Question 1: You are testing the Object Lock features and their interaction with existing life cycle policies. You want to ensure the object versions are not removed from the bucket by existing life cycle policies. What capability would you use to test this configuration?
Configure Object Lock retention period of one year in Governance Mode for each object
Explaination: For testing, use the Governance mode, as you can always reverse the changes and override the governance mode. Compliance mode configuration is not reversible, and you would have to wait for the retention period to expire
AWS S3 Quiz 3 Results : Please go through the referenced links to expand your learning.
You got 0 out of 24 correct.
You didn't attempt following questions:
Ques 1: You are testing the Object Lock features and their interaction with existing life cycle policies. You want to ensure the object versions are not removed from the bucket by existing life cycle policies. What capability would you use to test this configuration?
Ques 2: A company’s corporate policy mandates the storage of critical documents for five years. The average size of the files is 2 MB. When needed, the requester can wait 24 hours. What storage would you choose for this requirement that lowers the cost?
Ques 4: A game developer is planning to use S3 to store important game statistics for each user. The traffic could reach 1000s of GET and PUT requests per second with millions of users. Which of these key naming conventions would scale to support the traffic?
Ques 5: Your corporate policy requires logging all access to the objects in the S3 bucket. You plan to use the S3 access log feature to collect the logs to a secure bucket. Where will you grant permission to the log capture process in S3?
Ques 6: A client updated an existing object in S3, and another client immediately attempted to read the object. Which consistency model does S3 guarantee for updates?
Ques 9: A sports broadcaster has a collection of current and historical videos that must be immediately accessible when needed. The access pattern is unclear, and storage should transparently handle availability zone failures. What S3 storage class meets the requirement while reducing the storage cost?
Ques 10: You are planning to use S3 for maintaining all images and scripts that are needed for a web application. During testing, you can view the images and scripts in S3 from an unauthenticated browser. However, when you access the web application, the browser is unable to load the picture and script. What issue might be causing this?
Ques 11: Your corporate policy requires encrypted storage at rest for all data stored in the S3 Data Lake. What feature can you use that would take the least effort?
Ques 12: An autonomous driving startup uses S3 for storing vehicle usage log data in S3. The average size of each file is 150 MB. The last one MB of each file contains summary information, and the teams want to store the data in a search system. What is the best mechanism to extract this summary data from S3?
Ques 13: A social media application needs to store 1000s of objects. The average size of each object is 20 KB size, and it needs to be immediately accessible when needed. The older objects are accessed less frequently. What storage would be suitable for this requirement at the lowest cost?
Ques 15: An organization has several types of lab equipment that collect and store data in files. These equipments are inside the private network of the organization, and the generated data files need to be stored in S3. Which one of these options can provide a reliable mechanism for continuously transferring data to the cloud?
Ques 16: A team is currently using the S3 Standard class for all their storage. The data in the bucket are used by different groups in the organization, and there is no clear visibility on the percentage of data accessed. What tool can you use to generate reports on the usage of data automatically?
Ques 17: An organization is using S3 for storing log data, and the content needs to be accessible only from a specific set of on-premises servers. Where would you enforce this access policy?
Ques 18: Your department got a legal hold notice from the company's legal department to preserve all the evidence and documents in the S3 bucket. The data should be protected from modification and deletion for three years. All buckets currently have lifecycle policies that automatically purge data at varying intervals. What would you do?
Ques 19: A company’s security team requires that all data stored in the cloud be encrypted at rest at all times using encryption keys stored on premises.Which encryption options meet these requirements? (Select TWO.)
Ques 20: An organization requires encrypting files before they are stored in physical media in S3. The key needs to be accessible only for authorized users. The master key needs to be maintained in a tamper-resistant infrastructure and automatically rotated every year. Which of these options meet the security objectives while minimizing the ownership cost?
Ques 22: An analytics company is planning to offer a web analytics service to its users. The service will require that the users’ webpages include a JavaScript script that makes authenticated GET requests to the company’s Amazon S3 bucket. What must a solutions architect do to ensure that the script will successfully execute?
Ques 23: An organization is consolidating data in S3, and data scientists need access to this data for initial exploration. They are well versed in SQL and would prefer to access the data in S3 using SQL. Which of these options provides the lowest cost without requiring to provision any servers?
Ques 24: A software company's support team needs to provide a mechanism for customers to upload log files for troubleshooting issues. Which of these options can you use for providing access to your S3 resource for customers to upload a file?
Question 1: You are testing the Object Lock features and their interaction with existing life cycle policies. You want to ensure the object versions are not removed from the bucket by existing life cycle policies. What capability would you use to test this configuration?
Option 1: Configure Object Lock retention period of one year in Governance Mode for each object
Option 2: Configure Object Lock retention period for one year in Compliance Mode for each object
Answer: Option 1: Configure Object Lock retention period of one year in Governance Mode for each object Reference
Question 2: A company’s corporate policy mandates the storage of critical documents for five years. The average size of the files is 2 MB. When needed, the requester can wait 24 hours. What storage would you choose for this requirement that lowers the cost?
Question 3: You need to preserve the object versions for an undetermined amount of time. Which option would you use?
Option 1: Object Lock Legal Hold
Option 2: Object Lock Retention Period in Governance mode
Option 3: Object Lock Retention Period in Compliance mode
Answer: Option 1: Object Lock Legal Hold Reference
Question 4: A game developer is planning to use S3 to store important game statistics for each user. The traffic could reach 1000s of GET and PUT requests per second with millions of users. Which of these key naming conventions would scale to support the traffic?
Question 5: Your corporate policy requires logging all access to the objects in the S3 bucket. You plan to use the S3 access log feature to collect the logs to a secure bucket. Where will you grant permission to the log capture process in S3?
Option 1: Bucket Policy or Bucket ACL
Option 2: IAM Role
Option 3: Identity-based policy
Option 4: Object ACL
Answer: Option 1: Bucket Policy or Bucket ACL Reference
Question 6: A client updated an existing object in S3, and another client immediately attempted to read the object. Which consistency model does S3 guarantee for updates?
Question 9: A sports broadcaster has a collection of current and historical videos that must be immediately accessible when needed. The access pattern is unclear, and storage should transparently handle availability zone failures. What S3 storage class meets the requirement while reducing the storage cost?
Question 10: You are planning to use S3 for maintaining all images and scripts that are needed for a web application. During testing, you can view the images and scripts in S3 from an unauthenticated browser. However, when you access the web application, the browser is unable to load the picture and script. What issue might be causing this?
Option 1: Cross Origin Resource Sharing is not configured in S3
Option 2: S3 bucket is not public
Option 3: Use Pre-signed URL to grant access to the resource.
Option 4: Use Secure FTP for file transfer.
Answer: Option 1: Cross Origin Resource Sharing is not configured in S3 Reference
Question 11: Your corporate policy requires encrypted storage at rest for all data stored in the S3 Data Lake. What feature can you use that would take the least effort?
Option 1: Client-Side Encryption with key managed in KMS
Option 2: S3 Server-Side Encryption with key managed in KMS
Answer: Option 2: S3 Server-Side Encryption with key managed in KMS Reference
Question 12: An autonomous driving startup uses S3 for storing vehicle usage log data in S3. The average size of each file is 150 MB. The last one MB of each file contains summary information, and the teams want to store the data in a search system. What is the best mechanism to extract this summary data from S3?
Option 1: Multi-part download
Option 2: ElastiCache to transfer data at very high rates
Option 3: CloudFront to distribute the data to edges for fast local access
Question 13: A social media application needs to store 1000s of objects. The average size of each object is 20 KB size, and it needs to be immediately accessible when needed. The older objects are accessed less frequently. What storage would be suitable for this requirement at the lowest cost?
Question 15: An organization has several types of lab equipment that collect and store data in files. These equipments are inside the private network of the organization, and the generated data files need to be stored in S3. Which one of these options can provide a reliable mechanism for continuously transferring data to the cloud?
Option 1: Storage Gateway
Option 2: Directly copy the files to S3 from lab equipment using S3 Command Line Tools
Question 16: A team is currently using the S3 Standard class for all their storage. The data in the bucket are used by different groups in the organization, and there is no clear visibility on the percentage of data accessed. What tool can you use to generate reports on the usage of data automatically?
Option 1: S3 Access Log
Option 2: Storage Class Analysis
Option 3: CloudTrail
Option 4: Intelligent Tiering
Answer: Option 2: Storage Class Analysis Reference
Question 17: An organization is using S3 for storing log data, and the content needs to be accessible only from a specific set of on-premises servers. Where would you enforce this access policy?
Question 18: Your department got a legal hold notice from the company's legal department to preserve all the evidence and documents in the S3 bucket. The data should be protected from modification and deletion for three years. All buckets currently have lifecycle policies that automatically purge data at varying intervals. What would you do?
Option 1: Put a Deny All resource-based policy on the S3 bucket
Option 2: Put an Object Lock legal hold on all the buckets
Option 3: Configure Object Lock retention period of three years in Governance Mode for each object
Option 4: Configure Object Lock retention period of three years in Compliance Mode for each object
Answer: Option 4: Configure Object Lock retention period of three years in Compliance Mode for each object Reference
Question 19: A company’s security team requires that all data stored in the cloud be encrypted at rest at all times using encryption keys stored on premises.Which encryption options meet these requirements? (Select TWO.)
Option 1: Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3).
Option 2: Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS).
Option 3: Use server-side encryption with customer-provided encryption keys (SSE-C).
Option 4: Use client-side encryption to provide at-rest encryption.
Option 5: Use an AWS Lambda function invoked by Amazon S3 events to encrypt the data using the customer’s keys.
Question 20: An organization requires encrypting files before they are stored in physical media in S3. The key needs to be accessible only for authorized users. The master key needs to be maintained in a tamper-resistant infrastructure and automatically rotated every year. Which of these options meet the security objectives while minimizing the ownership cost?
Question 22: An analytics company is planning to offer a web analytics service to its users. The service will require that the users’ webpages include a JavaScript script that makes authenticated GET requests to the company’s Amazon S3 bucket. What must a solutions architect do to ensure that the script will successfully execute?
Option 1: Enable cross-origin resource sharing (CORS) on the S3 bucket.
Option 2: Enable S3 Versioning on the S3 bucket.
Option 3: Provide the users with a signed URL for the script.
Option 4: Configure an S3 bucket policy to allow public execute privileges.
Answer: Option 1: Enable cross-origin resource sharing (CORS) on the S3 bucket. Reference
Question 23: An organization is consolidating data in S3, and data scientists need access to this data for initial exploration. They are well versed in SQL and would prefer to access the data in S3 using SQL. Which of these options provides the lowest cost without requiring to provision any servers?
Question 24: A software company's support team needs to provide a mechanism for customers to upload log files for troubleshooting issues. Which of these options can you use for providing access to your S3 resource for customers to upload a file?
Option 1: Use Cognito for identity federation
Option 2: Use Storage Gateway
Option 3: Enable public access to the bucket and limit access from a specific customer network
Question 1: An organization is consolidating data in S3, and data scientists need access to this data for initial exploration. They are well versed in SQL and would prefer to access the data in S3 using SQL. Which of these options provides the lowest cost without requiring to provision any servers?
Question 2: A game developer is planning to use S3 to store important game statistics for each user. The traffic could reach 1000s of GET and PUT requests per second with millions of users. Which of these key naming conventions would scale to support the traffic?
Question 3: You need to preserve the object versions for an undetermined amount of time. Which option would you use?
Option 1: Object Lock Legal Hold
Option 2: Object Lock Retention Period in Governance mode
Option 3: Object Lock Retention Period in Compliance mode
Answer: Option 1: Object Lock Legal Hold Reference
Question 4: A client updated an existing object in S3, and another client immediately attempted to read the object. Which consistency model does S3 guarantee for updates?
Question 5: You are testing the Object Lock features and their interaction with existing life cycle policies. You want to ensure the object versions are not removed from the bucket by existing life cycle policies. What capability would you use to test this configuration?
Option 1: Configure Object Lock retention period of one year in Governance Mode for each object
Option 2: Configure Object Lock retention period for one year in Compliance Mode for each object
Answer: Option 1: Configure Object Lock retention period of one year in Governance Mode for each object Reference
Question 6: Which AWS service would you use to verify the overall health of your data lake?
Question 7: An organization requires encrypting files before they are stored in physical media in S3. The key needs to be accessible only for authorized users. The master key needs to be maintained in a tamper-resistant infrastructure and automatically rotated every year. Which of these options meet the security objectives while minimizing the ownership cost?
Question 8: A social media application needs to store 1000s of objects. The average size of each object is 20 KB size, and it needs to be immediately accessible when needed. The older objects are accessed less frequently. What storage would be suitable for this requirement at the lowest cost?
Question 10: Your department got a legal hold notice from the company’s legal department to preserve all the evidence and documents in the S3 bucket. The data should be protected from modification and deletion for three years. All buckets currently have lifecycle policies that automatically purge data at varying intervals. What would you do?
Option 1: Put a Deny All resource-based policy on the S3 bucket
Option 2: Put an Object Lock legal hold on all the buckets
Option 3: Configure Object Lock retention period of three years in Governance Mode for each object
Option 4: Configure Object Lock retention period of three years in Compliance Mode for each object
Answer: Option 4: Configure Object Lock retention period of three years in Compliance Mode for each object Reference
Question 11: You are planning to use S3 for maintaining all images and scripts that are needed for a web application. During testing, you can view the images and scripts in S3 from an unauthenticated browser. However, when you access the web application, the browser is unable to load the picture and script. What issue might be causing this?
Option 1: Cross Origin Resource Sharing is not configured in S3
Option 2: S3 bucket is not public
Option 3: Use Pre-signed URL to grant access to the resource.
Option 4: Use Secure FTP for file transfer.
Answer: Option 1: Cross Origin Resource Sharing is not configured in S3 Reference
Question 12: What feature can you use to protect the data in S3 Data Lake if someone accidentally makes the S3 Bucket public?
Option 1: S3 Server-Side Encryption with Default Keys
Option 2: S3 Server-Side Encryption with Customer Master Keys
Question 13: A sports broadcaster has a collection of current and historical videos that must be immediately accessible when needed. The access pattern is unclear, and storage should transparently handle availability zone failures. What S3 storage class meets the requirement while reducing the storage cost?
Question 14: Your corporate policy requires logging all access to the objects in the S3 bucket. You plan to use the S3 access log feature to collect the logs to a secure bucket. Where will you grant permission to the log capture process in S3?
Option 1: Bucket Policy or Bucket ACL
Option 2: IAM Role
Option 3: Identity-based policy
Option 4: Object ACL
Answer: Option 1: Bucket Policy or Bucket ACL Reference
Question 15: A company’s corporate policy mandates the storage of critical documents for five years. The average size of the files is 2 MB. When needed, the requester can wait 24 hours. What storage would you choose for this requirement that lowers the cost?
Question 17: An organization has several types of lab equipment that collect and store data in files. These equipments are inside the private network of the organization, and the generated data files need to be stored in S3. Which one of these options can provide a reliable mechanism for continuously transferring data to the cloud?
Option 1: Storage Gateway
Option 2: Directly copy the files to S3 from lab equipment using S3 Command Line Tools
Question 18: An organization is using S3 for storing log data, and the content needs to be accessible only from a specific set of on-premises servers. Where would you enforce this access policy?
Question 19: An autonomous driving startup uses S3 for storing vehicle usage log data in S3. The average size of each file is 150 MB. The last one MB of each file contains summary information, and the teams want to store the data in a search system. What is the best mechanism to extract this summary data from S3?
Option 1: Multi-part download
Option 2: ElastiCache to transfer data at very high rates
Option 3: CloudFront to distribute the data to edges for fast local access
Question 20: Your corporate policy requires encrypted storage at rest for all data stored in the S3 Data Lake. What feature can you use that would take the least effort?
Option 1: Client-Side Encryption with key managed in KMS
Option 2: S3 Server-Side Encryption with key managed in KMS
Answer: Option 2: S3 Server-Side Encryption with key managed in KMS Reference
Question 21: A team is currently using the S3 Standard class for all their storage. The data in the bucket are used by different groups in the organization, and there is no clear visibility on the percentage of data accessed. What tool can you use to generate reports on the usage of data automatically?
Option 1: S3 Access Log
Option 2: Storage Class Analysis
Option 3: CloudTrail
Option 4: Intelligent Tiering
Answer: Option 2: Storage Class Analysis Reference
Question 22: A software company’s support team needs to provide a mechanism for customers to upload log files for troubleshooting issues. Which of these options can you use for providing access to your S3 resource for customers to upload a file?
Option 1: Use Cognito for identity federation
Option 2: Use Storage Gateway
Option 3: Enable public access to the bucket and limit access from a specific customer network
Question 23: A company’s security team requires that all data stored in the cloud be encrypted at rest at all times using encryption keys stored on premises.Which encryption options meet these requirements? (Select TWO.)
Option 1: Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3).
Option 2: Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS).
Option 3: Use server-side encryption with customer-provided encryption keys (SSE-C).
Option 4: Use client-side encryption to provide at-rest encryption.
Option 5: Use an AWS Lambda function invoked by Amazon S3 events to encrypt the data using the customer’s keys.
Question 24: An analytics company is planning to offer a web analytics service to its users. The service will require that the users’ webpages include a JavaScript script that makes authenticated GET requests to the company’s Amazon S3 bucket. What must a solutions architect do to ensure that the script will successfully execute?
Option 1: Enable cross-origin resource sharing (CORS) on the S3 bucket.
Option 2: Enable S3 Versioning on the S3 bucket.
Option 3: Provide the users with a signed URL for the script.
Option 4: Configure an S3 bucket policy to allow public execute privileges.
Answer: Option 1: Enable cross-origin resource sharing (CORS) on the S3 bucket. Reference
Here, we are going to discuss about different cloud computing models, and how they are available and help in fulfilling the industry needs. We will be looking into following models