AWS Certified Security – Specialty — Question 218

A company is storing data in Amazon S3 Glacier. The security engineer implemented a new vault lock policy for 10TB of data and called initiate-vault-lock operation 12 hours ago. The audit team identified a typo in the policy that is allowing unintended access to the vault.
What is the MOST cost-effective way to correct this?

Answer options

• A. Call the abort-vault-lock operation. Update the policy. Call the initiate-vault-lock operation again.
• B. Copy the vault data to a new S3 bucket. Delete the vault. Create a new vault with the data.
• C. Update the policy to keep the vault lock in place.
• D. Update the policy. Call initiate-vault-lock operation again to apply the new policy.

Correct answer: A

Explanation

The correct answer is A because aborting the vault lock allows the engineer to make necessary changes to the policy without incurring additional costs. Options B and C are inefficient as they involve either unnecessary data transfer or do not address the typo issue. Option D is incorrect because once the lock is initiated, the policy cannot be changed without aborting it first.