AWS Certified Solutions Architect Professional SAP-C02 Practice Question
An organization has multiple AWS accounts that are part of AWS Organizations. A production workload in us-east-1 uses an Amazon FSx for Windows File Server file system and a mission-critical Amazon DynamoDB table. Container images are stored in a private Amazon ECR repository. Compliance requirements state that:
Backups must be immutable and retained off-site for 35 days.
Backup configuration must be centrally managed across accounts.
A recovery site must be available in us-west-2 with an RTO of 60 minutes and an RPO of ≤ 1 hour.
Which approach meets these requirements in the most cost-effective way?
Export the DynamoDB table to Amazon S3 every hour, turn on S3 Object Lock for 35 days, and enable S3 Cross-Region Replication to us-west-2. Use AWS DataSync to copy daily Shadow Copies from the FSx file system to the same bucket, and manually push container images to an ECR repository in us-west-2.
Enable AWS Elastic Disaster Recovery on the FSx file system and DynamoDB table to replicate data continuously to us-west-2. Use AWS Backup only for ECR to create nightly snapshots and copy them to a locked vault.
Create an AWS Backup policy in the delegated administrator account that assigns the FSx file system and DynamoDB table to a backup plan with hourly snapshots (FSx) and continuous backups (DynamoDB), a 35-day retention rule, and an automatic copy to a backup vault locked in Compliance mode in us-west-2. Enable Amazon ECR private-registry cross-Region replication from us-east-1 to us-west-2.
Convert the FSx file system to a multi-AZ deployment and configure Distributed File System Replication (DFSR) between Regions. Convert the DynamoDB table to a global table spanning us-east-1 and us-west-2, disable all backups, and enable an ECR pull-through cache in us-west-2.
An organization-level AWS Backup policy lets a delegated administrator centrally apply a backup plan to resources in member accounts. The plan can schedule hourly snapshot backups for the FSx file system and enable continuous (point-in-time) backups for DynamoDB, then automatically copy each recovery point to a backup vault in us-west-2. Locking the destination vault in Compliance mode with AWS Backup Vault Lock makes the backups write-once-read-many and prevents even privileged users from deleting or shortening the 35-day retention period. Amazon ECR provides native cross-Region private-registry replication, so new images pushed in us-east-1 are automatically replicated to us-west-2 without extra backup charges. During a regional outage, administrators can restore the FSx recovery point, perform a point-in-time restore of the DynamoDB table (within the 35-day window), and pull the replicated container images-all well within the 60-minute RTO and 1-hour RPO.
The other options either rely on services that do not support the listed resources, require custom scripting and higher data-transfer costs, or fail to provide immutable 35-day retention across accounts and Regions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Backup and how does it help with compliance requirements?
Open an interactive chat with Bash
How does Amazon ECR's cross-Region replication work?
Open an interactive chat with Bash
What is the role of DynamoDB continuous backups in meeting RPO requirements?
Open an interactive chat with Bash
AWS Certified Solutions Architect Professional SAP-C02
Design Solutions for Organizational Complexity
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access