exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 845 discussion

A company has a legacy monolithic application that is critical to the company's business. The company hosts the application on an Amazon EC2 instance that runs Amazon Linux 2. The company's application team receives a directive from the legal department to back up the data from the instance's encrypted Amazon
Elastic Block Store (Amazon EBS) volume to an Amazon S3 bucket. The application team does not have the administrative SSH key pair for the instance. The application must continue to serve the users.
Which solution will meet these requirements?

  • A. Attach a role to the instance with permission to write to Amazon S3. Use the AWS Systems Manager Session Manager option to gain access to the instance and run commands to copy data into Amazon S3.
  • B. Create an image of the instance with the reboot option turned on. Launch a new EC2 instance from the image. Attach a role to the new instance with permission to write to Amazon S3. Run a command to copy data into Amazon S3.
  • C. Take a snapshot of the EBS volume by using Amazon Data Lifecycle Manager (Amazon DLM). Copy the data to Amazon S3.
  • D. Create an image of the instance. Launch a new EC2 instance from the image. Attach a role to the new instance with permission to write to Amazon S3. Run a command to copy data into Amazon S3.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
shailurtm2001
Highly Voted 2 years, 7 months ago
I'll go for A
upvoted 12 times
hfeng95
2 years, 6 months ago
A SSM Agent is also installed by default on Amazon Linux 2 AMIs and Amazon Linux 2 ECS-Optimized Base AMIs.
upvoted 7 times
...
...
kapara
Highly Voted 2 years, 4 months ago
Selected Answer: A
amazon linux 2 has SSM installed already. its A.
upvoted 6 times
...
Jesuisleon
Most Recent 1 year, 6 months ago
Selected Answer: A
A is right. The question requires "back up the data from the instance's encrypted Amazon Elastic Block Store (Amazon EBS) volume to an Amazon S3 bucket", it needs the data from EBS not the whole EBS volume. I think A serves this better.
upvoted 3 times
...
dev112233xx
1 year, 7 months ago
Selected Answer: C
C 100%... A is wrong ... there is no reason to use SSM, DLM can do the job for you easily...
upvoted 1 times
...
Heer
1 year, 10 months ago
OPTION C: One solution would be to use the AWS Data Lifecycle Manager (DLM) to create a snapshot of the encrypted EBS volume and then configure the snapshot to be copied to an S3 bucket on a schedule. This would allow for the data to be backed up without the need for the application team to have administrative access to the instance. Additionally, the application can continue to serve users while the backup is taking place since the snapshot is taken at the storage level and does not affect the running instance.
upvoted 3 times
...
Arunava1
1 year, 10 months ago
I will go with A, critical applications - so wont recommend taking backup on running volume, it will cause I/O issue and AWS recommend to stop EBS for making snapshot, though it is not required.
upvoted 1 times
...
evargasbrz
1 year, 11 months ago
Selected Answer: C
I'll go with C
upvoted 2 times
evargasbrz
1 year, 11 months ago
I think this text: "The application team does not have the administrative SSH key pair for the instance." was only to take the focus off the real solution.
upvoted 1 times
...
...
ggrodskiy
1 year, 11 months ago
Correct C.
upvoted 2 times
...
SureNot
2 years ago
Selected Answer: C
C - DLM - special solution for EBS snapshots. A - Run manual command, for critical application... seriously??!!
upvoted 4 times
...
mrgreatness
2 years ago
I think B answer is worded wrong, should be "no reboot" options which means it will work. If says no reboot in exam, go for B, if not go for A. -- A will only work if role has SSM permissions
upvoted 1 times
...
Ni_yot
2 years, 1 month ago
A in my opinion. if you say C then you still need permissions to copy the data from the snapshot to S3. - Before you export DB snapshot data to Amazon S3, give the snapshot export tasks write-access permission to the Amazon S3 bucket. To do this, create an IAM policy that provides access to the bucket. Then create an IAM role and attach the policy to the role. You later assign the IAM role to your snapshot export task.
upvoted 1 times
Rocketeer
2 years ago
Wouldn't DLM manage its own S3 location and have the needed permissions. This is a critical application that needs automated backups. Doing it manual is a bad idea. I would go with C.
upvoted 3 times
...
...
Vinafec
2 years, 1 month ago
Was thinking C, but can you create snapshots of a volume that wasn't created with lifecycle manager? https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html
upvoted 2 times
...
fdoxxx
2 years, 1 month ago
C - it is "critical application" and DLM is designed to protect EC2 EBS wo any disruption
upvoted 3 times
...
skywalker
2 years, 1 month ago
Selected Answer: C
C Why you need SSH to login to instance to backup when there is DLM that does snapshot. It allow encrypted EBS to be snapshot. https://aws.amazon.com/blogs/storage/automating-amazon-ebs-snapshots-management-using-data-lifecycle-manager/
upvoted 3 times
...
JohnPi
2 years, 2 months ago
Selected Answer: C
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html
upvoted 3 times
JohnPi
2 years, 1 month ago
I think option A is best answer!
upvoted 2 times
...
...
Kyperos
2 years, 3 months ago
Selected Answer: A
"By default, Amazon EC2 shuts down the instance, takes snapshots of any attached volumes, creates and registers the AMI, and then reboots the instance. Choose "No reboot" if you don't want your instance to be shut down." Option D not mention about "No reboot" option so EC2 instance will reboot by default, in this question "The application must continue to serve the users". So I think option A is best answer! https://docs.aws.amazon.com/toolkit-for-visual-studio/latest/user-guide/tkv-create-ami-from-instance.html
upvoted 3 times
...
asfsdfsdf
2 years, 4 months ago
Selected Answer: A
A - Can work since its AML2 but there is no mention of AmazonSSMManagedInstanceCore policy B - Incorrect since we cant reboot C - not possible D - can work but if a new data was written on the original disk during the change it will not be copied. I guess I will go with A but both A and D can work
upvoted 3 times
mrgreatness
2 years ago
I think B is worded wrong should be enable "no reboot" in which case B works
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...