AWS Certified Solutions Architect Professional SAP-C02 Practice Question
A financial-services company protects hundreds of Amazon EC2 instances, Amazon RDS databases, and Amazon DynamoDB tables with AWS Backup. Regulations require quarterly proof that a random sample of backups can be restored in less than 4 hours (RTO) without affecting production. The security team also insists that all disaster-recovery (DR) tests run in an isolated "forensics" AWS account and that any test resources be removed automatically after validation to avoid unnecessary charges. Which approach will MOST effectively meet these requirements while minimizing operational overhead?
Use AWS Elastic Disaster Recovery to launch quarterly drill instances of each source server in an isolated subnet; script CloudWatch metrics to measure launch time and manually terminate the drill instances afterward.
Set up an AWS Systems Manager Automation document that invokes StartRestoreJob for the latest backups every quarter and triggers a follow-up Lambda function to delete the restored resources after testing completes.
Create an AWS Backup restore testing plan in the forensics account that runs every quarter, selects random recovery points for the protected resources, and uses the default retention period so test resources are deleted automatically after validation.
Configure an Amazon EventBridge scheduler that runs a Step Functions workflow each quarter to copy backups to the forensics account, restore them there, and then remove the resources with a custom cleanup task.
AWS Backup's restore testing feature was built specifically for automated DR drills. A restore testing plan can be created in the forensics account, scheduled quarterly, and configured to pick either the latest or a random recovery point for each protected resource. When the scheduled time arrives, AWS Backup launches the restore jobs, measures the time each job takes, and-after the optional validation window-deletes the test resources it created. The service records the results, and an AWS Backup Audit Manager control can be enabled to provide auditors with evidence that jobs finished within the target RTO.
The other options introduce significantly more custom code and manual effort (Systems Manager, Lambda, or EventBridge workflows) or do not validate backup recovery at all (AWS Elastic Disaster Recovery drills operate on continuously replicated disks, not AWS Backup recovery points). None of these alternatives natively select random backups or clean up test resources automatically, so they cannot meet the compliance and low-maintenance goals as effectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does RTO mean in disaster recovery?
Open an interactive chat with Bash
How does AWS Backup's restore testing feature work?
Open an interactive chat with Bash
What is AWS Backup Audit Manager?
Open an interactive chat with Bash
AWS Certified Solutions Architect Professional SAP-C02
Design for New Solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access