AWS S3 and DynamoDB Quiz

Questions and Answers

Which security best practices should be followed to ensure that only authorized users access sensitive applications? (Select TWO answers)

Require strong, complex passwords (correct)

Use a single shared account for all users

Grant root user access to everyone

Enable MFA for all users (correct)

Which encryption methods should be used to ensure data security during transfer to Amazon S3? (Select TWO answers)

Only use AWS KMS encryption

Server-side encryption with Amazon S3 managed keys (SSE-S3) (correct)

Client-side encryption (correct)

No encryption is necessary

What strategies can be employed to ensure that Spot Instances used for video processing jobs are not terminated before completion? (Select TWO answers)

Manually monitor the Spot Instance pricing and availability

Request Spot Instances with a maximum bid price higher than the On-Demand price (correct)

Use Spot Fleet with a diversified allocation strategy (correct)

Use a combination of On-Demand and Spot Instances

To minimize the impact of potential security breaches during the migration to AWS, which practice should be followed? (Select TWO answers)

Implement a security assessment at each layer of the architecture

What is a significant consideration when using a backup solution for on-premises data with Amazon S3? (Select TWO answers)

Use versioning to keep previous versions of data

When processing large video files in batch jobs, what should be done to ensure optimal resource utilization? (Select TWO answers)

Leverage instance types specifically optimized for video processing

Which might be an effective way to enhance the security of applications accessed by employees and contractors? (Select TWO answers)

Implement role-based access control (RBAC)

Which of the following practices should be avoided when handling sensitive data in cloud environments? (Select TWO answers)

Storing sensitive data without encryption

What is the purpose of Amazon S3 versioning?

Protect objects from accidental deletions

What is the primary advantage of using Amazon DynamoDB global tables for a global application?

Single-digit millisecond read and write performance globally

Which are benefits of using Amazon S3 Lifecycle Policies? (Select TWO correct answers)

Automatically transition objects to a lower-cost storage class

Which best practice involves designing with independent components?

Using loosely coupled components

Which of the following EC2 instance types are designed to optimize performance for applications requiring significant parallel processing? (Select TWO correct answers)

C5n

What is the principle of least privilege?

Granting users only the permissions they need to perform their tasks

Which are responsibilities of the customer in the AWS Shared Responsibility Model? (Select TWO correct answers)

Ensuring data encryption at rest

What is NOT a function of Amazon S3 Lifecycle Policies?

Change object storage class on user demand

Which of the following are key responsibilities of a Cloud Architect? (Select two correct answers)

Setting technical cloud strategy with business leads

What is the impact of using an instance store-backed AMI compared to an EBS-backed AMI on the boot process and instance lifecycle?

EBS-backed AMIs boot faster and allow instances to be stopped and started

Which of the following are key considerations when selecting a database type for a specific workload? (Select two correct answers)

Data characteristics

To ensure high availability when launching an e-commerce platform on EC2 instances, which strategies should be employed? (Select two correct answers)

Use Elastic Load Balancing across multiple Availability Zones

What advantages do EBS-backed AMIs have compared to instance store-backed AMIs?

EBS-backed AMIs can retain data between instance stops

Which of these factors are NOT typically considered when selecting a database type for an application?

User interface design

Which statements are true regarding the use of Spot Instances in a cloud architecture?

They can be interrupted by AWS with little notice

When migrating applications to a cloud environment, what is a key reason to implement secure access controls?

To ensure compliance with data protection regulations

What feature in AWS allows for high availability by automatically synchronizing data across multiple Availability Zones?

Multi-AZ deployment with Amazon RDS

What happens to a read replica in Amazon RDS during a primary database failure?

It can be promoted to a standalone database.

What are the pillars of the AWS Well-Architected Framework?

Cost Optimization, Performance Efficiency, Security, Reliability, Operational Excellence, and Sustainability

How does AWS Compute Optimizer help users manage their EC2 instances?

By resizing instances based on workload recommendations

Under what circumstance will AWS terminate an EC2 Spot Instance?

If the Spot price goes above your bid price

What occurs when Cross-Region Replication (CRR) is enabled on an S3 bucket?

Only new objects are replicated to the destination region.

What is the purpose of IAM roles in AWS?

To supply temporary security credentials for cross-account access

What does the S3 Block Public Access feature ensure?

It overrides other bucket policies to prevent public access.

Which methods should be used to manage access permissions for sensitive financial data in an S3 bucket?

Use bucket policies to define access rules

When setting IAM policies for developers requiring limited access to specific AWS resources, which elements should be prioritized?

Condition

To achieve high availability in a cloud architecture for an e-commerce platform, which configurations should you implement?

Deploy to multiple AWS Regions

Which features should be implemented for a high-availability database architecture handling heavy read traffic?

Database clustering for load balancing

What is the most effective approach to enhance security across your infrastructure?

Isolate parts of your infrastructure

Which strategies would best help in automating and maintaining security consistency?

Using automated scripts for deployment

What should be avoided to ensure a secure and resilient cloud infrastructure?

Allowing unrestricted public access

Which of the following actions can improve the scalability of your cloud architecture for an e-commerce platform?

Load balancing across multiple servers

Study Notes

Amazon S3 Versioning

• Protects objects from accidental deletions, ensuring data recovery.
• Enhances data management by maintaining multiple versions of objects.

Amazon DynamoDB Global Tables

• Provides single-digit millisecond read and write performance globally.
• Ensures high availability and reliability for global applications without manual replication.

Amazon S3 Lifecycle Policies

• Automates transition of objects to lower-cost storage classes to optimize costs.
• Deletes objects based on age, helping to manage storage effectively.

Best Practices in Design

• Employs loosely coupled components to enhance system robustness and flexibility.
• Treats resources as disposable, allowing recovery from failures easily.

EC2 Instance Types for Parallel Processing

• C5n and P4 instance types are optimized for applications requiring significant parallel processing capabilities.
• They offer enhanced performance for compute-intensive workloads.

Principle of Least Privilege

• Involves granting users only necessary permissions to perform their tasks, minimizing risks.
• Prevents overprivileged access, enhancing security across resources.

Responsibilities in AWS Shared Responsibility Model

• Customers are responsible for configuring network security and ensuring data encryption at rest.
• AWS manages the global infrastructure while customers maintain control over their applications.

Responsibilities of a Cloud Architect

• Responsible for setting technical cloud strategy in collaboration with business leaders.
• Designs the transformation roadmap for effective migration and integration of cloud solutions.

Boot Process with AMI Types

• EBS-backed AMIs allow for faster boot times and support instance stopping/starting.
• Instance store-backed AMIs are designed for speed but lack persistent storage capabilities.

Database Selection Considerations

• Durability requirements and data characteristics guide the choice of database type to suit workloads.
• The user base size indirectly influences the performance and scalability of the chosen database.

E-commerce Platform Architecture

• Deploy instances in multiple Availability Zones to ensure high availability.
• Utilize Elastic Load Balancing across various Availability Zones for effective traffic distribution.

Secure Access Controls in Migrated Applications

• Enable Multi-Factor Authentication (MFA) for all users to enhance access security.
• Require strong, complex passwords to reduce the risk of unauthorized access.

Data Security During Transfer to Amazon S3

• Implement client-side encryption and server-side encryption (SSE-S3) for secure data transfer.
• Ensures that sensitive data remains protected both during transit and while at rest.

Optimizing Costs with Spot Instances

• Use Spot Fleet with a diversified allocation strategy to minimize risk of job interruptions.
• Combining On-Demand and Spot Instances can balance cost savings and job completion reliability.

Security in Cloud Architecture Design

• Isolate parts of the infrastructure to minimize breach impact and enhance security.
• Use automation to ensure consistent security settings across the architecture.

S3 Bucket Permissions Management

• Implement AWS IAM policies and bucket policies for rigorous access control to sensitive data.
• Avoid public access to maintain security and confidentiality of financial data.

IAM Policy Configuration for Temporary Access

• Prioritize defining the "Effect" and "Resource" elements to set clear permissions and access limits.
• Conditions can be utilized to enforce operational constraints effectively.

High Availability Design for E-commerce

• Implement multi-AZ deployments to maintain availability during failures or maintenance.
• Utilize Amazon CloudFront to enhance speed and availability of static content.

Database Architecture for Mission-Critical Applications

• Use multi-AZ deployment with Amazon RDS to ensure high availability and failover support.
• Automated backups are crucial for recovery while handling heavy read traffic securely.

True/False Key Points

• Amazon EFS is suitable for Windows instances, enabling shared file access.
• In Amazon RDS, read replicas can be promoted to stand-alone databases during primary failures.
• AWS Well-Architected Framework includes Cost Optimization and Performance Efficiency as key pillars.
• AWS Compute Optimizer can recommend instance resizing based on workload evaluations.
• Spot Instances are terminated by AWS if the Spot price exceeds the user's bid.
• Cross-Region Replication for S3 does not automatically replicate existing objects.
• IAM roles provide secure, temporary credentials for cross-account access.
• AWS Nitro System improves performance by reducing I/O contention on EBS-optimized instances.
• Amazon S3 accommodates both structured and unstructured data storage.
• S3 Block Public Access feature ensures no public access overrides other policies.
• IAM's default policy denies requests unless explicitly allowed by a policy.

Description

Test your knowledge on Amazon S3 versioning and DynamoDB global tables. This quiz covers the key advantages and features of these AWS services, focusing on their usage in global applications and data management. Challenge yourself and see how well you understand these important cloud technologies!