Professional Documents
Culture Documents
Linux Academy PDF
Linux Academy PDF
(https://linuxacademy.com/cp) f.osmani@loxabe-it.de
16 Support (https://support.linuxacademy.com/hc/en-us)
240
Navigation
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Go Back
Great Start!
42%
You did not pass this challenge on this attempt.
Exam Breakdown
INCORRECT
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmodu… 1/21
27/02/2020 Linux Academy
C buckets
Your Answer: A
Why is this incorrect?
S3 lifecycle rules can apply to tags for buckets or objects. However, this is not the only correct answer.
Video for reference: Lifecycle Policies and Intelligent-Tiering
Correct Answer: E
Why is this correct?
S3 lifecycle rules can apply to buckets, prefixes, and tags for buckets or objects, along with current or previous versions of
an object.
Video for reference: Lifecycle Policies and Intelligent-Tiering
INCORRECT
C An S3 versioning feature designed to prevent accidental deletion of objects or alteration of a bucket's versioning
state.
Your Answer: B
Why is this incorrect?
MFA delete is not designed to hide different versions of an object.
Video for reference: Object Versioning
Correct Answer: C
Why is this correct?
MFA delete uses one-time passwords to prevent the accidental deletion of an object.
Video for reference: Object Versioning
INCORRECT
B Presigned URLs can provide the ability to PUT and GET objects.
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmodu… 2/21
27/02/2020 Linux Academy
Your Answer: A
Why is this incorrect?
Presigned URLs can expire.
Video for reference: Presigned URLs
Correct Answer: B
Why is this correct?
Presigned URLs use the creator's permission. If the creator has permission to PUT and Get an object, then this ability is
transferred to presigned URL holders.
Video for reference: Presigned URLs
Correct Answer: C
Why is this correct?
Presigned URLs use the creator's permission. Therefore, an anonymous user has the same access as the creator of an S3
object.
Video for reference: Presigned URLs
Correct Answer: D
Why is this correct?
Presigned URLs allow users to access buckets/objects based on the permissions of the URL creator. For example, if the
creator has permission to PUT and Get an object, then this ability is transferred to presigned URL holders.
Video for reference: Presigned URLs
A Inside a subnet
B Outside a VPC
D In an on-premise network
Correct Answer: A
Why is this correct?
Mount targets sit in a VPC's subnet.
Video for reference: EFS Fundamentals: Part 2
INCORRECT
Your Answer: A
Why is this incorrect?
OAI does not stand for Originally Accessed Information.
Video for reference: OAI
Correct Answer: B
Why is this correct?
OAI stands for Origin Access Identity.
Video for reference: OAI
INCORRECT
A S3 console
B S3 Transfer Acceleration
D An API
Your Answer: A
Why is this incorrect?
The S3 console can be used to upload objects to an S3 bucket. However, it is not the most appropriate answer.
Video for reference: Transferring Data to S3
Correct Answer: E
Why is this correct?
Use the S3 console, an API, or a command-line interface to upload objects to an S3 bucket.
Video for reference: Transferring Data to S3
INCORRECT
7. Complete the sentence. In an S3 multipart upload, an object can be broken up into as many as _ parts.
A 5,000
B 20,000
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmodu… 4/21
27/02/2020 Linux Academy
C 15,000
D 10,000
Your Answer: B
Why is this incorrect?
S3 multipart uploader cannot break an object into 20,000 parts.
Video for reference: Transferring Data to S3
Correct Answer: D
Why is this correct?
In an S3 multipart upload, an object can be broken up into 10,000 parts.
Video for reference: Transferring Data to S3
INCORRECT
A Edge location
B Origin
C Distribution
D VPC
Your Answer: D
Why is this incorrect?
A VPC is not a component of CloudFront.
Video for reference: CloudFront Architecture: Part 1
Correct Answer: A
Why is this correct?
A component of CloudFront is edge locations. CloudFront distributes a copy of the origin to edge locations around the
world.
Video for reference: CloudFront Architecture: Part 1
Correct Answer: B
Why is this correct?
An origin is a component of CloudFront. An origin can be an S3 bucket, web server, or other AWS services that you would like
to be distributed by CloudFront.
Video for reference: CloudFront Architecture: Part 1
Correct Answer: C
Why is this correct?
When you want to use CloudFront to distribute your content, you create a distribution and choose the configuration
settings you want. This can include optional settings (but not limited to) such as geo-restrictions, access, and content
origin.
Video for reference: CloudFront Architecture: Part 1
Correct Answer: E
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmodu… 5/21
27/02/2020 Linux Academy
A SSE-S3
B SSE-KMS
C SSE-C
D Client-side encryption
Correct Answer: A
Why is this correct?
SSE-S3 uses an encryption format of AES-256.
Video for reference: Encryption
INCORRECT
10. Which S3 storage tier is for long-term data archiving (minimum of 180 days) that has intended access for
only once or twice in a year and takes hours to retrieve stored data?
A Intelligent-Tiering
B Standard
C One Zone-IA
D Standard-IA
F Glacier
Your Answer: A
Why is this incorrect?
Intelligent-Tiering is designed to optimize costs by automatically moving data to the most cost-effective access tier,
without performance impact or operational overhead.
Video for reference: Storage Tiers/Classes
Correct Answer: E
Why is this correct?
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmodu… 6/21
27/02/2020 Linux Academy
Glacier Deep Archive is one type of S3 storage. Glacier Deep Archive is S3's lowest-cost storage class, supports long-term
retention of data that may be accessed once or twice in a year. It is designed for customers to meet regulatory compliance
requirements (in industries such as Financial Services, Healthcare, and Public Sectors).
Video for reference: Storage Tiers/Classes
Correct Answer: A
Why is this correct?
CloudFront is a content delivery service offered by AWS.
Video for reference: CloudFront Architecture: Part 1
A Uploading data between a client and the S3 console using the HTTPS endpoint ensures encryption in-transit.
Correct Answer: A
Why is this correct?
The SSL/TLS on the S3 console ensures encryption in transit when uploading the S3 console.
Video for reference: Encryption
Correct Answer: C
Why is this correct?
In S3 you can enable and specify a default encryption format for objects.
Video for reference: Encryption
INCORRECT
B CORS should be enabled when one website references resource from another.
Your Answer: A
Why is this incorrect?
The endpoint URL can be altered.
Video for reference: Static Websites and CORS
Your Answer: C
Why is this incorrect?
S3 hosted websites can be shared publicly, not just privately.
Video for reference: Static Websites and CORS
Correct Answer: B
Why is this correct?
Cross-Origin Resource Sharing (CORS) is a security measure allowing a web application running in one domain to reference
resources in another. Security errors in S3 may require the enabling of CORS.
Video for reference: Static Websites and CORS
Correct Answer: D
Why is this correct?
CloudFront can be used to speed up the S3 service.
Video for reference: Static Websites and CORS
Correct Answer: E
Why is this correct?
Server access logs can be enabled for buckets that host websites.
Video for reference: Static Websites and CORS
INCORRECT
B owner
C storage class
D replication rules
E object permissions
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmodu… 8/21
27/02/2020 Linux Academy
Your Answer: D
Why is this incorrect?
Replication rules are not carried over to destination buckets.
Video for reference: Cross-Region Replication (CRR)
Correct Answer: A
Why is this correct?
By default, objects using CRR keep their object name (key).
Video for reference: Cross-Region Replication (CRR)
Correct Answer: B
Why is this correct?
By default, objects using CRR to keep their owner.
Video for reference: Cross-Region Replication (CRR)
Correct Answer: C
Why is this correct?
By default, objects using CRR keep their storage class.
Video for reference: Cross-Region Replication (CRR)
Correct Answer: E
Why is this correct?
By default, objects using CRR keep their object permissions.
Video for reference: Cross-Region Replication (CRR)
INCORRECT
15. What options need to be enabled/disabled to host a publicly accessible website on S3?
D Remove the default, block public access, setting for the bucket.
Your Answer: B
Why is this incorrect?
Enabling permission for an IAM user is not necessary to view the website. There are other methods to allow users (including
IAM users) to view this website.
Video for reference: Static Websites and CORS
Your Answer: C
Why is this incorrect?
Route 53 DNS does not have to be utilized for enabled to host a public website on S3.
Video for reference: Static Websites and CORS
Correct Answer: A
Why is this correct?
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmodu… 9/21
27/02/2020 Linux Academy
Enable objects to be read by anonymous users via ACL or created a bucket policy that pertains to all objects in the bucket.
Video for reference: Static Websites and CORS
Correct Answer: D
Why is this correct?
By default, S3 blocks public access to a bucket. This option has to be disabled to host a public website.
Video for reference: Static Websites and CORS
Correct Answer: E
Why is this correct?
The static web hosting option must be enabled to host a publicly accessible website when using S3.
Video for reference: Static Websites and CORS
INCORRECT
16. Select all that apply. Origin Access Identity (OAIs) are applied to:
A EC2 instances
B On-premise server
C The S3 service
D CloudFront distribution
E Bucket policies
Your Answer: A
Why is this incorrect?
OAIs cannot be applied to EC2 instances.
Video for reference: OAI
Your Answer: B
Why is this incorrect?
OAIs cannot be applied to on-premise servers.
Video for reference: OAI
Correct Answer: C
Why is this correct?
OAIs are applied to a CloudFront distribution, this allows access to end-users while protecting the direct URL to the S3
bucket.
Video for reference: OAI
Correct Answer: D
Why is this correct?
OAIs are applied to a CloudFront distribution, this allows access to end-users while protecting the direct URL to the S3
bucket.
Video for reference: OAI
Correct Answer: E
Why is this correct?
OAI is applied to bucket policies and it appends code onto a bucket policy. With OAI, you can either allow everyone to have
access or you can restrict access.
Video for reference: OAI
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 10/21
27/02/2020 Linux Academy
17. Which S3 storage tier is designed for long-term archive (minimum storage of 90 days) with retrieval time of
minutes to hours?
A Glacier
B Standard
C Intelligent-Tiering
D One Zone-IA
F Standard-IA
Correct Answer: A
Why is this correct?
Its low-cost design is ideal for long-term archive and configurable retrieval times, from minutes to hours.
Video for reference: Storage Tiers/Classes
A Client-side encryption
B SSE-KMS
C SSE-S3
D SSE-C
Correct Answer: B
Why is this correct?
SSE-KMS allows for role separation because the keys are stored in account KMS. The decryption of an object needs both S3
and KMS key permissions.
Video for reference: Encryption
INCORRECT
A enabled by default
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 11/21
27/02/2020 Linux Academy
Your Answer: A
Why is this incorrect?
Lifecycle rules are not enabled by default.
Video for reference: Lifecycle Policies and Intelligent-Tiering
Your Answer: B
Why is this incorrect?
Once objects are moved from the Standard storage class, lifecycle rules will not allow those objects to be moved back to
Standard.
Video for reference: Lifecycle Policies and Intelligent-Tiering
Correct Answer: C
Why is this correct?
Lifecycle rules provide an automated way of moving objects between storage classes.
Video for reference: Lifecycle Policies and Intelligent-Tiering
Correct Answer: D
Why is this correct?
Lifecycle rules allow for the automatic deletion of objects.
Video for reference: Lifecycle Policies and Intelligent-Tiering
INCORRECT
E It can change the ownership of objects and their storage tiers when going to the new region.
Your Answer: B
Why is this incorrect?
CRR does not support SSE-C (Server-side Encryption with Customer-Managed keys) replication. Only SSE-S3 and SSE-KMS
are supported with CRR.
Video for reference: Cross-Region Replication (CRR)
Correct Answer: E
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 12/21
27/02/2020 Linux Academy
INCORRECT
B When wanting users to only access the private CloudFront distribution and not the origin bucket.
Your Answer: A
Why is this incorrect?
OAIs is not used to configure private viewing within CloudFront. Trusted signer help to configure CloudFront for private
distribution.
Video for reference: OAI
Correct Answer: B
Why is this correct?
Prevent users from bypassing your CloudFront security restrictions to access the S3 origin bucket by implementing OAI.
OAIs are applied to a CloudFront distribution, this allows access to end-users while protecting the direct URL to the S3
bucket.
Video for reference: OAI
Correct Answer: D
Why is this correct?
By restricting users to the CloudFront distribution, you'll enhance distribution and create a better user experience. This way
CloudFront caching can distribute the content instead of the origin bucket.
Video for reference: OAI
C when needing to restrict access to the CloudFront distribution and not its origin
Correct Answer: A
Why is this correct?
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 13/21
27/02/2020 Linux Academy
Pre-signed URLs are designed to give S3 object access to anyone you give the URL to.
Video for reference: CloudFront Architecture: Part 2
Correct Answer: B
Why is this correct?
Not only can users of the pre-signed URL access objects, with the appropriate permissions, they can also upload or
download objects to a bucket.
Video for reference: CloudFront Architecture: Part 2
INCORRECT
Your Answer: C
Why is this incorrect?
EFS is not meant for temporary storage. It is a long term storage solution.
Video for reference: EFS Fundamentals: Part 2
Correct Answer: A
Why is this correct?
EFS can store data to a single instance, but they are more apt to working concurrently with multiple EC2 instances.
Video for reference: EFS Fundamentals: Part 2
Correct Answer: B
Why is this correct?
Instances must mount an EFS to store data within it.
Video for reference: EFS Fundamentals: Part 2
Correct Answer: D
Why is this correct?
EFS, like S3, can utilize lifecycle management to move files between storage classes based on storage patterns.
Video for reference: EFS Fundamentals: Part 2
Correct Answer: E
Why is this correct?
A security group allows EFS access to an EC2 instance.
Video for reference: EFS Fundamentals: Part 2
INCORRECT
Your Answer: A
Why is this incorrect?
Identity policies can only be applied to identities in your account.
Video for reference: Permissions
Your Answer: B
Why is this incorrect?
Anonymous access is not automatically enabled.
Video for reference: Permissions
Correct Answer: C
Why is this correct?
Resource policies are known as bucket policies when specific to the S3 service.
Video for reference: Permissions
Correct Answer: D
Why is this correct?
S3 is an object storage solution. Uploaded files are known as objects.
Video for reference: Permissions
Correct Answer: E
Why is this correct?
A key is the unique identifier for an object within a bucket. Every object in a bucket has exactly one key.
Video for reference: Permissions
Correct Answer: F
Why is this correct?
Identity policies can be assigned to IAM identities within your account to access the S3 service.
Video for reference: Permissions
INCORRECT
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 15/21
27/02/2020 Linux Academy
Your Answer: A
Why is this incorrect?
The S3 console only allows the single PUT method. The command-line interface should be used when utilizing the multipart
upload method.
Video for reference: Transferring Data to S3
Correct Answer: B
Why is this correct?
Objects bigger than 100 MB should use the multipart upload method.
Video for reference: Transferring Data to S3
Correct Answer: C
Why is this correct?
Because multipart uploads use parallel upload streams, they upload faster than a single PUT method.
Video for reference: Transferring Data to S3
INCORRECT
B A domain name can only be viewable from HTTP (not from HTTPS).
D A domain name that can't be aliased; it can be used to view distributed content in a browser.
Your Answer: B
Why is this incorrect?
The domain name within CloudFront can be visited by HTTP and HTTPS.
Video for reference: CloudFront Architecture: Part 2
Correct Answer: A
Why is this correct?
By visiting the CloudFront domain name, you'll be able to view the distributed content.
Video for reference: CloudFront Architecture: Part 2
Correct Answer: C
Why is this correct?
A domain name is generated every time a distribution is created.
Video for reference: CloudFront Architecture: Part 2
27. Which option would be appropriate to fulfill all of the following conditions?
You have customers that upload to a centralized bucket from all over the world
You transfer gigabytes to terabytes of data on a regular basis across continents
You are unable to utilize all of your available bandwidth over the Internet when uploading to Amazon S3
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 16/21
27/02/2020 Linux Academy
A S3 Transfer Acceleration
B ElastiCache
C S3 console
D Multi-part upload
Correct Answer: A
Why is this correct?
This option is ideal for the listed examples. S3 Transfer Acceleration enables fast, easy, and secure transfers of files over
long distances between your client and an S3 bucket.
Video for reference: Transferring Data to S3
A A temporary URL that allows users to see all objects within an assigned bucket using the creator's credentials.
B A temporary URL that allows users to see assigned S3 objects using the creator's credentials.
C A permanent URL that allows users to see all objects within an assigned bucket using the creator's credentials.
D A permanent URL that allows users to see assigned S3 objects using the creator's credentials.
Correct Answer: B
Why is this correct?
With presigned URLs an S3 owner can grant any user permissions to access an S3 object. These presigned URLs don't
require users to have AWS security credentials or permissions. Presigned URLs utilize the STS service.
Video for reference: Presigned URLs
A A replication rule
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 17/21
27/02/2020 Linux Academy
Correct Answer: A
Why is this correct?
A replication rule is needed, as this will allow you to set the source, destination, and IAM role.
Video for reference: Cross-Region Replication (CRR)
Correct Answer: C
Why is this correct?
As the name suggests, in Cross-Region Replication buckets need to be in different regions.
Video for reference: Cross-Region Replication (CRR)
Correct Answer: D
Why is this correct?
Versioning needs to be enabled on both the source and the destination bucket.
Video for reference: Cross-Region Replication (CRR)
INCORRECT
A Bursting
B Max I/O
C Provisioned
D General Purpose
Your Answer: B
Why is this incorrect?
Max I/O is a performance mode, not a throughput mode.
Video for reference: EFS Fundamentals: Part 1
Correct Answer: A
Why is this correct?
Bursting is one type of throughput mode.
Video for reference: EFS Fundamentals: Part 1
Correct Answer: C
Why is this correct?
Provisioned is one type of throughput mode.
Video for reference: EFS Fundamentals: Part 1
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 18/21
27/02/2020 Linux Academy
Correct Answer: A
Why is this correct?
GET allows you to read, retrieve, or download and object.
Video for reference: Presigned URLs
Correct Answer: B
Why is this correct?
PUT allows you to write or upload an object to S3.
Video for reference: Presigned URLs
B subnet
C EC2 instance
D EFS
Correct Answer: A
Why is this correct?
EFS mount targets can only live in one Availability Zone at a time.
Video for reference: EFS Fundamentals: Part 2
INCORRECT
33. Which EFS performance mode is the default and suitable for 99% of customer needs?
A Bursting
B Provisioned
C General Purpose
D Max I/O
Your Answer: A
Why is this incorrect?
Bursting is a throughput mode and not a performance mode.
Video for reference: EFS Fundamentals: Part 1
Correct Answer: C
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 19/21
27/02/2020 Linux Academy
34. What is the size limit when using the single PUT upload method in S3?
A 5 MB
B 10 GB
C 15 GB
D 5 GB
Correct Answer: D
Why is this correct?
The single PUT upload method is limited to 5 GB.
Video for reference: Transferring Data to S3
35. Pick the S3 storage class that is replicated across at least 3 AZs, has a minimum storage duration of 30-
days and minimum object size of 128KB.
A Standard
B Glacier
C Standard-IA
D One Zone-IA
Correct Answer: C
Why is this correct?
Standard Infrequently Access is replicated across 3 or more AZs, and it also has a minimum billing duration of 30-days and a
minimum object size of 128KB.
Video for reference: Storage Tiers/Classes
36. Pick the S3 storage class for long term archival storage with a retrieval rate of minutes to hours and
minimum storage of 90-days.
A One Zone-IA
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 20/21
27/02/2020 Linux Academy
C Standard-IA
D Glacier
Correct Answer: D
Why is this correct?
Glacier is long term, archival storage with a retrieval rate of minutes to hours, and a minimum storage of 90 days.
Video for reference: Storage Tiers/Classes
https://app.linuxacademy.com/challenges/133426c7-16b8-4dc5-b8b3-17d0fb0159b2?redirect_uri=https:%2F%2Flinuxacademy.com%2Fcp%2Fmod… 21/21