AWS Certified Solutions Architect – Associate (SAA-C02) — Question 54

A company is managing health records on-premises. The company must keep these records indefinitely, disable any modifications to the records once they are stored, and granularly audit access at all levels. The chief technology officer (CTO) is concerned because there are already millions of records not being used by any application, and the current infrastructure is running out of space. The CTO has requested a solutions architect design a solution to move existing data and support future records.
Which services can the solutions architect recommend to meet these requirements?

Answer options

• A. Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with data events.
• B. Use AWS Storage Gateway to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events.
• C. Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events.
• D. Use AWS Storage Gateway to move existing data to AWS. Use Amazon Elastic Block Store (Amazon EBS) to store existing and new data. Enable Amazon S3 object lock and enable Amazon S3 server access logging.

Correct answer: A

Explanation

Option A is correct because AWS DataSync is designed for efficient data transfer to AWS, and Amazon S3 with object lock provides the necessary immutability and retention for health records, while AWS CloudTrail with data events allows for granular auditing of access. The other options either use AWS Storage Gateway, which is not optimal for this use case, or misconfigure the CloudTrail settings, making them unsuitable for the given requirements.