Chapter 3: AWS Storage Flashcards
Your organization runs Linux-based EC2 instances that all require low-latency read/write access to a single set of files. Which of the following AWS services are your best choices? (Choose two.)
AWS Storage Gateway
AWS S3
Amazon Elastic File System
AWS Elastic Block Store
A, C. Storage Gateway and EFS provide the required read/write access. S3 can be used to share files, but it doesn’t offer low-latency access—and its eventual consistency won’t work well with filesystems. EBS volumes can be used only for a single instance at a time.
Your organization expects to be storing and processing large volumes of data in many small increments. When considering S3 usability, you’ll need to know whether you’ll face any practical limitations in the use of AWS account resources. Which of the following will normally be available only in limited amounts?
PUT requests/month against an S3 bucket
The volume of data space available per S3 bucket
Account-wide S3 storage space
The number of S3 buckets within a single account
D. In theory, at least, there’s no limit to the data you can upload to a single bucket or to all the buckets in your account or to the number of times you upload (using the PUT command). By default, however, you are allowed only 100 S3 buckets per account.
You have a publicly available file called filename stored in an S3 bucket named bucketname. Which of the following addresses will successfully retrieve the file using a web browser?
s3.amazonaws.com/bucketname/filename
filename/bucketname.s3.amazonaws.com
s3://bucketname/filename
s3://filename/bucketname
A. HTTP (web) requests must address the s3.amazonaws.com domain along with the bucket and filenames.
If you want the files stored in an S3 bucket to be accessible using a familiar directory hierarchy system, you’ll need to specify prefixes and delimiters. What are prefixes and delimiters?
A prefix is the name common to the objects you want to group, and a delimiter is the bar character (|).
A prefix is the DNS name that precedes the amazonaws.com domain, and a delimiter is the name you want to give your file directory.
A prefix is the name common to the objects you want to group, and a delimiter is a forward slash character (/).
A prefix is the name common to the file type you want to identify, and a delimiter is a forward slash character (/).
C. A prefix is the name common to the objects you want to group, and a slash character (/) can be used as a delimiter. The bar character (|) would be treated as part of the name rather than as a delimiter. Although DNS names can have prefixes, they’re not the same as prefixes in S3.
Your web application relies on data objects stored in AWS S3 buckets. Compliance with industry regulations requires that those objects be encrypted and that related events be closely tracked. Which combination of tools should you use? (Choose two.)
Server-side encryption
Amazon S3-Managed Keys
AWS KMS-Managed Keys
Client-side encryption
AWS End-to-End managed keys
A, C. Client-side encryption occurs before an object reaches the bucket (i.e., before it comes to rest in the bucket). Only AWS KMS-Managed Keys provide an audit trail. AWS End-to-End managed keys don’t exist as an AWS service.
You are engaged in a deep audit of the use of your AWS resources and you need to better understand the structure and content of your S3 server access logs. Which of the following operational details are likely to be included in S3 server access logs? (Choose three.)
Source bucket name
Action requested
Current bucket size
API bucket creation calls
Response status
A, B, E. S3 server access logs don’t report the source bucket’s current size. They don’t track API calls—that’s something covered by AWS CloudTrail.
Which of the following explains the difference in durability between S3’sStandard-IA and S3 Intelligent-Tiering classes?
Standard-IA data has only 99.9% availability, whereas Intelligent-Tiering’s availability depends on the data’s current state.
Standard-IA data is heavily replicated but only within a single availability zone, whereas Intelligent-Tiering data is only lightly replicated.
Standard-IA data is replicated across AWS regions, whereas Intelligent-Tiering data is restricted to a single region.
Standard-IA data is automatically backed up to Amazon Glacier, whereas Intelligent-Tiering data remains within S3.
A. Standard-IA data has only a 99.9% availability rate, whereas the availability (and other features) of Intelligent-Tiering data will change across its life cycle.
You’re assessing the level of durability you’ll need to sufficiently ensure the long-term viability of a new web application you’re planning. Which of the following risks are covered by S3’s data durability guarantees? (Choose two.)
User misconfiguration
Account security breach
Infrastructure failure
Temporary service outages
Datacenter security breach
C, E. The S3 guarantee only covers the physical infrastructure owned by AWS. Temporary service outages are related to “availability” and not “durability.”
Which of the following is the 12-month availability guarantee for the S3 Standard-IA class?
99.99 percent
99.9 percent
99.999999999 percent
99.5 percent
B. The S3 Standard-IA (Infrequent Access) class is guaranteed to be available 99.9 percent of the time.
You’re worried that updates to the important data you store in S3 might incorrectly overwrite existing files. What must you do to protect objects in S3 buckets from being accidentally lost?
Nothing. S3 protects existing files by default.
Nothing. S3 saves older versions of your files by default.
Enable versioning.
Enable file overwrite protection.
C. Object versioning must be manually enabled for each object to prevent older versions of the object from being deleted.
Your application regularly writes data to an S3 bucket, but you’re worried about the potential for data corruption as a result of conflicting concurrent operations. Which of the following data operations would not be subject to concerns about eventual consistency?
Operations immediately preceding the deletion of an existing object
Operations subsequent to the updating of an existing object
Operations subsequent to the deletion of an existing object
Operations subsequent to the creation of a new object
D. S3 can’t guarantee instant consistency across their infrastructure for changes to existing objects, but there aren’t such concerns for newly created objects.
Your S3 buckets contain many thousands of objects. Some of them could be moved to less expensive storage classes and others still require instant availability. How can you apply transitions between storage classes for only certain objects within an S3 bucket?
By specifying particular prefixes when you define your life cycle rules.
This isn’t possible. Life cycle rules must apply to all the objects in a bucket.
By specifying particular prefixes when you create the bucket.
By importing a predefined life cycle rule template.
A. S3 life cycle rules can incorporate specifying objects by prefix. There’s no such thing as a life cycle template.
Which of the following classes will usually make the most sense for long-term storage when included within a sequence of life cycle rules?
S3 Glacier Flexible Retrieval
Reduced Redundancy
S3 One Zone-IA
S3 Standard-IA
A. S3 Glacier offers the least expensive and most highly resilient storage within the AWS ecosystem. Reduced Redundancy is not resilient and, in any case, is no longer recommended. S3 One Zone and S3 Standard are relatively expensive.
Which of the following are the recommended methods for providing secure and controlled access to your buckets? (Choose two.)
S3 access control lists (ACLs)
S3 bucket policies
IAM policies
Security groups
AWS Key Management Service
B, C. ACLs are a legacy feature that isn’t as flexible as IAM or S3 bucket polices. Security groups are not used with S3 buckets. KMS is an encryption key management tool and isn’t used for authentication.
In the context of an S3 bucket policy, which of the following statements describes a principal?
The AWS service being defined (S3 in this case)
An origin resource that’s given permission to alter an S3 bucket
The resource whose access is being defined
The user or entity to which access is assigned
D. In this context, a principal is an entity to which bucket access is assigned.
