ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company runs a mission-critical database on Amazon EC2 with data stored on encrypted EBS volumes. Regulations require daily, encrypted backups that must be retained for seven years and copied to a separate AWS account to reduce ransomware risk. Operational overhead must be kept to a minimum. Which approach best meets these requirements?
Create an S3 Lifecycle rule to move daily database exports to Glacier Deep Archive and run AWS DataSync jobs to replicate the bucket to the secondary account when needed.
Install backup software on the EC2 instance to create nightly compressed dumps on an attached encrypted volume, then copy that volume to an S3 bucket in the same account using a cron job.
Use AWS Backup to take daily encrypted snapshots of the EBS volumes, encrypt them with a customer managed KMS key, and configure a cross-account backup vault copy with a seven-year retention rule.
Enable EBS multi-attach to mirror the volume to an instance in the secondary account using RAID 1 and retain the data indefinitely without snapshotting.
AWS Backup can automatically create point-in-time EBS snapshots, encrypt them with a customer managed KMS key, copy the backups to a vault in another AWS account, and apply a retention rule that keeps each recovery point for seven years. All tasks run on a defined backup plan, so no instance-level scripting or manual scheduling is needed. The other options fall short:
Copying database dumps to an S3 bucket in the same account does not provide the required account-level isolation and relies on custom scripts that increase operational burden.
EBS multi-attach cannot span AWS accounts and RAID mirroring offers availability, not immutable backups with long-term retention.
Lifecycle policies plus ad-hoc DataSync copies require manual orchestration and cover S3 objects, not the EBS volume itself, leaving gaps in automation and consistency guarantees.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Backup and how does it work?
Open an interactive chat with Bash
What is a customer managed KMS key and why is it important?
Open an interactive chat with Bash
What are the benefits of cross-account backup vaults in AWS?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .