A Cantrill - S3

Question 1

S3 buckets are private by default (T or F)

Answer 1

True. By default all S3 buckets are created as private.

Question 2

What is S3 bucket policy?

Answer 2

A form of Resource policy, like identify policy but attached to a bucket.

Question 3

What is the difference between an Identity policy and a Resource (bucket) policy?

Answer 3

-Use Identity policies for controlling different resources (not just S3). OR if you only want to manage all permissions in IAM.

-Resource (bucket) policy for just S3. OR if you want cross account or anonymous (whole internet) access for a certain resource

Question 4

Aside from Static web hosting, what other cases are good in S3 static ?

Answer 4

Offloading and Out-of-band pages.

Question 5

What is the cost to transfer data into S3 from internet?

Answer 5

Free

Question 6

What is Static Website Hosting?

Answer 6

feature of S3 which lets you define a HTTP endpoint, set index and error documents and use S3 like a website.

Question 7

What is the default behavior of S3 bucket for the object versioning option?

Answer 7

Its initially disabled

Question 8

Once a bucket has Object Versioning enabled, you CAN switch it back to disabled (true or false)

Answer 8

False.

Once a bucket has versioning enabled you cannot go back to disabled. You can “suspend” versioning temporarily but cannot go back to disable.

Question 9

What is the minimum data size for an object to use Multipart upload in S3?

Answer 9

100 MB.

Question 10

what is the maximum number of parts in multipart?

Answer 10

10,000 max parts, 5MB > 5GB

Question 11

What is the route for S3 transfer acceleration?

Answer 11

Upload location to Edge location to S3 bucket

Question 12

Can KMS use both Symmetric and Asymmetric keys?

Answer 12

Yes, KMS use both Symmetric and Asymmetric keys

Question 13

T or F: KMS keys can leave KMS

Answer 13

False.

Keys never leave KMS.
Uses FIPS 140-2(L2)

Question 14

KMS keys are isolated to region and never leave (T or F)

Answer 14

True. KMS keys are isolated to region and never leave

Question 15

Key policies are what type of policy?

Answer 15

Key policies are a Resource policy.

Question 16

Which level of S3 does encryption occur, Object or Bucket level?

Answer 16

Encryption occurs are the object level, NOT the bucket level

Question 17

What is the difference between client and server side encryption?

Answer 17

Client side means data is encrypted before AWS receives it.
Server side means data encryption is partially encrypted by AWS when it is received.

Question 18

What is Intelligent-Tiering in S3?

Answer 18

Intelligent -Tiering monitors and automatically moves objects not accessed for 30 days to a low cost IA tier and eventually to Archive instant access, Archive access or deep archive tiers

Question 19

What is Lifecycle configuration in S3?

Answer 19

Performs Transition actions (ex. moves objects to another tier after 30 days)
Performs Expiration actions

Question 20

For Cross Region replication between accounts, what needs to happen for this to work?

Answer 20

The destination bucket needs a bucket policy that allows the IAM role from the source account to replicate objects to it.

Question 21

Replication Time Control RTC - S3

Answer 21

When you need replication under 15 mins

Question 22

Delete markers are replicated by default (t or f)

Answer 22

False.

Delete markers are NOT replicated by default, needs to be configured.

Question 23

What are use cases for Same Region Replication in S3?

Answer 23

-Log aggregation
-PROD and TEST sync
-Resilience for regions where data cannot leave a region by law

Question 24

What are use cases for Cross Region Replication in S3?

Answer 24

-Global resilience Improvements
-Latency Reduction

Question 25

where do S3 events go to in AWS?

Answer 25

Lambda, SNS or SQS

Question 26

What is S3 object lock?

Answer 26

You can use S3 Object Lock to store objects using a write-once-read-many (WORM) model. It can help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.

-Versioning must be enabled

Question 27

What are the three modes of S3 object Lock?

Answer 27

Compliance, Governance or Legal hold

Question 28

What are S3 Access points?

Answer 28

simplifies managing data access at scale for applications using shared data sets on S3.

Question 29

Which steps are required to allow an S3 bucket to operate as a website?

Answer 29

-Enable Static Web hosting on the bucket
-Set index and error documents
-Disable “block public access” settings
-Upload web files
-Add a bucket policy

Question 30

What S3 feature allows objects storage classes to be changed and objects deleted automatically?

Answer 30

S3 lifecycle policies

Question 31

What is the default limit of the number of S3 buckets in an AWS account?

Answer 31

100 buckets is the default limit of the number of S3 buckets in an AWS account

Question 32

How large can an object in S3 be ? and what (if any) limits are there on the number of objects in a bucket?

Answer 32

Max Object = 5TB, No limit on # of objects in a bucket

Question 33

What S3 feature can be used to grant external accounts access to an S3 bucket?

Answer 33

Resource policies can be used to grant external accounts access to an S3 bucket

Question 34

Which type of encryption allows for role separation where an S3 Full Admin might not be able to decrypt objects?

Answer 34

SSE-KMS allows for role separation for an S3 full admin

Question 35

What is the default performance for S3 per second?

Answer 35

S3 can support at least 3,500 requests per second to add data (PUT) and 5,500 requests per second to retrieve data (GET), which can save significant processing time for no additional charge