Simple Storage Service (S3) Flashcards
Which type of S3 encryption shows as AES256
SSE-S3
Which S3 Storage class is suitable for data which is easily replaced (choose the most cost effective)
S3 One Zone-IA
Which Object class in S3 is ideal for uncertain access and low admin overhead
S3 Intelligent-Tiering
What is the cheapest S3 storage class for important data which need to be retained for long periods and is rarely accessed
S3 Glacier
Which steps are required to allow an S3 bucket to operate as a website (choose all which apply):
Install the HTTPD server files into the S3
Upload web files
Set index and error documents
Enable static web hosting
Enable versioning
Disable block public access settings
Add a bucket policy
Add an identity policy
Upload web files
Set index and error documents
Enable static web hosting
Disable block public access settings
Add a bucket policy
What S3 feature allows objects storage classes to be changed and objects deleted automatically
S3 Lifecycle policies
What is the default limit of the number of S3 buckets in an AWS account
100
How large can an object in S3 be ? and what (if any) limits are there on the number of objects in a bucket
Object Max = 5TB, No Object bucket limit
What S3 feature needs to be enabled to allow Cross-Region Replication (CRR)
Versioning
What S3 feature can be used to grant external accounts access to an S3 bucket
Resource Policies
Which type of encryption allows for role separation where an S3 Full Admin might not be able to decrypt objects
SSE-KMS
Which type of encryption is where AWS perform encryption operations but DON’T hold any keys
SSE-C
What type of encryption means AWS perform the encryption operations and handle key creation & management
SSE-S3
What feature is required to allow CRR to function
Versioning
What happens when an object is deleted in a bucket with versioning enabled
A delete marker is added
When should you use ACLs for S3
Never, unless you must, but AWS discourages their use
When should you use identity policies to manage S3 bucket access
When you need different identities to control different resources
When you have a preference for IAM
When should you use bucket policies
To just control S3
To allow anonymous or cross-account access
Can you disable bucket versioning once enabled
No, but you can suspend and unsuspend it
Which versions consume space in an S3 bucket with versioning enabled
All the versions
How do you achieve 0 cost for a bucket where you had enabled versioning
By deleting the bucket or by manually purging all versions
Does suspending bucket versioning delete old versions
No
How do you enable MFA delete on an S3 bucket
In versioning configuration
What does MFA delete mean on an S3 bucket
It means that MFA is required to change bucket versioning state, and to delete versions