fee?

Answer 31

S3 Standard - IA, S3 One Zone - IA, S3 Glacier, S3 Glacier Deep Archive

Question 32

What is first byte latency?

Answer 32

How quickly you’ll be able to access your data

Question 33

What factors affect the charge for S3 storage? (7)

Answer 33

• Storage volume
• Region
• Requests
• Storage management
• Data transfer
• Transfer acceleration
• Cross region replication

Question 34

How does transfer acceleration work? (3)

Answer 34

• Users upload files to the edge location rather than the bucket itself
• As data arrives at an edge location, it is routed to the S3 bucket over an optimised network plan
• Takes advantage of Amazon’s CloudFront globally distributed edge locations

Question 35

What are the permissions on a bucket by default?

Answer 35

Private

Question 36

Do bucket policies and access control lists apply changes at a bucket level, object level, or both? (2)

Answer 36

• Bucket policies apply changes at a bucket level only

- Access control lists apply changes at a bucket and object level

Question 37

How can you log all requests made to an S3 bucket?

Answer 37

Configure your bucket to create access logs

Question 38

Can you send access logs to a bucket in a different account?

Answer 38

Yes

Question 39

What is encryption in transit?

Answer 39

Any data intercepted as it travels to or from Amazon S3 is protected by encryption

Question 40

What is encryption at rest?

Answer 40

Data sat in a folder/bucket is encrypted

Question 41

How is encryption in transit achieved?

Answer 41

Using HTTPS and Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

Question 42

What are the three types of server side encryption at rest for S3 and their differences? (6)

Answer 42

• S3 Managed Keys (SSE-S3): Amazon manage the keys for you
• AWS Key Management Service (SSE-KMS): Customer manages the keys together with Amazon
• Server side encryption with customer provided keys (SSE-C): Customer provided keys

Question 43

What is a key?

Answer 43

A way of decrypting and recrypting an object

Question 44

What is client side encryption?

Answer 44

The customer encrypts the object, then upload it to S3

Question 45

Can you disable S3 versioning, once enabled?

Answer 45

Once enabled, versioning cannot be disabled, only suspended

Question 46

If you upload a new version of an object, does it hold the same permissions at the older versions?

Answer 46

No, all new versions are private

Question 47

Do the permissions of older version of an object change upon uploading new versions?

Answer 47

No, the permissions of older versions don’t change

Question 48

What is the size of a bucket containing objects with versioning enabled?

Answer 48

Size of bucket = size(new versions) + size(all old versions)

Question 49

How can you provide an additional layer of security using S3 versioning?

Answer 49

Using the multi-factor authentication (MFA) delete capability of S3 version control

Question 50

What occurs when you press delete on a file with versions enabled?

Answer 50

You’ve placed a delete marker on the file, not actually deleted it

Question 51

How do you restore a version-control-enabled file that you’ve pressed the delete button of?

Answer 51

Press delete on its delete marker to restore it to the latest version

Question 52

What happens if you press delete on a version of a file with versions enabled?

Answer 52

This actually deletes the selected version

Question 53

If you enable cross-region replication (CRR), does it replicate existing objects in the bucket?

Answer 53

No, only objects uploaded after the CRR is set up

Question 54

If you delete an object in a bucket with CRR enabled, is the delete market replicated to the CRR bucket?

Answer 54

No, the delete marker is not replicated

Question 55

If you delete a version of an object in a bucket with CRR enabled, is the version deleted in the CRR bucket?

Answer 55

No, the latest version remains in the CRR bucket

Question 56

What needs to be enabled in both the source and destination bucket to allow cross-region replication?

Answer 56

Versioning must be enabled for CRR

Question 57

What is CloudFront?

Answer 57

A fast content delivery network (CDN) service

Question 58

What is a content delivery network? (4)

Answer 58

A system of distributed servers (network) that delivers webpages and other web content to a user based on:

• Geographic location of the user
• Origin of the webpage
• Content delivery server

Question 59

What is an origin? Provide four examples of origins (5)

Answer 59

The origin of all the files the content delivery network (CDN) will distribute. Can be a:

• S3 bucket
• EC2 instance
• Elastic load balancer
• Route53

Question 60

What is a distribution? Give two types of distributions and their uses (3)

Answer 60

• A distribution tells CloudFront where you want content to be delivered from & the details of how to track and manage content delivery
• Web distributions: used for websites
• Real-time messaging protocol (RTMP) distributions: used for media streaming

Question 61

Can you write to edge locations?

Answer 61

Yes

Question 62

How long are objects cached for in endpoints, using CloudFront?

Answer 62

For the life of the time to live (TTL), in seconds

Question 63

Can you clear cached objects?

Answer 63

Yes, but you will be charged

Question 64

What is Amazon Snowball?

Answer 64

A petabyte-scale data transport solution which uses secure appliances to transfer large amounts of data into and out of AWS

Question 65

What are the features of Amazon Snowball? (2)

Answer 65

• Low-cost, large scale data transfer: 1/5th of the cost of high-speed internet
• Multiple layers of security (tamper-resistant enclosures, encryption, full chain-of-custody)

Question 66

What is Amazon Snowball Edge? (2)

Answer 66

• A 100 TB data transport solution which uses secure appliances to transfer large amounts of data into and out of AWS
• Also provides local compute, processing and storage capabilities

Question 67

What is the difference between Snowball and Snowball Edge?

Answer 67

Snowball Edge provides local compute, processing and storage capabilities in addition to data transfer, while a Snowball is purely a data transfer device

Question 68

When would you use a Snowball Edge rather than a Snowball? (3)

Answer 68

• As a temporary storage tier for large local datasets
• To support local workloads in remote or offline locations
• Ensure applications continue to run even when they’re not able to access the cloud

Question 69

What can you do with multiple Snowball Edges?

Answer 69

Cluster them together to form a local storage tier?

Question 70

What is Amazon Snowmobile?

Answer 70

An exabyte-scale data transfer service - up to 100 PB per snowmobile

Question 71

What is AWS Storage Gateway? (2)

Answer 71

• A service that provides seamless and secure integration between an organisation’s on-premises environment and AWS’s storage infrastructure
• A virtual or physical device which replicates your data into AWS

Question 72

How do you set up a Storage Gateway? (3)

Answer 72

• Download and install the virtual machine image OR deploy the dedicated hardware appliance
• Select an interface
• Assign local cache capacity

Question 73

What are the three different types of Storage Gateway? (3)

Answer 73

• File Gateway (NFS & SMB)
• Volume Gateway (iSCSI)
• Tape Gateway (VTL)

Question 74

What are the different types of Volume Gateway? (2)

Answer 74

• Stored Volumes

- Cached Volumes

Question 75

How does a File Gateway work? (3)

Answer 75

• Files are stored as objects in your S3 buckets
• Accessed through a Network File System (NFS) mount point
• Once objects are transferred to S3 they are treated as native S3 objects

Question 76

How does a Volume Gateway work? (2)

Answer 76

• Presents your applications with disk volumes using the iSCSI block protocol
• Data written to these volumes can be asynchronously backed up as snapshots of your volumes

Question 77

What does it mean to back up data asynchronously?

Answer 77

Data is not immediately backed up after the primary storage acknowledges write complete - this happens over a period of time

Question 78

What are snapshots of a volume?

Answer 78

Incremental backups which only capture changed blocks

Question 79

How are snapshots of a volume stored?

Answer 79

As Amazon EBS snapshots

Question 80

What are Stored Volumes? (2)

Answer 80

• Volume Gateways which store all primary data locally

- All data is asynchronously backed up to S3 as EBS snapshots

Question 81

What are the benefits of Stored Volumes? (2)

Answer 81

• Provides on-premises applications with low-latency access to their entire datasets
• Alongside durable, off-site backups

Question 82

How do you create a Stored Volume?

Answer 82

Create storage volumes on on-premises storage hardware, then mount these storage volumes as iSCSI devices from on-premises application servers

Question 83

What is the volume range for Stored Volumes?

Answer 83

1 GB - 16 TB

Question 84

What are Cached Volumes? (2)

Answer 84

• Volume Gateways which store all primary data in S3

- Only frequently accessed data is retained locally in your storage gateway

Question 85

What are the benefits of Cached Volumes? (2)

Answer 85

• Minimises the need to scale on-premises storage infrastructure
• While retaining low-latency access to frequently accessed data

Question 86

What is the volume range for Cached Volumes?

Answer 86

1 GB - 32 TB

Question 87

What is a Tape Gateway?

Answer 87

A type of Storage Gateway which uses a virtual tape library (VTL) interface to allow customers to use existing tape-based backup application infrastructure to store data on virtual tape cartridges

Question 88

What is each Tape Gateway preconfigured with? (2)

Answer 88

• A media changer

- Tape drives