AWS Certified Developer - Associate > S3 > Flashcards

S3 Flashcards

(16 cards)

Study These Flashcards
1
Q

S3 buckets offer read-after-write consistency for PUTS of new objects.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the default encryption used on S3?

A

AES-256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your S3 backed website is consistently receiving over 400 read requests per second and is steadily rising. What can you do to achieve the best performance as traffic to your website continues to increase?

A

Configure a CloudFront CDN and use the S3 bucket as the origin.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

S3 buckets provides eventual consistency for overwrite PUTS and DELETES.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name three ways that allows a user to have secure access to private files located in S3.

A
  • CloudFront Signed Cookies
  • CloudFront Signed URLs
  • CloudFront Origin Access Identity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

S3 is for object storage, what does that mean?

A

It means that it is for files, images and web pages.

It is NOT for OS and databases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does S3 do to minimise the risk of losing any data?

A

The data is spread across multiple devices and facilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the S3 tiers/classes?

A
  • S3 (Standard)
  • Data redundantly across multiple devices in multiple facilities
  • Is designed to sustain the loss of 2 facilities concurrently
  • S3 IA (Infrequent Access)
  • For data that is accessed less frequently, but still requires rapid access when needed
  • Lower fee than S3, but you are charged every time you retrieve data
  • S3 One Zone IA
  • Same as IA, but the data is only stored in a single AZ
  • Only 99.5% availability
  • Cost is 20% less than regular S3 AI
  • S3 Glacier
  • Very cheap
  • Used for archival only
  • Optimised for data that is infrequently accessed
  • Can take 3-5 hours to restore data from Glacier
  • S3 Reduced Redundancy
  • Only 99.99% durability
  • Used for data that can be recreated if lost
  • E.g. thumbnails
  • S3 - Intelligent Tiering
  • For data with known or unpredictable access patterns
  • Keeps data in a frequently tier, and move it to an unfrequently access tier if you haven’t accessed in in 30 days. The data is moved back to frequently accessed tier if it is accessed again.
  • No fees for accessing or moving your data between the two tiers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name two ways to set up access control on a S3 bucket.

A
  • Bucker Policy
  • Applied on a bucket level
  • Used if you want to give a user or set of users access to your bucket
  • Written in JSON
  • Access Control Lists
  • Applied at an object level
  • We can apply an access specifying what people can access a certain object, and which kind of access they have (read, write, full control)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the availability (built for vs guaranteed) and durability for S3?

A
  • Built for 99.99% availability
  • Amazon guarantees 99.9% availability
  • Amazon guarantees 99.999999999% durability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Name three things we can do to kept our data more safe.

A
  • Version control
  • Prevent certain users from deleting you data
  • Replicate data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can you track what calls have been made to you S3 bucket?

A

You can configure a bucket to create access logs (Server access logging), which logs all requests made to the S3 bucket. These logs can be written to the same or another bucket in the same region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What encryption is used in transit for S3?

A

SSL/TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What encryption is used at rest for S3?

A
  • SSE-S3
  • S3 Managed Keys
  • Each object is encrypted with its own unique key using strong multi-factor encryption
  • The key itself is also encrypted with a master key that is regularly rotated
  • AES-256
  • SSE-KMS
  • AWS Key Management Service
  • AWS Manage these keys (just like for SSE-S3)
  • Audit trail - you can see how, when and by whom the key was used
  • SSE-C
  • Server Side Encryption with Customer Provided Key
  • AWS manage the encryption and decryption
  • You manage the keys
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can you enforce encryption on a S3 bucket?

A

Add the x-amz-server-side-encryption parameter in the header.
Two options:
x-amz-server-side-encryption: AES256 (SSE-S3))
x-amz-server-side-encryption: ams:kms (SSE-KMS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can you enforce encryption on a S3 bucket?

Study These Flashcards
A
  • Create a bucker policy that denies any S3 PUT request which doesn’t include the x-amz-server-side-encryption parameter in the request header
  • Add the x-amz-server-side-encryption parameter in the header.
    Two options:
    x-amz-server-side-encryption: AES256 (SSE-S3))
    x-amz-server-side-encryption: ams:kms (SSE-KMS)
AWS Certified Developer - Associate
flashcards
Decks in class (18)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions