Below are a series of AWS S3-related questions. Each question includes choices, the correct answer, and a brief explanation.
Question #1
A healthcare tech company, operating a patient data platform on AWS, stores sensitive Personally Identifiable Information (PII) inside an Amazon S3 bucket. Due to strict regulatory policies, the company mandates that both plaintext data and encryption master keys must never leave the local environment or be transmitted to AWS.
Which S3 encryption method should the Solutions Architect choose?
A. Use S3 server-side encryption with an AWS KMS-managed key (SSE-KMS)
B. Use S3 client-side encryption with an AWS KMS-managed key
C. Use S3 client-side encryption with a client-side managed master key
D. Use S3 server-side encryption with customer-provided keys (SSE-C)
Answer
C. Use S3 client-side encryption with a client-side managed master key
Explanation:
To fully ensure that neither the data nor the encryption keys leave the client environment, client-side encryption with a locally managed master key must be used. This provides maximum control and compliance.
Question #2
A new analytics firm, specializing in financial insights, needs to store reports generated by Amazon EC2 instances. As global demand rises, the firm seeks a durable and scalable storage system capable of rapidly delivering files to customers worldwide.
Which solution best meets these needs?
A. Store files in Amazon S3 and use Amazon CloudFront as a content delivery network (CDN)
B. Store files in Amazon S3 Glacier and use Amazon ElastiCache for content distribution
C. Store files in Amazon Redshift and use Amazon CloudFront for distribution
D. Store files in multiple EC2 instance stores and use Amazon ElastiCache for distribution
Answer
A. Store files in Amazon S3 and use Amazon CloudFront as a content delivery network (CDN)
Explanation:
Amazon S3 provides highly durable, scalable storage, while CloudFront ensures fast content delivery globally. Glacier and ElastiCache are not suited for real-time access or static file distribution.
Question #3
A financial services company wants an automated solution to move outdated data from an Amazon S3 bucket to a lower-cost storage solution without manual intervention.
What is the most suitable method?
A. Use Amazon Timestream for historical storage
B. Use Amazon SQS to queue data transfers
C. Set up an S3 Lifecycle Policy to transition data to S3 Glacier
D. Implement an EC2 instance with a scheduled script to migrate data
Answer
C. Set up an S3 Lifecycle Policy to transition data to S3 Glacier
Explanation:
Amazon S3 Lifecycle Policies provide a native way to automatically transition objects between storage classes such as from S3 Standard to S3 Glacier, without requiring custom EC2 instances or manual processes.
Question #4
Following an incident where important data was unintentionally deleted from an S3 bucket, a company wants to strengthen protection mechanisms against future accidents.
Which TWO strategies should the Architect implement? (Select TWO.)
A. Enable Versioning
B. Restrict access to S3 data only through pre-signed URLs
C. Apply a bucket policy to deny S3 delete operations
D. Enable S3 Intelligent-Tiering
E. Enable Multi-Factor Authentication (MFA) Delete
Answer
Answer: A. Enable Versioning + E. Enable Multi-Factor Authentication (MFA) Delete
Explanation:
Enabling Versioning preserves previous versions of an object, allowing recovery after accidental deletion or overwrites. MFA Delete requires an additional authentication factor to delete objects, making deletions more secure.
Question #5
A weather research organization collects approximately 500 GB of atmospheric data from various international locations daily. The data must be aggregated as quickly as possible into a central S3 bucket located in AWS US-East-1 (Northern Virginia).
Which approach would result in the fastest data transfer?
A. Enable S3 Transfer Acceleration and upload using Multipart Upload
B. Use AWS Snowball Edge to physically transfer the data
C. Upload data to local S3 buckets and set up cross-region replication
D. Establish a Site-to-Site VPN connection
Answer
A. Enable S3 Transfer Acceleration and upload using Multipart Upload
Explanation:
S3 Transfer Acceleration uses Amazon’s optimized network routes to significantly speed up uploads over long distances. Combined with Multipart Upload, it ensures efficient and reliable transfer of large files.