AWS Practitioner
What type of websites can only be hosted on S3?
Static
What parts of objects can be changed "on the fly"
Storage classes and encryption
What is charged for using S3?
Storage, Requests, Storage Management Pricing, Data Transfer Pricing, Transfer Acceleration and Cross Region Replication Pricing.
What is the best practice for access keys?
Use access keys for programmatic access to AWS.
What is the best practice for roles
Use roles to access various other AWS services.
Based on the Key Terminology for IAM, what defines a people, employees of an organization, etc?
Users
In the following JSON: { "hpberg" : "A Security AWS Student"} What is definition of "hpberg"
key
Which account is associated with the email address to setup the AWS account?
root
Which account is tied with the email address that was used to create the account. The root account by default has full administrator access.
root
Which storage class has 99.99999999999% durability?
All of them
What is IAM in AWS?
Allows you to manage users and their level of access to the AWS console.
What is the best practice for MFA?
Always enable multi factor authentication (MFA) where possible
What service is used for creating a Billing Alarm
CloudWatch
What would be the best support plan if planning to Experiment with AWS and need a 12-24 hour turn around for support?
Developer Plan
Under what section is CloudWatch under?
Management & Governance
What is the best authentication for the root account?
Multi Factor Authentication (MFA)
What is a Simple Notification Service (SNS) topic?
A way of emailing an alert if it goes over a certain amount of money.
What is it called when a primary bucket copies over to a secondary buckets in a different region?
(S3) Cross Region Replication.
What is the lowest and highest size of the files to store in S3?
0 Bytes to 5 terabytes
What are the three different ways you can access the AWS platform?
1. Console 2. Programmatically (via the command line) 3. Using a software development kit (SDK)
What is a bucket in S3?
A folder in the cloud
What is the three ways to access the AWS console
1. Programmatic Access 2. AWS Management Console 3. Amazon SDK
What is the response rate for the Developer plan?
12 - 24 hour response during business hours.
What is the response rate for critical issues for an Enterprise plan?
15 minutes in a 24x7 model.
What does a Region consist of?
2 (or more) Availability Zones
What is an availability zone
A Data Center
What consists of one or more discrete data centers (each with redundant power, networking and connectivity, housed in separate facilities)
Availability Zone (AZ)
How much is Developer Support A) $75 a month B) $29 a month C) $33 a month D) $100 a month
B
How much is business support? A) Free B) $100 a month C $100 Upfront D) $15,000 a month E) $15,000 Upfront F) $75 a month G) $29 a month
B
What does S3 store? A. Block Base Files B. Object-based files
B (Object-based files)
Which is created globally when created? A. Policy B. Group C. Users D. Role
B and C
What are the support plans for AWS?
Basic, Developer, Business and Enterprise
_______ ________ is the on-demand delivery of compute, database storage, applications, and other IT resources through a cloud services platform via the Internet with pay-as-you-go pricing
Cloud Computing
There is an audit based on users access, what report needs to be run?
Credential Report
When replicating the contents of one bucket to another bucket automatically, what service is being used?
Cross Region Replication
How much is Enterprise support A) Free B) $100 a month C $100 Upfront D) $15,000 a month E) $15,000 Upfront F) $75 a month G $29 a month
D
These are endpoints for AWS which are used for caching content. Typically this consists of CloudFront, Amazon's Content Delivery Network (CDN).
Edge Location
What products does AWS use for security patching, updates and maintenance?
Elastic Beanstalk or Amazon Light Sail
How much is Basic support
Free
When creating a users or group how is it created (geologically)?
Globally
When viewing buckets they are viewed _____.
Globally
How can you get notifications if your account goes over a specific amount of dollars/money?
Go into CloudWatch and create a Billing Alarm which uses an SNS topic
Always place users in what?
Groups
Based on the Key Terminology for IAM, what defines a collection of users that inherit the permissions with this object?
Groups
When successfully uploading a file to S3, what HTTP status will be received?
HTTP 200 (OK)
What is the best practice for password policies?
Have a strong password rotation policy
To apply access to buckets, what policy is used?
IAM Policies to Users & Groups
When applying a policy to users & Groups, what policy is being applied?
IAM Policies to Users & Groups
What is the acronym of IAM
Identity Access Management
Policies are always in what format?
JSON
Policies consist of what?
Java Script Object Notation (JSON)
JSON stands for
JavaScript Object Notation
If applying a policy to a file what is the policy called?
Object Policies
S3 is object based. What are objects?
Objects are just as files
What is the best practice for users
One user should equal one real human being. Don't create phantom users.
What is the best practice for the root account?
Only use the root account to create your AWS account. Do not use it to log in.
What is contained in a credential report?
Passwords, Access Keys and Multi Factor Authentication (MFA)
Based on the Key Terminology for IAM, what is made up of documents which are formatted in JavaScript Object Notation (JSON) and provide permissions for users, groups and roles
Policies.
Policies are made up of documents which are called
Policy documents
What is the main difference between the Business and Enterprise plan?
Provides a Technical Account Manager (TAM).
How does data consistency work for S3?
Read after Write consistency for PUTS of new objects (MEANING: If you write a new file and read it immediately afterwards, you will be able to view that data) Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate MEANING: If you update AN EXISTING file or delete a file and read it immediately, you may get the older version, or you may not. Basically changes to objects can take a little bit of time to propagate.)
What do you not have to specify when using IAM?
Region
What do you not specify when dealing with IAM
Region
What is a region
Region is a geographical area
Based on the Key Terminology for IAM, what is assigned to AWS resources
Roles
What is the acronym for SNS topic
Simple Notification Service
When storing files on S3, where is it stored?
The data is spread across multiple devices and facilities. It is essentially stored in buckets.
With a Bucket Policy is applied across the ______ _______
Whole bucket
Can buckets be in individual regions?
Yes
The example of https://s3-eu-west-1.amazonaws.com/hermanpaulberg, what is hermanpaulberg?
a bucket
What key features does IAM provide in AWS?
1. Centralized control of your AWS account 2. Shared access to your AWS account (Share with other users) 3. Granular permissions (define who can access which servers) 4. Multi-factor authentication (Google authenticator) 5. Ability to provide temporary access for users, devices, and services where necessary 6. A customizable password rotation policy (you can define the policy) 7. Integration with many other AWS services
Why should one choose a particular AWS Region? (3 reasons)
1. Data Sovereignty Laws 2. Latency to end users 3. AWS Services
What are the three types of cloud Computing?
1. Infrastructure as a Service (IaaS) 2. Platform as a Service (PaaS) 3. Software as a Service (SaaS)
What are the three Cloud Computing Deployments
1. Public (AWS, AZURE, etc) 2. Hybrid (public and private mixed) 3. Private (or on premise) (Openstack or VMWare)
What are the six advantages of cloud computing?
1. Trade capital expense for variable expense. (Not having to pay for a data center and just purchasing what is needed for computation power) 2. Benefit from massive economies of sale 3. Stops guess work for capacity (models will allow to upgrade scale as you need). 4. Increases speed and agility 5. Stops costs of running a datacenter and upkeeps. 6. Go Global in minutes TBSISG - STGBIS
What service enables fast, easy and secure transfers of files over long distances between your end users and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront's globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.
Amazon S3 Transfer Acceleration
What are the three ways of Restricting Bucket Access?
Bucket Policies, Object Policies and IAM Policies to Users & Groups
What policy is used if you want to make the entire S3 bucket public?
Bucket Policy
What guarantees does Amazon gives for S3?
Built for 99.99% availability for the S3 platform Amazon Guarantee 99.9% availability Amazon guarantees 99.999999999999% durability for S3 information. (Remember 11 x 9s)
True or False: An availability zone can have multiple regions?
False
What is Block Base Files?
Files to install an operating systems
What is the key fundamentals of S3?
Key (This is simply the name of the object) Value (This is simply the data and is made up of a sequence of bytes)
What do objects consist of?
Key (This is simply the name of the object) Value (This is simply the data and is made up of a sequence of bytes) Version ID (Important for Versioning) Metadata (Data about data you are storing) Subresoures (ACLs & Torrent)
What is JSON referred to?
Key-value pairs.
S3 is a universal namespace, what does that mean for names?
Names must be unique globally for buckets.
What provides developers and IT teams with secure, durable, highly scalable object storage? It is easy to use, with a simple web services interface to store and retrieve any amount of data from anywhere on the web. In other words, it is a place that stores your flat file.
S3 (Simple Storage Service)
What storage is for data that is accessed less fequently, but requires rapid access when needed. Lower fee than S3, but you are charged a retrieval fee to access the file in milliseconds
S3 - Infrequently Accessed (IA)
Which storage class is a secure, durable, and low-cost storage class for data archiving. You can reliably store any amount of data at costs that are competitive with or cheaper than on-premises solutions. Retrieval times configurable from minutes to hours.
S3 Glacier
Which storage class is Amazons S3's lowest cost storage class where a retrieval time of 12 hours is acceptable.
S3 Glacier Deep Archive
Which storage classis the newest function. Desgined to optimize your cost by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. Moving S3 - S3 IA or S3 One Zone IA
S3 Intelligent Tiering
What storage class where you want a lower-cost option for infrequently accessed data, but do not require the multiple Availability Zone data resilience?
S3 One Zone - Infrequently Accessed (IA)
What are the six storage classes?
S3 Standard 99.99% (availablity), S3 Infrequently Access, S3 One Zone Infrequently Accessed, S3 Intelligent Tiering, S3 Glacier and S3 Glacier Deep Archive.
What section is IAM located under
Security, Identity & Compliance
What do you create in order to create a billing alarm
Simple Notification Service (SNS) topic
What does S3 stand for?
Simple Storage Service
What features does S3 provide?
Tiered Storage Available Lifecycle Management Versioning Encryption Secure your data using Access Control Lists and Bucket Policies
True or False: IAM is a global setting
True
How much storage is available on S3?
Unlimited
What is the best practice for IAM Credential Report?
Use Identity Access Management credential reports to audit the permissions of your users/accounts.
In the following JSON: { "hpberg" : "A Security AWS Student"} What is the definition of "A Security AWS student"?
Value
