CloudAcademy: Knowledge Check: Storage (SAA-C03) 1 of 2 Flashcards
Which of the following statements about Allow/Deny in Amazon S3 is false?
A. A Deny always takes precedence over an Allow.
B. If there is no Deny associated with the principal to a specific object, but there is an Allow, then access will be authorized.
C. If there is both a Deny and an Allow associated with the principal to a specific object, then access will be authorized.
D. By default, access is denied to an object, even without an explicit Deny within any policy.
B. If there is no Deny associated with the principal to a specific object, but there is an Allow, then access will be authorized.
Explanation:
Essentially, by default, AWS states that access is denied to an object, even without an explicit Deny within any policy. To gain access, there has to be an Allow within a policy that the principal is associated to or defined by within a bucket policy or ACL. If there was no Deny defined, but there is an Allow within a policy, then access will be authorized. However, if there is a single Deny associated with the principal to a specific object, then even if an Allow does exist, this explicit denial will always take precedence, overruling the Allow, and access will not be authorized. So as we know, a Deny always takes precedence over an Allow, meaning Stuart will have access to the s3deepdive bucket to perform all S3 actions apart from deleting the bucket or any of its objects.
Which of the following steps should you take to host a static website on S3? (Choose 2 answers)
A. Create and upload an index document to your S3 bucket
B. Enable server-side scripting.
C. Create a host bucket with a unique web hostname.
D. Enable static website hosting on the S3 bucket.
A. Create and upload an index document to your S3 bucket
D. Enable static website hosting on the S3 bucket.
Explanation:
Configuring an S3 bucket for static website hosting requires creating a bucket with the same name as the desired website hostname. To host a static website you need to configure a bucket for website hosting and then upload the content of the static website to the bucket. You also need to add an index document. The index document will be the default or home page of your static website. The index documents must be located within your bucket.
At what level can Amazon S3 Access Control Lists (ACLs) be applied?
A. the bucket, object and account level
B. the bucket level only
C. the object level only
D. the bucket and object level
A. the bucket, object and account level
Explanation:
S3 ACLs allow identities to access specific objects within buckets a different layered approach than bucket policies which are applied at the bucket level only. ACLs allow you to set certain permissions on each object within a specific Bucket.
These ACLs do not follow that same format as the policies defined by IAM and Bucket policies. Instead, they are far less granular, and different permissions can be applied depending if you are applying an ACL at the bucket or object level.
In Amazon S3, a bucket owner has a version-enabled bucket containing a few objects. What will happen to the existing objects when he updates them?
A. The older objects will be overwritten with their respective version IDs.
B. The older objects will be stored with new key names and version ID s.
C. The older objects remain unchanged, while new version IDs are assigned to the new objects.
D. The older objects are moved to the Reduced Redundancy Storage (RRS) with the existing version IDs, when the new objects with new version IDs are created.
B. The older objects will be stored with new key names and version ID s.
Explanation:
When a bucket owner PUTs an object in a versioning-enabled bucket, the noncurrent version is not overwritten. Instead, Amazon S3 generates a new version ID and adds the newer version to the bucket.
When server-access logging is configured, both the source and target buckets must be in the same __________.
A. Access Control List
B. Log Delivery group
C. Availability Zone
D. AWS Region
D. AWS Region
Explanation:
When configuring server-access logging, the source and target buckets must be in the same AWS Region. Availability Zones are found within AWS Regions. Log Delivery groups are pre-defined Amazon S3 groups used to deliver log files to your target buckets, and Access Control List refers to the Log Delivery group’s access to the ACL (Access Control List) of the target bucket.
Which of the following must you do to enable object lock on an S3 bucket?
A. Select Governance Mode
B. Enable versioning
C. Select Compliance Mode
D. Disable versioning
B. Enable versioning
Explanation:
In order to enable object lock on an S3 bucket, versioning must first be enabled.
If you enable versioning on an existing bucket in Amazon S3, how are the unmodified objects already in them labeled?
A. Unversioned
B. Null
C. Enabled
D. Deleted
B. Null
Explanation:
If you enable versioning on an existing bucket with objects already in them, then their Version ID will be displayed as null until they have been modified or deleted, at which point they will receive a new Version ID. Delete is an action you can take on an object in storage as well as a label that appears in brackets once an object is deleted, but delete is not a label an unmodified stored object. “Versioned” and “enabled” refer to bucket versioning labels and properties.
Which of the following occurs when versioning is suspended on an S3 bucket?
A. Objects created during the suspension will receive a temporary version ID.
B. Further versioning of objects will be prevented.
C. All versions of the bucket’s objects are deleted from the console.
D. Previous object version IDs will be lost.
B. Further versioning of objects will be prevented.
Explanation:
When versioning is suspended on a bucket further versioning of objects is prevented.
When versioning is suspended you can still see previous object versions in the console, previous object IDs are not lost when versioning is suspended because suspending versioning only affects subsequent objects. Objects created when versioning is suspended on a bucket do not receive a temporary version ID.
When configuring a bucket to monitor for specific events, which parameter allows you to capture events related to objects based on the objects file name extension such as ‘.jpg’, ‘.mp4’ or ‘.txt’?
A. The prefix element
B. The suffix element
C. The event name
D. The ‘Send to’ component
B. The suffix element
Explanation:
You can configure notifications to be filtered by the prefix and suffix of the key name of objects. For example, you can set up a configuration so that you are sent a notification only when image files with a “.jpg” file name extension are added to a bucket. Or, you can have a configuration that delivers a notification to an Amazon SNS topic when an object with the prefix “images/” is added to the bucket, while having notifications for objects with a “logs/” prefix in the same bucket delivered to an Amazon Lambda function.
You are helping a client design a static website thatwill potentially grow exponentially in the first few years of existence. You outline the benefits of using Amazon S3 to host this website. What characteristics of S3 elasticity and scalability can you feature? (Choose 2 answers)
A. S3 asynchronously replicates objectsto all availability zones within a region.
B. S3 bucket names can be replicated in multiple regions.
C. S3 supports an unlimited number of files in a bucket.
D. S3 synchronously replicates objectsto all availability zones in multiple regions.
A. S3 asynchronously replicates objectsto all availability zones within a region.
C. S3 supports an unlimited number of files in a bucket.
Explanation:
With Amazon S3, you can store as much data as you want and access it when needed. S3 supports and unlimited number of files in a bucket so it is not necessary to know your storage needs up front or try to estimate. S3 can be scaled quickly and appropriately to meet the storage demands of your environment. S3 asynchronously replicates information to all availability zones within a region. Amazon S3 scales to support very high request rates. If your request rate grows steadily, Amazon S3 automatically partitions your buckets as needed to support higher request rates.
Which of these occurs when Requester Pays is enabled on an S3 bucket?
A. Anonymous users requesting access to the bucket will be charged for their requests.
B. The requester pays for the storage costs associated with the objects stored in the bucket.
C. All users requesting access to a bucket will be charged for their requests.
D. Any costs associated with requests and data transfer become the responsibility of the requester
D. Any costs associated with requests and data transfer become the responsibility of the requester
Explanation:
When Requester Pays is enabled on an S3 bucket, any costs associated with requests and data transfer become the responsibility of the requester. Anonymous access requests will be denied unless all access is authenticated to your bucket. The bucket owner is still charged for costs associated with the objects stored in the bucket.
Which of the following statements about Amazon S3 replication is false?
A. You may not replicate encrypted objects.
B. Destination buckets cannot be configured as requester pays buckets.
C. Once a bucket has been configured for S3 replication, only the objects added to the bucket from that point forward will be replicated.
D. If the source bucket has the S3 object lock feature enabled, then the destination must also have it enabled, too.
A. You may not replicate encrypted objects.
Explanation:
If the source bucket has the S3 object lock feature enabled, then the destination must also have it enabled, too. Destination buckets cannot be configured as requester pays buckets. If you want to replicate objects that are encrypted, then you can do so. Once a bucket has been configured for S3 replication, only the objects added to the bucket from that point will be replicated.
Amazon S3 versioning allows buckets to be in the form of any one of these 3 states:
Unversioned Versioning-enabled Versioning-suspended
Which of these bucket states would be the best choice for cost savings?
A. All of the bucket states are equal in cost.
B. Versioning-enabled
C. Versioning-suspended
D. Unversioned
D. Unversioned
Explanation:
Unversioned buckets offer the most cost savings because one of the costing metrics of S3 is how much data storage you use and using an unversioned bucket means there are not multiple versions of the same file being stored in the bucket. Versioning enabled is the most costly because it automatically versions objects unless a command is executed to permanently delete the object version(s) from the bucket. Versioning suspended offers some cost savings because it allows you to suspend further versioning of objects in a bucket; however, it does not initially limit versioning of objects. Finally, the types of versioning do not represent equal costs because a versioned bucket and a suspended versioning bucket still contain objects with versions that represent a cost of storage.
_____ in Amazon S3 allows specific resources on a webpage to be requested from a different domain than its own, which allows you to build client-side web applications.
A. The canned access control list
B. Cross-Origin Resource Sharing
C. ExposeHeader
D. The Access Analyzer
B. Cross-Origin Resource Sharing
Explanation:
At a high level, CORS allows specific resources on a webpage to be requested from a different domain than its own. And this allows you to build client-side web applications.
You have noticed that your S3 bucket contains no CloudTrail logs. Which of the following represent reasons why there are no log files in your bucket? (Choose 2 answers)
A. Logging has not been configured in the CloudTrail console.
B. There have been no API requests initiated for the objects in the bucket.
C. The bucket has been configured to automatically overwrite old object log files.
D. A request for the timestamps of API requests has not be configured in the CloudTrail console.
A. Logging has not been configured in the CloudTrail console.
B. There have been no API requests initiated for the objects in the bucket.
Explanation:
The log files may be missing from the bucket because object logging has not been enabled by using CloudTrail console, or there may not have been any API requests made to the objects in the bucket. Timestamps are automatically provided when object level logging is enabled through the CloudTrail console, and any API requests for objects are recorded as new requests and would automatically appear in a bucket once logging is enabled.
