S3 Tiers
What is the minimum number of days objects have to be stored in S3 for?
A. 30 Days
B. 5 Days
C. 60 Days
D. 90 Days
A. 30 Days
What status code is generated for successful uploads using the CLI or API in S3?
A. 404
B. 500
C. 200
D. 403
C. 200
Explanation: Successful uploads using the CLI or API in S3 generate an HTTP 200 status code.
Which AWS service allows you to query data stored in S3 using standard SQL without configuring any infrastructure?
A. Redshift
B. RDS
C. Athena
D. DynamoDB
C. Athena
Explanation: Athena is a serverless service that allows you to query data stored in S3 using standard SQL without the need to configure any infrastructure.
What is the largest size file you can transfer to S3 using a single PUT operation?
A. 1GB
B. 100MB
C. 5GB
D. 5TB
C. 5GB
Explanation: Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes. The largest object that can be uploaded in a single PUT is 5 gigabytes. For objects larger than 100 megabytes, customers should consider using the Multipart Upload capability.
Which S3 storage class is suitable for frequently accessed data?
A. S3 Standard-Infrequent Access
B. S3 One Zone-Infrequent Access
C. S3 Standard
D. Glacier Deep Archive
C. S3 Standard
Explanation: S3 Standard is suitable for most workloads and is great for frequently accessed data.
Which bucket policy condition would you use to explicitly deny all unencrypted HTTP access?
A. "Null": { "s3:x-amz-server-side-encryption": "true"}
B. "Bool": {"aws:SecureTransport": "true"}
C. "Null": { "s3:x-amz-server-side-encryption": "false" }
D. "Bool": {"aws:SecureTransport": "false"}
D. "Bool": {"aws:SecureTransport": "false"}
Explanation: Explicitly denying requests that are identified as "aws:SecureTransport": "false" would deny requests that are using HTTP rather and are unencrypted.
Which HTTP method supported by CloudFront is a read-only method?
A. PATCH
B. DELETE
C. PUT
D. GET
D. GET
Which bucket policy condition could you use to deny put object requests that do not use server-side encryption?
A. "StringEquals": {"aws:SecureTransport": "false"}
B. "StringEquals": {"aws:SecureTransport": "true"}
C. "StringEquals": { "s3:x-amz-server-side-encryption": "AES256"}
D. "StringNotEquals": { "s3:x-amz-server-side-encryption": "AES256"}
D. "StringNotEquals": { "s3:x-amz-server-side-encryption": "AES256"}
Explanation: This condition is checking whether a string does NOT equal "s3:x-amz-server-side-encryption": "AES256". This condition is looking for strings that are NOT equal. This condition is appropriate for denying PutObject requests that do not use server-side encryption with AES256.
Which S3 storage class is not suitable for critical data like backups?
A. S3 Standard
B. S3 Standard-Infrequent Access
C. S3 One Zone-Infrequent Access
D. Glacier Instant Retrieval
C. S3 One Zone-Infrequent Access
Explanation: S3 One Zone-Infrequent Access is for long-term, infrequently accessed noncritical data and is stored redundantly in one single availability zone, making it unsuitable for critical data like backups.
Data must be loaded into an application each week for analysis. The data is uploaded to an Amazon S3 bucket from several offices around the world. Latency is slowing the uploads and delaying the analytics job. What is the SIMPLEST way to improve upload times?
A. Upload to a local Amazon S3 bucket within each region and enable Cross-Region Replication (CRR)
B. Upload via a managed AWS VPN connection
C. Upload to Amazon CloudFront and then download from the local cache to the S3 bucket
D. Upload using Amazon S3 Transfer Acceleration
D. Upload using Amazon S3 Transfer Acceleration
Explanation: Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer
Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.
You would like to migrate your website to AWS and use CloudFront to provide the best performance. Your users will need to complete a form on the website in order to subscribe to a mailing list and comment on blog posts. Which of the following allowed HTTP methods should you configure in your CloudFront distribution settings?
A. GET, HEAD, OPTIONS
B. GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
C. GET, HEAD
D. GET, HEAD, OPTIONS, POST
B. GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
Explanation: This combination of HTTP methods will enable your users to interact with the website and send, modify, insert, and delete data.
You are using S3 in ap-northeast-1 to host a static website in a bucket called "acloudguru". What would the new URL endpoint be?
A. http://acloudguru.s3-website-ap-northeast-1.amazonaws.com
B. http://acloudguru.s3-website-ap-southeast-1.amazonaws.com
C. https://s3-ap-northeast-1.amazonaws.com/acloudguru/
D. http://www.acloudguru.s3-website-ap-northeast-1.amazonaws.com
A. http://acloudguru.s3-website-ap-northeast-1.amazonaws.com
Explanation: Depending on your Region, your Amazon S3 website endpoint usually follows one of these two formats: s3-website dash (-) Region ‐ http://bucket-name.s3-website-Region.amazonaws.com s3-website dot (.) Region ‐ http://bucket-name.s3-website.Region.amazonaws.com (As an exception, the Asia Pacific (Tokyo) Region ap-northeast-1 uses the website endpoint s3-website-ap-northeast-1.amazonaws.com). Hence, the correct URL is http://acloudguru.s3-website-ap-northeast-1.amazonaws.com.
Which S3 storage class is ideal for backup and disaster recovery use cases, when large sets of data occasionally need to be retrieved in minutes, without concern for costs?
A. Amazon S3 Standard
B. Amazon S3 Glacier Deep Archive
C. Amazon S3 Glacier Flexible Retrieval
D. Amazon S3 Intelligent-Tiering
B. Amazon S3 Glacier Deep Archive
Explanation: S3 Glacier Flexible Retrieval (formerly S3 Glacier) is the ideal storage class for archive data that does not require immediate access but needs the flexibility to retrieve large sets of data at no cost, such as backup or disaster recovery use cases. AWS Documentation: Amazon S3 Glacier Flexible Retrieval (Formerly S3 Glacier)(https://aws.amazon.com/s3/storage-classes/#Flexible_Retrieval).
Which of the following statements is correct about Amazon S3 cross-region replication?
A. S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts
B. The source and destination S3 buckets cannot be in different AWS Regions
C. Both source and destination S3 buckets must have versioning disabled
D. The source S3 bucket owner must have the source and destination AWS Regions disabled for their account
A. S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts
Explanation: Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can copy objects between different AWS Regions or within the same Region.
Both source and destination buckets must have versioning enabled. The source bucket owner must have the source and destination AWS Regions enabled for their account. The destination bucket owner must have the destination Region-enabled for their account.
You are hosting a website in an Amazon S3 bucket. Which feature defines a way for client web applications that are loaded in one domain to interact with resources in a different domain?
A. Bucket Policy
B. CORS
C. Bucket ACL
D. IAM Role
B. CORS
Explanation: Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.
Which of the following statements about S3 buckets is false?
A. S3 bucket names are globally unique across all AWS accounts.
B. When you first create an S3 bucket, this bucket is publicly accessible by default.
C. All Amazon S3 buckets have encryption configured by default.
D. Amazon S3 buckets support versioning, allowing you to preserve, retrieve, and restore every version of every object stored in a bucket.
B. When you first create an S3 bucket, this bucket is publicly accessible by default.
Explanation: By default, newly created S3 buckets are private, and their contents are not accessible to the public. Access control settings must be explicitly configured to make the bucket or its contents publicly accessible.
What is the correct order from highest to lowest cost of S3 tiers.
A. S3 intelligent tiering, S3 standard, Glacier flexible retrieval, Glacier instant retrieval
B. S3 standard, S3 intelligent tiering, Glacier flexible retrieval, Glacier instant retrieval
C. S3 intelligent tiering, Glacier flexible retrieval, S3 standard, Glacier instant retrieval
D. Glacier instant retrieval, Glacier flexible retrieval, S3 intelligent tiering, S3 standard
B. S3 standard, S3 intelligent tiering, Glacier flexible retrieval, Glacier instant retrieval
An application resizes images that are uploaded to an Amazon S3 bucket. Amazon S3 event notifications are used to trigger an AWS Lambda function that resizes the images. The processing time for each image is less than one second. A large amount of images are expected to be received in a short burst of traffic. How will AWS Lambda accommodate the workload?
A. Lambda will process the images sequentially in the order they are received
B. Lambda will scale out and execute the requests concurrently
C. Lambda will collect and then batch process the images in a single execution
D. Lambda will scale the memory allocated to the function to increase the amount of CPU available to process many images
B. Lambda will scale out and execute the requests concurrently
Explanation: The first time you invoke your function, AWS Lambda creates an instance of the function and runs its handler method to process the event. When the function returns a response, it stays active and waits to process additional events. If you invoke the function again while the first event is being processed, Lambda initializes another instance, and the function processes the two events concurrently.
Your functions’ concurrency is the number of instances that serve requests at a given time. For an initial burst of traffic, your functions’ cumulative concurrency in a Region can reach an initial level of between 500 and 3000, which varies per Region.
A developer works with applications in her AWS account that use Amazon S3 to store sensitive data. To enhance security, the developer wants to ensure that all S3 buckets in her applications are not publicly accessible. Which of the following actions should the developer take to meet this requirement? Choose the best option.
A. Enable block public access settings at the account level and use IAM roles to manage access to specific S3 buckets.
B. Enable block public access settings at the account level to apply to all current and future S3 buckets in the account.
C. Enable block public access settings at the bucket level for each S3 bucket in the applications.
D. Enable block public access settings at the bucket level and use an IAM policy to deny any public access.
B. Enable block public access settings at the account level to apply to all current and future S3 buckets in the account.
Which of the following statements about S3 buckets is false?
A. S3 bucket names are globally unique across all AWS accounts.
B. All Amazon S3 buckets have encryption configured by default.
C. Amazon S3 buckets support versioning, allowing you to preserve, retrieve, and restore every version of every object stored in a bucket.
D. When you first create an S3 bucket, this bucket is publicly accessible by default.
D. When you first create an S3 bucket, this bucket is publicly accessible by default.
Explanation: By default, newly created S3 buckets are private, and their contents are not accessible to the public. Access control settings must be explicitly configured to make the bucket or its contents publicly accessible.