SIMPLE STORAGE SERVICE (S3)

Question 1

Is s3 private by default?

Answer 1

Yes

Question 2

A form of resource policies used for S3

Answer 2

Bucket Policies

Question 3

Can resource policies effect different accounts?

Answer 3

Yes

Question 4

Can bucket policies allow/deny anonymous principals

Answer 4

Yes

Question 5

Policies used for the identities in the same account or multiple resources

Answer 5

Identity

Question 6

Policies used for cross-account or just controlling S3

Answer 6

Bucket policies

Question 7

Allows access to S3 via HTTP once index and error documents are set

Answer 7

Static Web Hosting

Question 8

Specific address that the bucket can be access from using HTTP

Answer 8

Website Endpoint

Question 9

Storage is one of the cost components of S3

Answer 9

True

Question 10

Requests and Data retrievals are one of the cost components of S3

Answer 10

True

Question 11

Data Transfer is one of the cost components of S3

Answer 11

True

Question 12

Lets you keep a copy of an object whenever it is overwritten as its versions also protects your objects from accidental deletions

Answer 12

versioning

Question 13

markers on an object version to mark it as removed, rather than permanently deleting it from your S3 bucket

Answer 13

Delete Markers

Question 14

Can you disable versioning off after enabling it?

Answer 14

No only suspended

Question 15

Charged and space is consumed by all version of an object

Answer 15

True

Question 16

a security feature that is used together with S3 Versioning to prevent unauthorized
or accidental deletions in your S3 bucket

Answer 16

MFA delete

Question 17

The bucket owner must include two forms of authentication in any request to delete an object version or change the versioning state of the bucket

Answer 17

MFA delete

Question 18

single data stream to S3, if the stream fails upload fails

Answer 18

Single Put Upload

Question 19

Max file size per single upload

Answer 19

5 gb

Question 20

Data is broken up into parts for uploading, parts can fail and be restarted

Answer 20

Multipart Upload

Question 21

Uses the network of Edge locations to upload to optimize long distance transfers from your client to Amazon S3

Answer 21

Transfer Acceleration

Question 22

Buckets are not encrypted by objects inside buckets are

Answer 22

True

Question 23

Data is first encrypted on the client-side before uploaded to Amazon
S3. You manage the encryption process, the encryption keys, and related tools

Answer 23

Client-Side encryption (CSE)

Question 24

Amazon S3 encrypts your object before saving it on disks in its data
centers and then decrypts it when you download the objects

Answer 24

Server-Side encryption (SSE)

Question 25

You manage the encryption keys and S3 manages the encryption and decryption process

Answer 25

SSE-C

Question 26

S3 uses AES-256 encryption keys to encrypt your objects, and each object is encrypted with a unique key

Answer 26

SSE-S3 (AES256)

Question 27

S3 uses AES-256 encryption keys to encrypt your
objects but the key is managed in a different service, which is AWS KMS

Answer 27

SSE-KMS

Question 28

Share objects or allow your customers/users to upload objects to buckets without AWS security credentials or permissions. Takes on the realtime permissions of the creator when used

Answer 28

Presigned URL

Question 29

Grants others time-limited permission to download or upload objects
from and to the owner’s S3 buckets

Answer 29

Presigned URL

Question 30

Used in serverless architectures where access to a private s3 bucket is controlled

Answer 30

Presigned URL

Question 31

Can you create a presigned url you have no access to?

Answer 31

Yes

Question 32

Used to retrieve parts of objects instead of whole objects using SQL like statements

Answer 32

S3 Select

Question 33

feature to receive notifications when certain events happen in your S3 bucket such as creating, deleting, restoring or replicating an object

Answer 33

Amazon S3 Event Notifications

Question 34

Can S3 Event Notifications be delivered to EC2?

Answer 34

No SQS, SNS, Lambda only

Question 35

Provides detailed records for the requests that are made to an Amazon S3 bucket used for security and access audits

Answer 35

S3 server access logging

Question 36

Store objects using a write-once-read-many (WORM) model which requires versioning

Answer 36

Object Lock

Question 37

object is WORM-protected and can’t be overwritten or deleted and remains in place until you explicitly remove it

Answer 37

Legal Hold

Question 38

Retention mode where certain permissions can be granted to adjust the lock settings

Answer 38

Governance

Question 39

named network endpoints that are attached to buckets that you can use to perform S3 object operations

Answer 39

Access points

Question 40

Used to monitor malicious activity on S3 such as unauthorized access or suspicious access patterns

Answer 40

AWS Guard Duty