S3 Flashcards
An application running on EC2 instance is regularly
loading data from an S3 bucket. The objects are
several 10’s of GB in size. You would like to fetch
only part of these objects using a SQL-like syntax.
S3-Select; , you can use simple structured query language (SQL) statements to filter the
contents of Amazon S3 objects and retrieve just the
subset of data that you need (NOT ATHENA)
S3 Reolication
It’s no retroactive()
An online stock trading application is extensively using an S3 bucket to store client data. To comply with the financial regulatory requirements, you need to generate a report on the replication and encryption status of all of the objects stored in your bucket. The report should show which type of server-side encryption is being used by each object.
As the Systems Administrator of the company, how can you meet the above requirement with the least amount of effort?
S3 inventory to generate the required report
(NOT Athena and Select)
Amazon S3 inventory is one of the tools Amazon S3 provides to help manage your storage. You can use it to audit and report on the replication and encryption status of your objects for business, compliance, and regulatory needs. You can also simplify and speed up business workflows and big data jobs using Amazon S3 inventory, which provides a scheduled alternative to the Amazon S3 synchronous List API operation.
As part of the yearly AWS data cleanup, you need to delete all unused S3 buckets and their contents. The tutorialsdojo bucket, which contains several educational video files, has both the Versioning and MFA Delete features enabled. One of your Systems Engineers who have an Administrator account tried to delete an S3 bucket using the aws s3 rb s3://tutorialsdojo command. However, the operation fails even after repeated attempts.
Which of the following are valid options that you can implement to properly delete the bucket? (Select TWO.)
Remove the policy that requires MFA Delete on your S3 bucket. Use the AWS SDK to remove all of the bucket’s delete markers and object versions. Delete the bucket again using the same CLI command that you used before.
Have the root account owner suspend MFA and versioning in the bucket. Configure a lifecycle rule to expire current object versions and permanently remove non-current object versions. Permanently purge all objects and delete markers then delete your bucket again.
NOT CLI commands NO x-amz-mfa header
An aerospace engineering company is having some issues in expanding its on-premises storage capabilities. The cost of upgrading their storage servers is too high and they need to find a more cost-effective option. The CTO decided to adopt a hybrid cloud architecture using AWS to extend the storage for their applications. The new storage should be available as an iSCSI target, which should be accessed by the servers in your on-premises data center.
Which of the following options would you use to meet this requirement?
AWS Storage Gateway connects an on-premises software appliance with cloud-based storage to provide seamless integration with data security features between your on-premises IT environment and the AWS storage infrastructure.
A document management system of a legal firm is hosted in AWS Cloud with an S3 bucket as the primary storage service. To comply with the security requirements, you are instructed to ensure that the confidential documents and files stored in AWS are secured.
Which features can be used to restrict access to data in S3? (Select TWO.)
– Configure the S3 bucket policy to only allow access to authorized personnel.
– Configure the S3 ACL on the bucket of each individual object.
NOT Set up a Single Sign-On feature (SSO) with IAM Identity Federation is incorrect because you don’t need to grant external identities access to AWS resources
A document management system that is hosted in AWS uses an S3 bucket to store its data. Due to a recent cyberattack, the IT Security department mandated that all objects must be encrypted at rest.
Which of the following is a valid option to use to fulfill this requirement? (Select TWO.)
– Use AWS server-side encryption for the S3 bucket with AWS Managed Keys.
– Use AWS server-side encryption for the S3 bucket with Customer-Provided Keys.
NOT Enable CORS in the S3 bucket is incorrect because this is unrelated to encrypting objects in an S3 bucket. CORS (Cross-Origin Resource Sharing) is a mechanism that allows many resources on a web page to be requested from another domain outside the domain from which the resource originated.
A crowdfunding company has hired you for consultation services. They have set up many crowdfunding projects on their website using Lambda, CloudFront, and S3, and they have asked you to evaluate them. They want to add new features, such as logging statistical data on how much their website is being accessed, how successful their crowdfunding projects are, and a way to check if people within their company are maliciously modifying website content.
Which of the following will you recommend to address these requests in a cost-effective way? (Select TWO.)
– Use CloudFront monitoring and usage reporting features to analyze access data and viewer data.
– Use CloudTrail to log all activity within the AWS account.
NOT Turn on versioning and multi-factor authentication in S3 to see if contents are really being modified unwarily is incorrect because turning on versioning and MFA won’t help you achieve the requirements in the scenario. However, this is good for securing the content.
A popular online graphic design tool startup uses a standard S3 bucket that has versioning enabled to store the user-generated images on its platform. They have millions of users around the globe that store their logos, graphics, infographics, and other designs on their platform. Lately, there are a lot of users complaining that they receive a lot of HTTP 503 responses on the platform.
Which of the following options could be the reason why this issue exists?
You might have one or more objects in the bucket for which there are millions of versions.
If you notice a significant increase in the number of HTTP 503-slow down responses received for Amazon S3 PUT or DELETE object requests to a bucket that has versioning enabled, you might have one or more objects in the bucket for which there are millions of versions. When you have objects with millions of versions, Amazon S3 automatically throttles requests to the bucket to protect the customer from an excessive amount of request traffic, which could potentially impede other requests made to the same bucket.
An electronics manufacturing company has recently decided to adopt a hybrid cloud infrastructure that will store their backup data from their on-premises data center to AWS. You are instructed to upload their archive files with a total size of 70 TB to Amazon Glacier. Using the AWS CLI, you uploaded a file named tutorialsdojo.zip to Glacier and received a response shown below. However, you noticed that you cannot assign a custom key name, such as tutorialsdojo.zip, to the archives that you upload.
Which of the following options can ensure that you can have the same file in Glacier in the most cost-effective way? (Select TWO.)
-Use AWS Snowball Edge to upload the archive files to Glacier by using the S3 lifecycle policy.
-Upload the archive files in Amazon S3 Infrequent Access. Set up a lifecycle policy to move the archives to Glacier.
A large IT solutions company with 200 technical personnel uses AWS Organizations to manage its multi-account AWS environment. All AWS accounts should be able to read a specific Amazon S3 bucket in the management account. Based on the company policy, the S3 bucket should not be accessible outside the organization. The SysOps administrator needs to create a bucket policy to create the necessary permissions.
Which parameters should be specified on the bucket policy to accomplish this task in the MOST efficient approach?
Declare a (*) wildcard as the principal and set PrincipalOrgId as a condition
A photo-sharing company is hosting an application on an EC2 instance that allows users to upload images. The application saves the images on an Amazon S3 bucket in us-east-2. Recently, users are experiencing load time issues when they upload images into the application. The website is popular in countries away from us-east-2.
Which of the following should the SysOps administrator do to address the issue?
Enable S3 Transfer Acceleration
NOT Create accelerators and listeners using AWS Global Accelerator is incorrect because the Global Accelerator service does not work with S3. It only supports endpoints like application load balancers, network load balancers, EC2 instances, or elastic IP addresses.
A medical technology startup has a set of sensitive documents stored in their S3 bucket which contains personal health information of their customers. To secure the data, only the privileged IAM users should have access to the contents of the bucket using their MFA devices.
How can you ensure that this specific access is provided for the bucket? (Select TWO.)
– Ensure MFA is enabled for the privileged IAM users.
– Ensure a bucket policy is in place to only allow access if users are MFA authenticated.
A SysOps Administrator is assigned to monitor any suspicious activity that occurs in the AWS cloud infrastructure and trace these activities back to the origin. CloudTrail is automatically enabled by default for newly created accounts and is able to track activities occurring in the account. Logs are being stored in an S3 bucket. Furthermore, the Administrator wishes to conduct a more in-depth analysis of the data that is being written in the CloudTrail logs to get a better insight into all occurring operational activities.
What service will help the Administrator conduct SQL queries on these logs to extract more valuable information from them?
Amazon Athena.
NOT Amazon S3 Select