Section 14: S3 Security

Question 1

SSE-S3 encryption type

Answer 1

AES-256

Question 2

Advantage of using SSE-KMS

Answer 2

user control
audit key usage using cloudtrail

Question 3

SSE-KMS limitation

Answer 3

KMS limits such as quota for decrypt KMS api calls

Question 4

HTTPS must be used with this type of S3 encryption

Answer 4

SSE-C

Question 5

This type of encryption uses keys managed outside of AWS by the customer

Answer 5

SSE-C

Question 6

In CORS(Cross-Origin Resource Sharing) what parts make up the origin?

Answer 6

Scheme(protocol)
Host(domain)
Port

Question 7

This is web browser security that allows you to enable objects being retrieved from one S3 bucket if request is coming from another origin

Answer 7

CORS

Question 8

What must be enabled to use MFA delete

Answer 8

Versioning

Question 9

Who can enable or disable MFA delete

Answer 9

The bucket owner(root account)

Question 10

Two modes for S3 object lock

Answer 10

Compliance
Governance

Question 11

What are the settings of compliance mode in S3 Object Lock

Answer 11

Object versions cannot be overwritten or deleted by an user

Object retention modes cannot be changed and periods cannot be shortened.

Question 12

What are the settings of governance mode in S3 Object Lock

Answer 12

Most users cant overwrite or delete an object version or alter lock settings

Some users have special permissions to change retention or delete objects

Question 13

This S3 Object Lock mode protects objects indefinitely

Answer 13

Legal Hold