Section 11: Advanced S3 & Athena

Question 1

You have enabled versioning and want to be extra careful when it comes to deleting files on S3. What should you enable to prevent accidental permanent deletions?
A) Use a bucket policy
B) Enable MFA Delete
C) Encrypt the files
D) Disable versioning

Answer 1

B) Enable MFA Delete

MFA Delete forces users to use MFA tokens before deleting objects. It’s an extra level of security to prevent accidental deletes

Question 2

You would like all your files in S3 to be encrypted by default. What is the optimal way of achieving this?
A) Use Bucket Policy that forces HTTPS connections
B) Enable “Default Encryption” on S3
C) Enable Versioning

Answer 2

B) Enable “Default Encryption” on S3

Question 3

You suspect some of your employees to try to access files in S3 that they don’t have access to. How can you verify this is indeed the case without them noticing?
A) Restrict their IAM policies and look at CloudTrail logs
B) Enable S3 Access Logs and analyze them using Athena
C) Use a bucket policy

Answer 3

B) Enable S3 Access Logs and analyze them using Athena

S3 Access Logs log all the requests made to buckets, and Athena can then be used to run serverless analytics on top of the logs files

Question 4

You are looking for your entire S3 bucket to be available fully in a different region so you can perform data analysis optimally at the lowest possible cost. Which feature should you use?
A) CloudFront distributions
B) S3 Cross Region Replication
C) S3 versioning
D) S3 Websites

Answer 4

B) S3 Cross Region Replication

S3 CRR is used to replicate data from an S3 bucket to another one in a different region

Question 5

You are looking to provide temporary URLs to a growing list of federated users in order to allow them to perform a file upload on S3 to a specific location. What should you use?
A) S3 CORS
B) Pre-Signed URL
C) S3 Bucket Policies
D) IAM Users

Answer 5

B) Pre-Signed URL

Pre-Signed URL are temporary and grant time-limited access to some actions in your S3 bucket.

Question 6

How can you automate the transition of S3 objects between their different tiers?
A) Use AWS Lambda
B) Use CloudWatch Events
C) Use S3 Lifecycles Rules

Answer 6

C) Use S3 Lifecycles Rules

Question 7

Which of the following is NOT a Glacier retrieval mode?
A) Instant (10 seconds)
B) Expedited (1 to 5 minutes)
C) Standard (3 to 5 hours)
D) Bulk (5 to 12 hours)

Answer 7

A) Instant (10 seconds)

Question 8

Which of the following is a Serverless data analysis service allowing you to query data in S3?
A) S3 Analytics
B) Athena
C) Redshift
D) RDS

Answer 8

B) Athena

Question 9

You are looking to build an index of your files in S3, using Amazon RDS PostgreSQL. To build this index, it is necessary to read the first 250 bytes of each object in S3, which contains some metadata about the content of the file itself. There is over 100,000 files in your S3 bucket, amounting to 50TB of data. how can you build this index efficiently?
A) Use the RDS Import feature to load the data from S3 to PostgreSQL, and run a SQL query to build the index
B) Create an application that will traverse the S3 bucket, read all the files one by one, extract the first 250 bytes, and store that information in RDS
C) Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS.
D) Create an application that will traverse the S3 bucket, use S3 select to get the first 250 bytes, and store that information in RDS

Answer 9

C) Create an application that will traverse the S3 bucket, issue a Byte Range Fetch for the first 250 bytes, and store that information in RDS.