S3 Flashcards
Which S3 encryption-at-rest option enables you to use AWS Key Management Service to manage your encryption keys?
SSE-KMS
Versioning’s __________ Delete capability can be used to provide an additional layer of security.
Multi-factor Authentication (MFA)
S3 Standard is designed for __________ availability.
99.99%
Which S3 encryption-at-rest option enables you to leverage S3 to perform encryption/decryption of objects while letting you retain control of the encryption keys?
SSE-C
S3 Transfer Acceleration leverages __________.
Amazon CloudFront (it’s globally distributed Edge locations)
S3 Standard provides __________ 9s of durability.
Eleven.
The maximum file size allowed on S3 Standard is __________.
5 TB
How long will it take to restore my objects archived in Glacier using Expedited retrievals?
1-5 minutes.
True or False: Versioning can be turned off.
False.
Once versioning has been enabled, it cannot be disabled; it can only be suspended.
True or False: Customers cannot configure an S3 bucket to create access log records for requests made against it.
False.
Customers can enable access log records. Access log records contain details about the request such as request type, resources requested, and the time/date the request was processed.
__________ allows you to retain control of encryption keys and complete the encryption/decryption of objects client-size using an encryption library of your choice.
Amazon S3 Encryption Client.
S3 One Zone - IA is designed for __________ availability.
99.5%
All of the S3 storage classes are designed for eleven 9s of durability except for __________.
S3 RRS.
S3 RRS is designed for four nines of durability.
True or False: Versioning must be enabled for both the source and destination S3 buckets to enable CRR.
True.
True or False: There is no Data Transfer charge for data transferred between regions via a COPY request.
False.
Cross-region data transfer costs money.
True or False: There is no Data Transfer charge for data transferred between EC2 and S3 within the same region.
True.
What are the four mechanisms for controlling access to S3 buckets?
- bucket policies
- access control lists (ACLs)
- IAM policies
- query string authentication (URL with expiry)
__________ enables fast, easy, and secure transfers of files over long distances between your client and S3 bucket.
Amazon S3 Transfer Acceleration
Can I allow a specific VPC Endpoint access to my S3 bucket?
Yes.
You can limit access to your bucket from a specific VPC Endpoint using a bucket policy.
True or False: You can securely upload/download your data to S3 via SSL endpoints using the HTTPS protocol.
True.
The minimum file size allowed on S3 Standard is __________.
0 bytes.
True or False: Only the owner of an S3 bucket can permanently delete a version.
True.
S3 Standard - IA is designed for __________ availability.
99.9%
True or False: There is no Data Transfer charge for data transferred within a region via a COPY request.
True.
In which storage classes are objects stored redundantly within a single Availability Zone?
S3 One Zone - IA
True or False: If S3 Transfer Acceleration is not faster than a regular S3 transfer, Amazon still adds the additional charge to your bill.
False.
If the transfer isn’t faster than standard, Amazon will not charge your for the Transfer Acceleration.
Which S3 storage option allows customers to store noncritical, reproducible data at lower levels of redundancy than S3 Standard?
S3 RRS (reduced redundancy storage)
S3 RRS is designed for __________ availability.
99.99%
For the S3 Standard, S3 Standard - IA, and Glacier storage classes, objects are automatically stored across multiple devices spanning a minimum of _______ Availability Zones.
Three.
How long will it take to restore my objects archived in Glacier using Standard retrievals?
3-5 hours.
True or False: S3 Transfer Acceleration can be used with multipart uploads.
True.
True or False: For the S3 Standard, S3 Standard - IA, and Glacier storage classes, objects are automatically stored across multiple devices spanning a minimum of two Availability Zones.
False.
Three availability zones; not two.
__________ allows you to preserve, retrieve, and restore every iteration of every object stored in an S3 bucket.
Versioning.
How long will it take to restore my objects archived in Glacier using Bulk retrievals?
5-12 hours.
True or False: S3 Standard, S3 Standard - IA, S3 One Zone - IA, and Glacier all provide seven 9s of durability.
False.
The S3 services listed provide eleven 9s of durability.
True or False: S3 Standard - IA provides the same performance as the S3 Standard and S3 One Zone - IA storage classes.
True.
Which S3 encryption-at-rest option provides an integrated solution where Amazon handles key management and key protection?
SSE-S3
S3 RRS is designed for __________ durability.
99.99%
A __________ is a logical entity within a VPC that allows connectivity only to S3 without having to send traffic over the Internet.
VPC Endpoint for S3
__________ is an S3 feature that automatically replicates data across regions.
CRR (cross-region replication)
Which encryption option should you use if you need to maintain control of your encryption keys and have your objects encrypted before they are sent to S3?
Amazon S3 Encryption Client.
What is the S3 Standard - IA storage class useful for?
Storing data that is accessed less frequently but still requires rapid access.