AWS Certified Security – Specialty (SCS-C02) — Question 191

A company is storing data in Amazon S3 Glacier. A security engineer implemented a new vault lock policy for 10 TB of data and called the initiate-vault-lock operation 12 hours ago. The audit team identified a typo in the policy that is allowing unintended access to the vault.

What is the MOST cost-effective way to correct this error?

Answer options

• A. Call the abort-vault-lock operation. Update the policy. Call the initiate-vault-lock operation again.
• B. Copy the vault data to a new S3 bucket. Delete the vault Create a new vault with the data.
• C. Update the policy to keep the vault lock in place.
• D. Update the policy. Call the initiate-vault-lock operation again to apply the new policy.

Correct answer: A

Explanation

The most cost-effective solution is to call the abort-vault-lock operation to cancel the current lock, allowing for the policy to be updated without incurring additional costs associated with transferring data or creating new vaults. Options B and D involve more complex and potentially costly processes, while option C does not address the typo issue effectively.