- How does Snowball Edge differ from basic Snowball?
- Snowball Edge has compute built into it. Basic Snowball is simply a storage transport/container. Snowball Edge is great if you don't have internet connectivity (in a plane, on a bus...etc.)
- What are the three types of Storage Gateway?
- File Gateway
- Volume Gateway
- Tape Gateway
- What is the difference between stored volumes and cached volumes?
- Stored volumes keep all of the data locally and asynchronously backup snapshots to S3.
- Cached volumes only keep a cache locally and the base data and snapshots live in AWS.
- What are the five ebs types and corresponding api names?
- general purpose (ssd) - gp2
- provisioned iops (ssd) - io1
- throughput optimized (hdd) - st1
- cold hdd (hdd) - sc1
- magnetic (prev gen hdd) - standard
- True or False: You cannot encrypt a root volume for EC2.
- false
- What is a snapshot of EBS?
- A snapshot is a copy of a volume that represents state at a certain time. EC2 instances can be created from these snapshots then.
- How would you encrypt a root device volume that has already been created with the "unencrypted" option.
- create a snapshot
- create a copy of the snapshot that is encrypted
- create an ami from the copy to then deploy from
- True or False: you cannot share encrypted snapshots and make them public.
- True, these must be unencrypted
- What does incremental mean when talking about EBS snapshots?
- Snapshots are increental - meaning after the initial snapshot, only the changs are recorded if new snapshots are made
- What is the difference between AMI EBS volume backed vs. instance store backed volumes?
- Instance store is ephemeral - you cannot "stop" an instance that is backed by instance store and if something goes wrong with the underlying host you will lose all of your data
- All instance store volumes have to be added on launch, while EBS volumes can be added whenever
- instance store can scale to millions of IOPS where EBS can only go to 64,000 IOPS with provisioned IOPS
- How does EFS differ from EBS?
- EBS is 1:1 with Ec2 instances while EFS is 1:many
- EFS grows dynamically, you don't have to allocate storage on start
- When using EFS, what do you have to do to enable traffic between EC2 and the file system?
- Allow NFS traffic from the EC2 SG to the EFS SG.
- What is the main difference between EFS and Windows FSx?
- EFS is only for unix/linux, while Windows FSx integrates with Windows, AD, Securtity etc.
- EFS uses NFS while FSx uses SMB protocol
- True or False: FSx for for Lustre is only for Windows.
- False - it is not exclusive to Windows and is used for high performance throughput
- True or False: You can modify EBS volumes on the fly, size and type.
- True
- What are the three ways to gain/restrict access to an S3 bucket?
- IAM role
- Bucket policy
- ACL
- What needs to be enabled for cross-region replication?
- Versioning on both source and destination
- When cross-region replication is turned on do the existing objects get replicated?
- No - only objects moving forward
- Do public permissions transfer during cross-region replication?
- No - each object must be made public
- What is multi-part upload and download?
- Multi-part upload and download assist in moving large objects to and from S3. Multi-part upload allows for individual chunks to be uploaded asynchronously. When using Multi-part download, you can fetch specific chunks using a header in the request.
- At what file size do you need to use multi-part upload?
- 5gb
- What is transfer acceleration?
- Transfer accelertation is used to speed up the uploading of s3 objects by using edge locations. A customer uploads an object to CloudFront and then the object traverses the AWS backbone network to reach its final destination.
- How does using more prefixes increase your requests per second?
- The requests per second limit is set on a prefix. For example, lets say you get 2500 requests per second on the prefix aws/docs. By splitting your data into aws/docs1 and aws/docs2 you can get a total of 5000 requests per second between those two prefixes vs. all data under a single prefix.
- What is the difference between governance mode and compliance mode for object locks?
- Governance mode allows some privelaged users to work around the object lock prior to the fulfillment of the retention period.
- Compliance mode keeps the object lock regardless of privelages for the entire retention period.
- What is a delete marker?
- A delete marker is placed on an object with versioning enabled when it is "deleted". The data itself is not actually deleted and the delete marker can be deleted to recover the object.
- True or False: You can delete individual versions of an S3 object permanently.
- True - by deleting an object version that data is permanently gone
- What is the "public status" of a new uploaded version of an object if the previous version was public?
- The new version is not public by default. You need to enable public access manually.
- How many facilities can S3 standard withstand the loss of?
- S3 standard can withstand the loss of 2 facilities because the data is copied to at least 3.
- What are the two options for an s3 url for a bucket named docs-bucket in us-east-1?
- What is the S3 consistency model?
- There is strong read-after-write consistency for all DELETES and PUTS of both new and existing objects.
- What does it mean that updates to a key are atomic?
- If you try and concurrently to a PUT and a GET on a key you will either receive the new object or the old object, but never partial data.
- What is an S3 url?
- An S3 url is an endpoint that grants temporary read or write privelages to users. The endpoint permissions are received from the user who creats the url.
- What does macie do to thwart malicious attackers?
- Macie uses machine learning to detect PII in S3 buckets.