AWS Certified Security – Specialty (SCS-C02) — Question 28

A company has an application that uses dozens of Amazon DynamoDB tables to store data. Auditors find that the tables do not comply with the company's data protection policy.
The company's retention policy states that all data must be backed up twice each month: once at midnight on the 15th day of the month and again at midnight on the 25th day of the month. The company must retain the backups for 3 months.
Which combination of steps should a security engineer take to meet these requirements? (Choose two.)

Answer options

• A. Use the DynamoDB on-demand backup capability to create a backup plan. Configure a lifecycle policy to expire backups after 3 months.
• B. Use AWS DataSync to create a backup plan. Add a backup rule that includes a retention period of 3 months.
• C. Use AWS Backup to create a backup plan. Add a backup rule that includes a retention period of 3 months.
• D. Set the backup frequency by using a cron schedule expression. Assign each DynamoDB table to the backup plan.
• E. Set the backup frequency by using a rate schedule expression. Assign each DynamoDB table to the backup plan.

Correct answer: C, D

Explanation

The correct answer is C and D. AWS Backup is specifically designed for managing backups across AWS services like DynamoDB, allowing for the configuration of retention periods. Using a cron schedule expression for backup frequency ensures that backups occur at the required times. Options A and B do not meet the necessary requirements as they either do not use AWS Backup or do not specify the correct scheduling, while option E does not utilize the required cron schedule.