Linux Academy PDF

27/02/2020 Linux Academy
(https://linuxacademy.com/cp) f.osmani@loxabe-it.de 
16  Support (https://support.linuxacademy.com/hc/en-us)
240

Navigation
Storage and Content Delivery

 1 hour 45 _rate
36  2.92 Minutes per Intermediate (/search?type=Practice Exam
minutes Questions Question Challenge&difficulty=Intermediate&categories=AWS)
Go Back Start Challenge
Question List Show All Answers
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
 
Go Back
Great Start!
42%
You did not pass this challenge on this attempt.
Expectations Report Card

Storage and Content Delivery 41.67%
Exam Breakdown
Storage and Content Delivery
INCORRECT
1. S3 lifecycle rules can apply to:

 
A tags for buckets or objects
B prefix for buckets or objects
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmodu… 1/21
C buckets
D current or previous versions of an object
E All of these answers apply
Your Answer: A
Why is this incorrect?
S3 lifecycle rules can apply to tags for buckets or objects. However, this is not the only correct answer.
Video for reference: Lifecycle Policies and Intelligent-Tiering
Correct Answer: E
Why is this correct?
S3 lifecycle rules can apply to buckets, prefixes, and tags for buckets or objects, along with current or previous versions of
an object.
INCORRECT
2. What is MFA Delete?

 
A An S3 versioning feature designed to suspend versioning.
B An S3 versioning feature designed to hide different versions of an object.
C An S3 versioning feature designed to prevent accidental deletion of objects or alteration of a bucket's versioning
state.
D An S3 versioning feature designed to prevent anonymous uploads.
Your Answer: B
MFA delete is not designed to hide different versions of an object.
Video for reference: Object Versioning
Correct Answer: C
MFA delete uses one-time passwords to prevent the accidental deletion of an object.
Video for reference: Object Versioning
INCORRECT
3. What are the characteristics of an S3 presigned URL?

 
A Presigned URLs don't expire.
B Presigned URLs can provide the ability to PUT and GET objects.
C Presigned URLs can provide anonymous users access to an object.
D Presigned URLs are based on the creator’s permissions.
Your Answer: A
Presigned URLs can expire.
Video for reference: Presigned URLs
Correct Answer: B
Presigned URLs use the creator's permission. If the creator has permission to PUT and Get an object, then this ability is
transferred to presigned URL holders.
Correct Answer: C
Presigned URLs use the creator's permission. Therefore, an anonymous user has the same access as the creator of an S3
object.
Correct Answer: D
Presigned URLs allow users to access buckets/objects based on the permissions of the URL creator. For example, if the
creator has permission to PUT and Get an object, then this ability is transferred to presigned URL holders.
4. Architecturally, where do EFS mount targets sit?

 
A Inside a subnet
B Outside a VPC
C Inside a VPC but outside of a subnet
D In an on-premise network
Correct Answer: A
Mount targets sit in a VPC's subnet.
Video for reference: EFS Fundamentals: Part 2
INCORRECT
5. What does OAI stand for?

 
A Originally Accessed Information
B Origin Access Identity

C Other Access Identifiers
D Origin Authorized IDs
Your Answer: A
OAI does not stand for Originally Accessed Information.
Video for reference: OAI
Correct Answer: B
OAI stands for Origin Access Identity.
INCORRECT
6. Which method can be used to upload objects to an S3 bucket?

 
A S3 console
B S3 Transfer Acceleration
C Command-line interface with AWS CLI installed
D An API
E All of these methods can be used to upload objects to an S3 bucket
Your Answer: A
The S3 console can be used to upload objects to an S3 bucket. However, it is not the most appropriate answer.
Video for reference: Transferring Data to S3
Correct Answer: E
Use the S3 console, an API, or a command-line interface to upload objects to an S3 bucket.
INCORRECT
7. Complete the sentence. In an S3 multipart upload, an object can be broken up into as many as _ parts.
 
A 5,000
B 20,000
C 15,000
D 10,000
Your Answer: B
S3 multipart uploader cannot break an object into 20,000 parts.
Correct Answer: D
In an S3 multipart upload, an object can be broken up into 10,000 parts.
INCORRECT
8. Which are the main components of CloudFront?

 
A Edge location
B Origin
C Distribution
D VPC
E Regional edge caches
Your Answer: D
A VPC is not a component of CloudFront.
Video for reference: CloudFront Architecture: Part 1
Correct Answer: A
A component of CloudFront is edge locations. CloudFront distributes a copy of the origin to edge locations around the
world.
Correct Answer: B
An origin is a component of CloudFront. An origin can be an S3 bucket, web server, or other AWS services that you would like
to be distributed by CloudFront.
Correct Answer: C
When you want to use CloudFront to distribute your content, you create a distribution and choose the configuration
settings you want. This can include optional settings (but not limited to) such as geo-restrictions, access, and content
origin.
Correct Answer: E

A component of CloudFront is regional edge caches. Edge locations contact regional edge caches, and it doesn't have a
cache of the requested content.
9. Which encryption type specifically uses AES-256 as its encryption format?

 
A SSE-S3
B SSE-KMS
C SSE-C
D Client-side encryption
Correct Answer: A
SSE-S3 uses an encryption format of AES-256.
Video for reference: Encryption
INCORRECT
10. Which S3 storage tier is for long-term data archiving (minimum of 180 days) that has intended access for
only once or twice in a year and takes hours to retrieve stored data?  
A Intelligent-Tiering
B Standard
C One Zone-IA
D Standard-IA
E Glacier Deep Archive
F Glacier
Your Answer: A
Intelligent-Tiering is designed to optimize costs by automatically moving data to the most cost-effective access tier,
without performance impact or operational overhead.
Video for reference: Storage Tiers/Classes
Correct Answer: E
Glacier Deep Archive is one type of S3 storage. Glacier Deep Archive is S3's lowest-cost storage class, supports long-term
retention of data that may be accessed once or twice in a year. It is designed for customers to meet regulatory compliance
requirements (in industries such as Financial Services, Healthcare, and Public Sectors).
11. What is CloudFront?

 
A An AWS content delivery network service
B An AWS database service
C An AWS DNS service
D An AWS image deploying service
Correct Answer: A
CloudFront is a content delivery service offered by AWS.
12. Which are true of S3 encryption?

 
A Uploading data between a client and the S3 console using the HTTPS endpoint ensures encryption in-transit.
B S3 encryption is an additional charge.
C A default encryption format is available.
D S3 encryption is on a per bucket basis.
E KMS is the only method for managing S3 encryption keys.
Correct Answer: A
The SSL/TLS on the S3 console ensures encryption in transit when uploading the S3 console.
Correct Answer: C
In S3 you can enable and specify a default encryption format for objects.
INCORRECT
13. Pick the statements that are true of a S3 hosted website.

 
A Websites endpoint URLs cannot be altered.
B CORS should be enabled when one website references resource from another.
C Static website must be private.
D CloudFront can be used with S3.
E Apache-like server access logs can be enabled.
Your Answer: A
The endpoint URL can be altered.
Video for reference: Static Websites and CORS
Your Answer: C
S3 hosted websites can be shared publicly, not just privately.
Correct Answer: B
Cross-Origin Resource Sharing (CORS) is a security measure allowing a web application running in one domain to reference
resources in another. Security errors in S3 may require the enabling of CORS.
Correct Answer: D
CloudFront can be used to speed up the S3 service.
Correct Answer: E
Server access logs can be enabled for buckets that host websites.
INCORRECT
14. By default, S3 objects using Cross-Region Replication (CRR) keep their:

 
A object name (key)
B owner
C storage class
D replication rules
E object permissions
Your Answer: D
Replication rules are not carried over to destination buckets.
Video for reference: Cross-Region Replication (CRR)
Correct Answer: A
By default, objects using CRR keep their object name (key).
Correct Answer: B
By default, objects using CRR to keep their owner.
Correct Answer: C
By default, objects using CRR keep their storage class.
Correct Answer: E
By default, objects using CRR keep their object permissions.
INCORRECT
15. What options need to be enabled/disabled to host a publicly accessible website on S3?
 
A Enable objects to be read by anonymous users via ACL or bucket policy.
B Enable permission for IAM users to view the website
C Enable Route 53 DNS.
D Remove the default, block public access, setting for the bucket.
E Enable the static web hosting option.
Your Answer: B
Enabling permission for an IAM user is not necessary to view the website. There are other methods to allow users (including
IAM users) to view this website.
Your Answer: C
Route 53 DNS does not have to be utilized for enabled to host a public website on S3.
Correct Answer: A
Enable objects to be read by anonymous users via ACL or created a bucket policy that pertains to all objects in the bucket.
Correct Answer: D
By default, S3 blocks public access to a bucket. This option has to be disabled to host a public website.
Correct Answer: E
The static web hosting option must be enabled to host a publicly accessible website when using S3.
INCORRECT
16. Select all that apply. Origin Access Identity (OAIs) are applied to:
 
A EC2 instances
B On-premise server
C The S3 service
D CloudFront distribution
E Bucket policies
Your Answer: A
OAIs cannot be applied to EC2 instances.
Your Answer: B
OAIs cannot be applied to on-premise servers.
Correct Answer: C
OAIs are applied to a CloudFront distribution, this allows access to end-users while protecting the direct URL to the S3
bucket.
Correct Answer: D
bucket.
Correct Answer: E
OAI is applied to bucket policies and it appends code onto a bucket policy. With OAI, you can either allow everyone to have
access or you can restrict access.
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 10/21
17. Which S3 storage tier is designed for long-term archive (minimum storage of 90 days) with retrieval time of  
minutes to hours?
A Glacier
B Standard
C Intelligent-Tiering
D One Zone-IA
E Glacier Deep Archive
F Standard-IA
Correct Answer: A
Its low-cost design is ideal for long-term archive and configurable retrieval times, from minutes to hours.
18. Which S3 encryption type allows for role separation?

 
A Client-side encryption
B SSE-KMS
C SSE-S3
D SSE-C
Correct Answer: B
SSE-KMS allows for role separation because the keys are stored in account KMS. The decryption of an object needs both S3
and KMS key permissions.
INCORRECT
19. What are the benefits of lifecycle rules?

 
A enabled by default
B moves an object back to Standard storage class when appropriate
C an automated way of moving objects between storage classes
D automatic deletion of objects
E all of these are benefits of lifecycle rules
Your Answer: A
Lifecycle rules are not enabled by default.
Your Answer: B
Once objects are moved from the Standard storage class, lifecycle rules will not allow those objects to be moved back to
Standard.
Correct Answer: C
Lifecycle rules provide an automated way of moving objects between storage classes.
Correct Answer: D
Lifecycle rules allow for the automatic deletion of objects.
INCORRECT
20. What statements are true of S3 Cross-Region Replication (CRR)?

 
A Object replication is retroactive
B SSE-C encrypted objects are supported
C None of these answers are true
D Lifecycle rules are replicated to the destination bucket
E It can change the ownership of objects and their storage tiers when going to the new region.
F Two-way replication occurs between the destination and source buckets
Your Answer: B
CRR does not support SSE-C (Server-side Encryption with Customer-Managed keys) replication. Only SSE-S3 and SSE-KMS
are supported with CRR.
Correct Answer: E

This statement is true. Object ownership and its associated storage tiers can be altered when going to a new region.
INCORRECT
21. Why would you use an Origin Access Identity (OAI)?

 
A To configure CloudFront for private distribution.
B When wanting users to only access the private CloudFront distribution and not the origin bucket.
C To restrict users from accessing the origin EC2 instance.
D For better S3 distribution performance and user experience.
Your Answer: A
OAIs is not used to configure private viewing within CloudFront. Trusted signer help to configure CloudFront for private
distribution.
Correct Answer: B
Prevent users from bypassing your CloudFront security restrictions to access the S3 origin bucket by implementing OAI.
bucket.
Correct Answer: D
By restricting users to the CloudFront distribution, you'll enhance distribution and create a better user experience. This way
CloudFront caching can distribute the content instead of the origin bucket.
22. When would you use a pre-signed URL?

 
A when needing to give S3 object access to a chosen user
B when you want a user to upload or download objects to an S3 bucket
C when needing to restrict access to the CloudFront distribution and not its origin
D when wanting to give access to a private CloudFront distribution
Correct Answer: A
Pre-signed URLs are designed to give S3 object access to anyone you give the URL to.
Correct Answer: B
Not only can users of the pre-signed URL access objects, with the appropriate permissions, they can also upload or
download objects to a bucket.
INCORRECT
23. Which statements are true of EFS?

 
A EFS is designed to work concurrently with multiple EC2 instances.
B EFS is designed to be mounted to each EC2 instance that uses it.
C EFS is temporary storage.
D EFS can utilize lifecycle management.
E Instances control access to an EFS via a security group.
Your Answer: C
EFS is not meant for temporary storage. It is a long term storage solution.
Correct Answer: A
EFS can store data to a single instance, but they are more apt to working concurrently with multiple EC2 instances.
Correct Answer: B
Instances must mount an EFS to store data within it.
Correct Answer: D
EFS, like S3, can utilize lifecycle management to move files between storage classes based on storage patterns.
Correct Answer: E
A security group allows EFS access to an EC2 instance.
INCORRECT
24. Which is true of the S3 service?

 
A Identity policies can grant access to anonymous users

B Anonymous access is automatically enabled
C Resource policies that apply to S3 are known as bucket policies
D Uploaded files are known as objects
E A key is the name of an object
F Identity policies can grant access to the S3 service
Your Answer: A
Identity policies can only be applied to identities in your account.
Video for reference: Permissions
Your Answer: B
Anonymous access is not automatically enabled.
Correct Answer: C
Resource policies are known as bucket policies when specific to the S3 service.
Correct Answer: D
S3 is an object storage solution. Uploaded files are known as objects.
Correct Answer: E
A key is the unique identifier for an object within a bucket. Every object in a bucket has exactly one key.
Correct Answer: F
Identity policies can be assigned to IAM identities within your account to access the S3 service.
INCORRECT
25. When should the S3 multipart upload method be used?

 
A When using the S3 console
B When uploading objects bigger than 100 MB
C When wanting a faster upload method than a single PUT
D When uploading objects smaller than 100 MB
Your Answer: A
The S3 console only allows the single PUT method. The command-line interface should be used when utilizing the multipart
upload method.
Correct Answer: B
Objects bigger than 100 MB should use the multipart upload method.
Correct Answer: C
Because multipart uploads use parallel upload streams, they upload faster than a single PUT method.
INCORRECT
26. Which is true of how domain names work within CloudFront?

 
A A domain name is used to view distributed content in a browser.
B A domain name can only be viewable from HTTP (not from HTTPS).
C The domain name is generated when a distribution is created.
D A domain name that can't be aliased; it can be used to view distributed content in a browser.
Your Answer: B
The domain name within CloudFront can be visited by HTTP and HTTPS.
Correct Answer: A
By visiting the CloudFront domain name, you'll be able to view the distributed content.
Correct Answer: C
A domain name is generated every time a distribution is created.
27. Which option would be appropriate to fulfill all of the following conditions?
You have customers that upload to a centralized bucket from all over the world  
You transfer gigabytes to terabytes of data on a regular basis across continents
You are unable to utilize all of your available bandwidth over the Internet when uploading to Amazon S3
A S3 Transfer Acceleration
B ElastiCache
C S3 console
D Multi-part upload
Correct Answer: A
This option is ideal for the listed examples. S3 Transfer Acceleration enables fast, easy, and secure transfers of files over
long distances between your client and an S3 bucket.
28. What is an S3 presigned URL?

 
A A temporary URL that allows users to see all objects within an assigned bucket using the creator's credentials.
B A temporary URL that allows users to see assigned S3 objects using the creator's credentials.
C A permanent URL that allows users to see all objects within an assigned bucket using the creator's credentials.
D A permanent URL that allows users to see assigned S3 objects using the creator's credentials.
Correct Answer: B
With presigned URLs an S3 owner can grant any user permissions to access an S3 object. These presigned URLs don't
require users to have AWS security credentials or permissions. Presigned URLs utilize the STS service.
29. Which is necessary when configuring S3 Cross-Region Replication (CRR)?

 
A A replication rule
B Versioning needs to be enabled on only the source bucket
C Buckets need to be in different regions
D Versioning needs to be enabled on source and destination buckets
E Buckets need to be in the same region
Correct Answer: A
A replication rule is needed, as this will allow you to set the source, destination, and IAM role.
Correct Answer: C
As the name suggests, in Cross-Region Replication buckets need to be in different regions.
Correct Answer: D
Versioning needs to be enabled on both the source and the destination bucket.
INCORRECT
30. What are the throughput modes available for an EFS?

 
A Bursting
B Max I/O
C Provisioned
D General Purpose
Your Answer: B
Max I/O is a performance mode, not a throughput mode.
Correct Answer: A
Bursting is one type of throughput mode.
Correct Answer: C
Provisioned is one type of throughput mode.
31. What does it mean to PUT or GET an object within S3?

 
A GET means to read or retrieve an object
B PUT means to write or upload an object
C PUT means to retrieve an object
D GET means to upload an object
E PUT and GET both allow the retrieval an object
Correct Answer: A
GET allows you to read, retrieve, or download and object.
Correct Answer: B
PUT allows you to write or upload an object to S3.
32. Availability Zones can only have one __.

 
A EFS mount target
B subnet
C EC2 instance
D EFS
Correct Answer: A
EFS mount targets can only live in one Availability Zone at a time.
INCORRECT
33. Which EFS performance mode is the default and suitable for 99% of customer needs?
 
A Bursting
B Provisioned
C General Purpose
D Max I/O
Your Answer: A
Bursting is a throughput mode and not a performance mode.
Correct Answer: C

General Purpose is a default performance mode that meets most customer needs.
34. What is the size limit when using the single PUT upload method in S3?
 
A 5 MB
B 10 GB
C 15 GB
D 5 GB
Correct Answer: D
The single PUT upload method is limited to 5 GB.
35. Pick the S3 storage class that is replicated across at least 3 AZs, has a minimum storage duration of 30-
days and minimum object size of 128KB.  
A Standard
B Glacier
C Standard-IA
D One Zone-IA
Correct Answer: C
Standard Infrequently Access is replicated across 3 or more AZs, and it also has a minimum billing duration of 30-days and a
minimum object size of 128KB.
36. Pick the S3 storage class for long term archival storage with a retrieval rate of minutes to hours and
minimum storage of 90-days.  
A One Zone-IA
B Glacier Deep Archive
C Standard-IA
D Glacier
Correct Answer: D
Glacier is long term, archival storage with a retrieval rate of minutes to hours, and a minimum storage of 90 days.

Linux Academy PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Linux Academy PDF

Hochgeladen von

Copyright:

Verfügbare Formate

27/02/2020 Linux Academy

Storage and Content Delivery

Go Back Start Challenge

Question List Show All Answers

Expectations Report Card

Storage and Content Delivery

1. S3 lifecycle rules can apply to:

A tags for buckets or objects

B preﬁx for buckets or objects

D current or previous versions of an object

E All of these answers apply

2. What is MFA Delete?

A An S3 versioning feature designed to suspend versioning.

B An S3 versioning feature designed to hide different versions of an object.

D An S3 versioning feature designed to prevent anonymous uploads.

3. What are the characteristics of an S3 presigned URL?

A Presigned URLs don't expire.

C Presigned URLs can provide anonymous users access to an object.

D Presigned URLs are based on the creator’s permissions.

4. Architecturally, where do EFS mount targets sit?

C Inside a VPC but outside of a subnet

5. What does OAI stand for?

A Originally Accessed Information

B Origin Access Identity

C Other Access Identiﬁers

D Origin Authorized IDs

6. Which method can be used to upload objects to an S3 bucket?

C Command-line interface with AWS CLI installed

E All of these methods can be used to upload objects to an S3 bucket

8. Which are the main components of CloudFront?

E Regional edge caches

Why is this correct?

9. Which encryption type speciﬁcally uses AES-256 as its encryption format?

E Glacier Deep Archive

11. What is CloudFront?

A An AWS content delivery network service

B An AWS database service

C An AWS DNS service

D An AWS image deploying service

12. Which are true of S3 encryption?

B S3 encryption is an additional charge.

C A default encryption format is available.

D S3 encryption is on a per bucket basis.

E KMS is the only method for managing S3 encryption keys.

13. Pick the statements that are true of a S3 hosted website.

A Websites endpoint URLs cannot be altered.

C Static website must be private.

D CloudFront can be used with S3.

E Apache-like server access logs can be enabled.

14. By default, S3 objects using Cross-Region Replication (CRR) keep their:

A object name (key)

A Enable objects to be read by anonymous users via ACL or bucket policy.

B Enable permission for IAM users to view the website

C Enable Route 53 DNS.

E Enable the static web hosting option.

E Glacier Deep Archive

18. Which S3 encryption type allows for role separation?

19. What are the beneﬁts of lifecycle rules?

B moves an object back to Standard storage class when appropriate

C an automated way of moving objects between storage classes

D automatic deletion of objects

E all of these are beneﬁts of lifecycle rules

20. What statements are true of S3 Cross-Region Replication (CRR)?