Your organization runs Linux-based EC2 instances that all require low-latency read/write access to a single set of files. Which of the following AWS services are your best choices? (Choose two.)
A) AWS Storage Gateway
B) AWS S3
C) Amazon Elastic File System
D) AWS Elastic Block Store
A, C. Storage Gateway and EFS provide the required read/write access. S3 can be used to share files, but it doesn’t offer low-latency access—and its eventual consistency won’t work well with filesystems. EBS volumes can be used only for a single instance at a time.
Your organization expects to be storing and processing large volumes of data in many small increments. When considering S3 usability, you’ll need to know whether you’ll face any practical limitations in the use of AWS account resources. Which of the following will normally be available only in limited amounts?
A) PUT requests/month against an S3 bucket
B) The volume of data space available per S3 bucket
C) Account-wide S3 storage space
D) The number of S3 buckets within a single account
D. In theory, at least, there’s no limit to the data you can upload to a single bucket or to all the buckets in your account or to the number of times you upload (using the PUT command). By default, however, you are allowed only 100 S3 buckets per account.
You have a publicly available file called filename stored in an S3 bucket named bucketname. Which of the following addresses will successfully retrieve the file using a web browser?
A) s3.amazonaws.com/bucketname/filename
B) filename/bucketname.s3.amazonaws.com
C) s3://bucketname/filename
D) s3://filename/bucketname
A. HTTP (web) requests must address the s3.amazonaws.com domain along with the bucket and filenames.
If you want the files stored in an S3 bucket to be accessible using a familiar directory hierarchy system, you’ll need to specify prefixes and delimiters. What are prefixes and delimiters?
A) A prefix is the name common to the objects you want to group, and a delimiter is the bar character (|).
B) A prefix is the DNS name that precedes the amazonaws.com domain, and a delimiter is the name you want to give your file directory.
C) A prefix is the name common to the objects you want to group, and a delimiter is a forward slash character (/).
D) A prefix is the name common to the file type you want to identify, and a delimiter is a forward slash character (/).
C. A prefix is the name common to the objects you want to group, and a slash character (/) can be used as a delimiter. The bar character (|) would be treated as part of the name rather than as a delimiter. Although DNS names can have prefixes, they’re not the same as prefixes in S3.
Your web application relies on data objects stored in AWS S3 buckets. Compliance with industry regulations requires that those objects be encrypted and that related events be closely tracked. Which combination of tools should you use? (Choose two.)
A) Server-side encryption
B) Amazon S3-Managed Keys
C) AWS KMS-Managed Keys
D) Client-side encryption
E) AWS End-to-End managed keys
A, C. Client-side encryption occurs before an object reaches the bucket (i.e., before it comes to rest in the bucket). Only AWS KMS-Managed Keys provide an audit trail. AWS End-to-End managed keys don’t exist as an AWS service.
You are engaged in a deep audit of the use of your AWS resources and you need to better understand the structure and content of your S3 server access logs. Which of the following operational details are likely to be included in S3 server access logs? (Choose three.)
A) Source bucket name
B) Action requested
C) Current bucket size
D) API bucket creation calls
E) Response status
A, B, E. S3 server access logs don’t report the source bucket’s current size. They don’t track API calls—that’s something covered by AWS CloudTrail.
You’re assessing the level of durability you’ll need to sufficiently ensure the long-term viability of a new web application you’re planning. Which of the following risks are covered by S3’s data durability guarantees? (Choose two.)
A) User misconfiguration
B) Account security breach
C) Infrastructure failure
D) Temporary service outages
E) Datacenter security breach
C, E. The S3 guarantee only covers the physical infrastructure owned by AWS. Temporary service outages are related to “availability” and not “durability.”
Which of the following explains the difference in durability between S3’sStandard-IA and S3 Intelligent-Tiering classes?
A) Standard-IA data has only 99.9% availability, whereas Intelligent-Tiering’s availability depends on the data’s current state.
B) Standard-IA data is heavily replicated but only within a single availability zone, whereas Intelligent-Tiering data is only lightly replicated.
C) Standard-IA data is replicated across AWS regions, whereas Intelligent-Tiering data is restricted to a single region.
D) Standard-IA data is automatically backed up to Amazon Glacier, whereas Intelligent-Tiering data remains within S3.
A. Standard-IA data has only a 99.9% availability rate, whereas the availability (and other features) of Intelligent-Tiering data will change across its life cycle.
Which of the following is the 12-month availability guarantee for the S3 Standard-IA class?
A) 99.99 percent
B) 99.9 percent
C) 99.999999999 percent
D) 99.5 percent
B. The S3 Standard-IA (Infrequent Access) class is guaranteed to be available 99.9 percent of the time.
Your application regularly writes data to an S3 bucket, but you’re worried about the potential for data corruption as a result of conflicting concurrent operations. Which of the following data operations would not be subject to concerns about eventual consistency?
A) Operations immediately preceding the deletion of an existing object
B) Operations subsequent to the updating of an existing object
C) Operations subsequent to the deletion of an existing object
D) Operations subsequent to the creation of a new object
D. S3 can’t guarantee instant consistency across their infrastructure for changes to existing objects, but there aren’t such concerns for newly created objects.
You’re worried that updates to the important data you store in S3 might incorrectly overwrite existing files. What must you do to protect objects in S3 buckets from being accidentally lost?
A) Nothing. S3 protects existing files by default.
B) Nothing. S3 saves older versions of your files by default.
C) Enable versioning.
D) Enable file overwrite protection.
C. Object versioning must be manually enabled for each object to prevent older versions of the object from being deleted.
Your S3 buckets contain many thousands of objects. Some of them could be moved to less expensive storage classes and others still require instant availability. How can you apply transitions between storage classes for only certain objects within an S3 bucket?
A) By specifying particular prefixes when you define your life cycle rules.
B) This isn’t possible. Life cycle rules must apply to all the objects in a bucket.
C) By specifying particular prefixes when you create the bucket.
D) By importing a predefined life cycle rule template.
A. S3 life cycle rules can incorporate specifying objects by prefix. There’s no such thing as a life cycle template.
Which of the following classes will usually make the most sense for long-term storage when included within a sequence of life cycle rules?
A) S3 Glacier Flexible Retrieval
B) Reduced Redundancy
C) S3 One Zone-IA
D) S3 Standard-IA
A. S3 Glacier offers the least expensive and most highly resilient storage within the AWS ecosystem. Reduced Redundancy is not resilient and, in any case, is no longer recommended. S3 One Zone and S3 Standard are relatively expensive.
Which of the following are the recommended methods for providing secure and controlled access to your buckets? (Choose two.)
A) S3 access control lists (ACLs)
B) S3 bucket policies
C) IAM policies
D) Security groups
E) AWS Key Management Service
B, C. ACLs are a legacy feature that isn’t as flexible as IAM or S3 bucket polices. Security groups are not used with S3 buckets. KMS is an encryption key management tool and isn’t used for authentication.
In the context of an S3 bucket policy, which of the following statements describes a principal?
A) The AWS service being defined (S3 in this case)
B) An origin resource that’s given permission to alter an S3 bucket
C) The resource whose access is being defined
D) The user or entity to which access is assigned
D. In this context, a principal is an entity to which bucket access is assigned.
You don’t want to open up the contents of an S3 bucket to anyone on the Internet, but you need to share the data with specific clients. Generating and then sending them a presigned URL is a perfect solution. Assuming you didn’t explicitly set a value, how long will the presigned URL remain valid?
A) 24 hours
B) 3,600 seconds
C) 5 minutes
D) 360 seconds
B. The default expiry value for a presigned URL is 3,600 seconds (one hour).
Which non-S3 AWS resources can improve the security and user experience of your S3-hosted static website? (Choose two.)
A) AWS Certificate Manager
B) Elastic Compute Cloud (EC2)
C) Relational Database Service (RDS)
D) Route 53
E) AWS Key Management Service
A, D. The AWS Certificate Manager (when used as part of a CloudFront distribution) can apply an SSL/TLS encryption certificate to your website. You can use Route 53 to associate a DNS domain name to your site. EC2 instances and RDS database instances would never be used for static websites. You would normally not use KMS for a static website—websites are usually meant to be public and encrypting the website assets with a KMS key would make it impossible for clients to download them.
How long will it take to retrieve an archive from Amazon Glacier Deep Archive ?
A) 5 hours
B) 12 hours
C) 2 days
D) 1 week
B. As of this writing, retrieving Glacier Deep Archive data will take no larger than 12 hours.
You need a quick way to transfer very large (peta-scale) data archives to the cloud. Assuming your Internet connection isn’t up to the task, which of the following will be both (relatively) fast and cost-effective?
A) Direct Connect
B) Server Migration Service
C) Snowball
D) Storage Gateway
C. Direct Connect can provide fast network connections to AWS, but it’s very expensive and can take up to 90 days to install. Server Migration Service and Storage Gateway aren’t meant for moving data at such scale.
Your organization runs Windows-based EC2 instances that all require low-latency read/write access to a single set of files. Which of the following AWS services is your best choice?
A) Amazon FSx for Windows File Server
B) Amazon FSx for Lustre
C) Amazon Elastic File System
D) Amazon Elastic Block Store
A. FSx for Lustre and Elastic File System are primarily designed for access from Linux filesystems. EBS volumes can’t be accessed by more than a single instance at a time.
-
Chapter 1 - Intro to cloud computing and AWS12
-
Chapter 2 - Compute Services24
-
Chapter 3 - AWS Storage20
-
Chapter 4 - Amazon Virtual Private Cloud (VPC)24
-
Chapter 5 - Database Services24
-
Chapter 6 - Authentication and Authorization - AWS Identity and Access Management20
-
Chapter 7 - CloudTrail, CloudWatch, and AWS Config21
-
Chapter 8 - The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront20
-
Chapter 9 - Data Ingestion, Transformation, and Analytics20
-
Chapter 10 - Resilient Architectures30
-
Chapter 11 - High-Performing Architectures24
-
Chapter 12 - Secure Architectures21
-
Chapter 13 - Cost-Optimized Architectures20
