Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. BDS-C00

Amazon BDS-C00 Exam
AWS Certified Big Data -Speciality (Page 15 )

Updated On: 9-Feb-2026
Page 15 of 100
PDF with 492 Questions

In Amazon S3, you can protect data in transit (as it travels to and from Amazon S3) by using either client-side encryption or by using .

  1. MFA
  2. SSL
  3. ICMP
  4. ARP

Answer(s): B

Explanation:

Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers).
You can protect data in transit by using client-side encryption or by using SSL.


Reference:

http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html



How long are the temporary security credentials valid for, if you obtain temporary security credentials using your AWS account credentials in Amazon S3?

  1. 30 Minutes
  2. 1 Hour
  3. 24 Hours
  4. 2 Hours

Answer(s): B

Explanation:

An AWS account or an IAM user can request the temporary security credentials and use those credentials to make authenticated requests to Amazon S3. By default, the temporary security credentials are valid for only one hour. The user can specify the session duration only if the user uses the IAM user credentials to request a session.


Reference:

http://docs.aws.amazon.com/AmazonS3/latest/dev/AuthUsingTempSessionTokenJava.html



A user has enabled server side encryption with S3. The user downloads the encrypted object from S3. How can the user decrypt it?

  1. The user needs to decrypt the object using their own private key
  2. S3 does not support server side encryption
  3. S3 manages encryption and decryption automatically
  4. S3 provides a server side key to decrypt the object

Answer(s): C

Explanation:

If the user is using the server-side encryption feature, Amazon S3 encrypts the object data before saving it on disks in its data centres and decrypts it when the user downloads the objects. Thus, the user is free from the tasks of managing encryption, encryption keys, and related tools.


Reference:

http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html



What type of S3 Access Control supports AWS Account-Level Control as well as User-Level control?

  1. Bucket Policies
  2. IAM Policies
  3. ACLs
  4. All of the three answers above

Answer(s): A

Explanation:

Bucket Policies allow you to create conditional rules for managing access to your buckets and files. With bucket policies, you can also define security rules that apply to more than one file, including all files or a subset of files within a bucket.


Reference:

http://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html



In Amazon S3, which of the following security tokens is required to be passed in the header when a user is signing a request using temporary security credentials?

  1. x-amz-temporary-token
  2. x-amz-temporary-security-token
  3. x-amz-temp-secure-token
  4. x-amz-security-token

Answer(s): D

Explanation:

If you are signing your request using temporary security credentials, you must include the corresponding security token in your request by adding the x-amz-security-token header.
When you obtain temporary security credentials using the AWS Security Token Service API, the response includes temporary security credentials and a session token. You provide the session token value in the x-amz-security-token header when you send requests to Amazon S3.


Reference:

http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html






Post your Comments and Discuss Amazon BDS-C00 exam prep with other Community members:

Join the BDS-C00 Discussion