Section: 9: Amazon S3 Introduction Flashcards Preview

AWS Associate Developer Exam > Section: 9: Amazon S3 Introduction > Flashcards

Flashcards in Section: 9: Amazon S3 Introduction Deck (8)
Loading flashcards...
1

You're trying to upload a 25 GB file on S3 and it's not working
A) The file size limit on S3 is 5GB
B) The service must be down
C) You should use Multi Part Upload when your file is bigger than 5GB

C) You should use Multi Part Upload when your file is bigger than 5GB

Multi Part Upload is also recommended as soon as the file is over 100MB

2

I tried creating an S3 bucket named "dev" but it didn't work. This is a new AWS Account and I have no buckets at all. What is the cause?
A) I'm missing IAM permissions to create a bucket
B) Bucket names must be globally unique and "dev" is already taken

B) Bucket names must be globally unique and "dev" is already taken

3

You've added files in your bucket and then enabled versioning. The files you've already added will have which version?
A) 1
B) 0
C) -1
D) null

D) null

4

Your client wants to make sure the encryption is happening in S3, but wants to fully manage the encryption keys and never store them in AWS. You recommend
A) SSE-S3
B) SSE-KMS
C) SSE-C
D) Client Side Encryption

C) SSE-C

Here you have full control over the encryption keys, and let AWS do the encryption

5

Your company wants data to be encrypted in S3, and maintain control of the rotation policy for the encryption keys, but not know the encryption keys values. You recommend
A) SSE-S3
B) SSE-KMS
C) SSE-C
D) Client Side Encryption

B) SSE-KMS

With SSE-KMS you let AWS manage the encryption keys but you have full control of the key rotation policy

6

Your company does not trust S3 for encryption and wants it to happen on the application. You recommend
A) SSE-S3
B) SSE-KMS
C) SSE-C
D) Client Side Encryption

D) Client Side Encryption

With Client Side Encryption you perform the encryption yourself and send the encrypted data to AWS directly. AWS does not know your encryption keys and cannot decrypt your data.

7

The bucket policy allows our users to read/write files in the bucket, yet we were not able to perform a PutObject API call.
A) The bucket policy must be wrong
B) The IAM user must have an explicit DENY in the attached IAM policy
C) You need to contact AWS Support to lift this limit

B) The IAM user must have an explicit DENY in the attached IAM policy

Explicit DENY in an IAM policy will take precedence over a bucket policy permiss

8

You have a website that loads files from another S3 bucket. When you try the URL of the files directly in your Chrome browser it works, but when the website you're visiting tries to load these files it doesn't. What's the problem?
A) The Bucket policy is wrong
B) The IAM policy is wrong
C) CORS is wrong
D) Encryption is wrong

C) CORS is wrong

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. To learn more about CORS, go here: https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html