S3

Question 1

Which S3 encryption-at-rest option enables you to use AWS Key Management Service to manage your encryption keys?

Answer 1

SSE-KMS

Question 2

Versioning’s __________ Delete capability can be used to provide an additional layer of security.

Answer 2

Multi-factor Authentication (MFA)

Question 3

S3 Standard is designed for __________ availability.

Answer 3

99.99%

Question 4

Which S3 encryption-at-rest option enables you to leverage S3 to perform encryption/decryption of objects while letting you retain control of the encryption keys?

Answer 4

SSE-C

Question 5

S3 Transfer Acceleration leverages __________.

Answer 5

Amazon CloudFront (it’s globally distributed Edge locations)

Question 6

S3 Standard provides __________ 9s of durability.

Answer 6

Eleven.

Question 7

The maximum file size allowed on S3 Standard is __________.

Answer 7

5 TB

Question 8

How long will it take to restore my objects archived in Glacier using Expedited retrievals?

Answer 8

1-5 minutes.

Question 9

True or False: Versioning can be turned off.

Answer 9

False.

Once versioning has been enabled, it cannot be disabled; it can only be suspended.

Question 10

True or False: Customers cannot configure an S3 bucket to create access log records for requests made against it.

Answer 10

False.

Customers can enable access log records. Access log records contain details about the request such as request type, resources requested, and the time/date the request was processed.

Question 11

__________ allows you to retain control of encryption keys and complete the encryption/decryption of objects client-size using an encryption library of your choice.

Answer 11

Amazon S3 Encryption Client.

Question 12

S3 One Zone - IA is designed for __________ availability.

Answer 12

99.5%

Question 13

All of the S3 storage classes are designed for eleven 9s of durability except for __________.

Answer 13

S3 RRS.

S3 RRS is designed for four nines of durability.

Question 14

True or False: Versioning must be enabled for both the source and destination S3 buckets to enable CRR.

Answer 14

True.

Question 15

True or False: There is no Data Transfer charge for data transferred between regions via a COPY request.

Answer 15

False.

Cross-region data transfer costs money.

Question 16

True or False: There is no Data Transfer charge for data transferred between EC2 and S3 within the same region.

Answer 16

True.

Question 17

What are the four mechanisms for controlling access to S3 buckets?

Answer 17

1. bucket policies
2. access control lists (ACLs)
3. IAM policies
4. query string authentication (URL with expiry)

Question 18

__________ enables fast, easy, and secure transfers of files over long distances between your client and S3 bucket.

Answer 18

Amazon S3 Transfer Acceleration

Question 19

Can I allow a specific VPC Endpoint access to my S3 bucket?

Answer 19

Yes.

You can limit access to your bucket from a specific VPC Endpoint using a bucket policy.

Question 20

True or False: You can securely upload/download your data to S3 via SSL endpoints using the HTTPS protocol.

Answer 20

True.

Question 21

The minimum file size allowed on S3 Standard is __________.

Answer 21

0 bytes.

Question 22

True or False: Only the owner of an S3 bucket can permanently delete a version.

Answer 22

True.

Question 23

S3 Standard - IA is designed for __________ availability.

Answer 23

99.9%

Question 24

True or False: There is no Data Transfer charge for data transferred within a region via a COPY request.

Answer 24

True.

Question 25

In which storage classes are objects stored redundantly within a single Availability Zone?

Answer 25

S3 One Zone - IA

Question 26

True or False: If S3 Transfer Acceleration is not faster than a regular S3 transfer, Amazon still adds the additional charge to your bill.

Answer 26

False. If the transfer isn't faster than standard, Amazon will not charge your for the Transfer Acceleration.

Question 27

Which S3 storage option allows customers to store noncritical, reproducible data at lower levels of redundancy than S3 Standard?

Answer 27

S3 RRS (reduced redundancy storage)

Question 28

S3 RRS is designed for __________ availability.

Answer 28

99.99%

Question 29

For the S3 Standard, S3 Standard - IA, and Glacier storage classes, objects are automatically stored across multiple devices spanning a minimum of _______ Availability Zones.

Answer 29

Three.

Question 30

How long will it take to restore my objects archived in Glacier using Standard retrievals?

Answer 30

3-5 hours.

Question 31

True or False: S3 Transfer Acceleration can be used with multipart uploads.

Answer 31

True.

Question 32

True or False: For the S3 Standard, S3 Standard - IA, and Glacier storage classes, objects are automatically stored across multiple devices spanning a minimum of two Availability Zones.

Answer 32

False. **Three** availability zones; not two.

Question 33

\_\_\_\_\_\_\_\_\_\_ allows you to preserve, retrieve, and restore every iteration of every object stored in an S3 bucket.

Answer 33

Versioning.

Question 34

How long will it take to restore my objects archived in Glacier using Bulk retrievals?

Answer 34

5-12 hours.

Question 35

True or False: S3 Standard, S3 Standard - IA, S3 One Zone - IA, and Glacier all provide seven 9s of durability.

Answer 35

False. The S3 services listed provide **eleven 9s of durability.**

Question 36

True or False: S3 Standard - IA provides the same performance as the S3 Standard and S3 One Zone - IA storage classes.

Answer 36

True.

Question 37

Which S3 encryption-at-rest option provides an integrated solution where Amazon handles key management and key protection?

Answer 37

SSE-S3

Question 38

S3 RRS is designed for __________ durability.

Answer 38

99.99%

Question 39

A __________ is a logical entity within a VPC that allows connectivity only to S3 without having to send traffic over the Internet.

Answer 39

VPC Endpoint for S3

Question 40

\_\_\_\_\_\_\_\_\_\_ is an S3 feature that automatically replicates data across regions.

Answer 40

CRR (cross-region replication)

Question 41

Which encryption option should you use if you need to maintain control of your encryption keys and have your objects encrypted before they are sent to S3?

Answer 41

Amazon S3 Encryption Client.

Question 42

What is the S3 Standard - IA storage class useful for?

Answer 42

Storing data that is accessed less frequently but still requires rapid access.