What does the Server-side encryption provide in Amazon S3?
Answer(s): A
Server-side encryption is about protecting data at rest. Server-side encryption with Amazon S3- managed encryption keys (SSE-S3) employs strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates.
http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
A user is creating an S3 bucket policy. Which of the below mentioned elements the user will not include as part of it?
Answer(s): B
When creating an S3 bucket policy, the user needs to define the resource (which will have the bucket or the object), actions, effect and principal.They are explained below:Resources – Buckets and objects are the Amazon S3 resources for which user can allow or deny permissions.Actions – For each resource, Amazon S3 supports a set of operations. user identifies resource operations which will allow (or deny) by using action keywordsEffect – What the effect will be when the user requests the specific action—this can be either allow or deny.Principal – The account or user who is allowed access to the actions and resources in the statement. You specify principal only in a bucket policy. It is the user, account, service, or other entity who is the recipient of this permission. In a user policy, the user to which the policy is attached is the implicit principal.
http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-languageoverview.html
An IAM user is performing an operation on another account's S3 bucket. What will S3 first check in this context?
You can use in an Amazon S3 bucket policy for cross-account access, which means an AWS account can access resources in another AWS account.
Answer(s): D
You can use canonical user IDs in an Amazon S3 bucket policy for cross-account access, which means an AWS account can access resources in another AWS account. For example, to grant another AWS account access to your bucket, you specify the account's canonical user ID in the bucket's policy.
http://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
A root account owner is trying to understand the S3 bucket ACL. Which choice below is a not a predefined group which can be granted object access via ACL?
An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. Amazon S3 has a set of predefined groups. When granting account access to a group, the user can specify one of the URLs of that group instead of a canonical user ID. Amazon S3 has the following predefined groups:. Authenticated Users group: It represents all AWS accounts.. All Users group: Access permission to this group allows anyone to access the resource.. Log Delivery group: WRITE permission on a bucket enables this group to write server access logs to the bucket.
http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
Share your comments for Amazon AWS-Certified-Big-Data-Specialty exam with other users:
good ones for exam preparation
this is a good experience
hi everyone
waiting for the dump. please upload.
upload cks exam questions
awesome training material
where is dump
q. 289 - the correct answer should be b not d, since the question asks for the most secure way to provide access to a s3 bucket (a single one), and by principle of the least privilege you should not be giving access to all buckets.
please i need if possible h12-831,
good collection of questions and solution for pl500 certification
i would like to appear the exam.
i am very happy as i cleared my comptia a+ 220-1101 exam. i studied from as it has all exam dumps and mock tests available. i got 91% on the test.
need this dump
its really good to eventuate knowledge before appearing for the actual exam.
this is great
please i want the questions to pass the exam
i need to pass exam
great, i appreciate it.
please could you upload (isc)2 certified in cybersecurity (cc) exam questions
good questions, wrong answers
im preparing for exams
question no: 42 isnt azure vm an iaas solution? so, shouldnt the answer be "no"?
im study azure
i need this now
i took the aws saa-c03 test and scored 935/1000. it has all the exam dumps and important info.
good questions
well explained
i got the full version and it helped me pass the exam. pdf version is very good.
provide the download link, please
please upload thank.
please can you share 1z0-1055-22 dump pls
i will wait impatiently. thank youu
is it possible to clear the exam if we focus on only these 156 questions instead of 623 questions? kindly help!
really helped with preparation of my scrum exam