AWS Certified Security – Specialty (SCS-C03) — Question 12

A company recently experienced a malicious attack on its cloud-based environment. The company successfully contained and eradicated the attack A security engineer is performing incident response work. The security engineer needs to recover an Amazon RDS database cluster to the last known good version. The database cluster is configured to generate automated backups with a retention period of 14 days. The initial attack occurred 5 days ago at exactly 3:15 PM
Which solution will meet this requirement?

Answer options

• A. Identify the Regional duster ARN for the database. Use the ARN to restore the Regional cluster by using the Restore to point in time feature. Set a target time 5 days ago at 3:14 PM.
• B. Identify the Regional cluster ARN for the database. List snapshots that have been taken of the cluster. Restore the database by using the snapshot that has a creation time that is closest to 5 days ago at 3:14 PM.
• C. List all snapshots that have been taken of all the company's RDS databases. Identify the snapshot that was taken closest to 5 days ago at 3:14 PM and restore it.
• D. Identify the Regional cluster ARN for the database. Use the ARN to restore the Regional cluster by using the Restore to point in time feature. Set a target time 14 days ago.

Correct answer: A

Explanation

The correct answer is A because it utilizes the 'Restore to point in time' feature, which allows for precise recovery to a specific moment before the attack. Option B is incorrect as it relies on snapshots, which may not provide the same level of granularity. Option C is also not suitable for the same reasons, and option D is wrong because restoring to 14 days ago would not recover the database to the last known good version just before the attack.