AWS Certified SysOps Administrator – Associate (SOA-C03) — Question 20

A CloudOps engineer is responsible for a company’s disaster recovery procedures. The company has a source Amazon S3 bucket in a production account, and it wants to replicate objects from the source to a destination S3 bucket in a nonproduction account. The CloudOps engineer configures S3 cross-Region, cross-account replication to copy the source S3 bucket to the destination S3 bucket. When the CloudOps engineer attempts to access objects in the destination S3 bucket, they receive an Access Denied error.
Which solution will resolve this problem?

Answer options

• A. Modify the replication configuration to change object ownership to the destination S3 bucket owner.
• B. Ensure that the replication rule applies to all objects in the source S3 bucket and is not scoped to a single prefix.
• C. Retry the request when the S3 Replication Time Control (S3 RTC) has elapsed.
• D. Verify that the storage class for the replicated objects did not change between the source S3 bucket and the destination S3 bucket.

Correct answer: A

Explanation

The correct answer is A because changing the object ownership to the destination S3 bucket owner allows access permissions to be properly assigned, resolving the Access Denied error. Options B, C, and D do not address the ownership issue that is causing the access problem, as they focus on replication rules, timing, and storage classes, which are unrelated to access permissions.