AWS S3 Data Protection
S3 provides data protection with S3 using durable storage infrastructure that is designed for primary and mission-critical data storage.
Objects are redundantly stored across multiple devices at multiple facilities in an S3 area.
S3 PUT and Object Copy operations synchronize data across multiple facilities before returning success.
Once objects are stored, S3 maintains their durability by quickly detecting redundancy and repairing it.
S3 regularly checks the integrity of data stored with checksums. S3 will repair data that has been corrupted by S3 using redundant data.
S3 also calculates checksums for all network traffic to detect corruption in data packets while storing or retrieving data
You can add data protection to prevent accidental overwrites or deletions by enabling Versioning. This allows you to retrieve, preserve, and restore every version of an object stored.
S3 can also protect data while in transit (as it travels from S3) or at rest (while it remains in S3).
Refer blog post @ S3 Encryption
Questions for AWS Certification Exam Practice
Questions are collected via the Internet. The answers are marked according to my knowledge and understanding (which may differ from yours).
AWS services are constantly updated and the answers and questions may be out of date soon. So make sure to research accordingly.
AWS exam questions cannot be updated to keep up with AWS updates. This means that even if the underlying feature has been changed, the question may not be updated.
We are open to further discussion, feedback, and correction. A customer uses Amazon Simple Storage Service in the eu-west-1 region to store static content for a property that is web-based. The Standard Storage class is used by the customer to store objects. Where can the customer’s objects be replicated? A single facility in euwest-1 and one facility in eucentral-1
A single facility in euwest-1 and one facility in us-east-1
Multiple facilities in the eu-west-1
One facility in euwest-1A system admin plans to encrypt all objects uploaded to S3 by an application. The system administrator does not want to implement his encryption algorithm. Instead, he plans to use server-side encryption by providing his own key (SSE–C). Which parameter is not required while making a call for SSE-C?x-amz-server-side-encryption-customer-key-AES-256
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key-MD5References
AWS_S3_Security