AWS Certified Security – Specialty — Question 24

The security engineer implemented a new vault stock policy for 10TB of data and called initiate-vault-lock 12 hours ago. The audit team identified a typo that is allowing incorrect access to the vault.
What is the MOST cost-effective way to correct this?

Answer options

• A. Call the abort-vault-lock operation, fix the typo, and call the initiate-vault-lock again.
• B. Copy the vault data to Amazon S3, delete the vault, and create a new vault with the data.
• C. Update the policy, keeping the vault lock in place.
• D. Update the policy, and call initiate-vault-lock again to apply the new policy.

Correct answer: A

Explanation

The correct answer is A because aborting the vault lock allows for corrections to be made without incurring additional costs associated with data duplication or creating a new vault. Options B and C are more resource-intensive and do not address the immediate need to correct access issues. Option D does not allow for changes to be made to the policy since the vault lock is already in place.