exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 149 discussion

A company needs a solution to protect critical data from being permanently deleted. The data is stored in Amazon S3 buckets.

The company needs to replicate the S3 objects from the company's primary AWS Region to a secondary Region to meet disaster recovery requirements. The company must also ensure that users who have administrator access cannot permanently delete the data in the secondary Region.

Which solution will meet these requirements?

  • A. Configure AWS Backup to perform cross-Region S3 backups. Select a backup vault in the secondary Region. Enable AWS Backup Vault Lock in governance mode for the backups in the secondary Region.
  • B. Implement S3 Object Lock in compliance mode in the primary Region. Configure S3 replication to replicate the objects to an S3 bucket in the secondary Region.
  • C. Configure S3 replication to replicate the objects to an S3 bucket in the secondary Region. Create an S3 bucket policy to deny the s3:ReplicateDelete action on the S3 bucket in the secondary Region.
  • D. Configure S3 replication to replicate the objects to an S3 bucket in the secondary Region. Configure S3 object versioning on the S3 bucket in the secondary Region.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Zek
Highly Voted 6 months, 3 weeks ago
B https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-managing-replication
upvoted 6 times
...
IPLogic
Most Recent 2 days, 9 hours ago
Selected Answer: B
B. This solution ensures that the data is protected from being permanently deleted by using S3 Object Lock in compliance mode, which prevents even users with administrator access from deleting the objects. Additionally, configuring S3 replication will ensure that the objects are replicated to the secondary Region, meeting the disaster recovery requirements12.
upvoted 1 times
...
NimiBes
4 weeks, 1 day ago
Selected Answer: B
"You can use Object Lock with S3 Replication to enable automatic, asynchronous copying of locked objects and their retention metadata, across S3 buckets. This means that for replicated objects, Amazon S3 takes the object lock configuration of the source bucket. " Link: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-managing-replication
upvoted 1 times
...
jade290
6 months ago
Selected Answer: C
The question is limiting deletion only to the secondary region, not the primary. If you do an Object lock, then you cannot delete in the primary or secondary region. https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-managing-replication --> Section titled "Using Object Lock with S3 Replication"
upvoted 1 times
helloworldabc
2 months, 2 weeks ago
just B
upvoted 1 times
...
chiajy
6 months ago
First glance, wanted to go with C. But after reading the question a few more times, decided to go with B. Earlier statement mentioned company needs to protect critical data. I would assume this already includes primary region. Then later statement mentioned "The company must also ensure...." and that includes secondary region.
upvoted 2 times
...
...
fibonacciname
6 months, 2 weeks ago
Selected Answer: B
B is correct
upvoted 3 times
...
Certified101
6 months, 2 weeks ago
Selected Answer: B
B agree
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...