AWS Certified Solutions Architect – Associate (SAA-C02) — Question 590

A company needs to store data from its healthcare application. The application's data frequently changes. A new regulation requires audit access at all levels of the stored data.
The company hosts the application on an on-premises infrastructure that is running out of storage capacity. A solutions architect must securely migrate the existing data to AWS while satisfying the new regulation.
Which solution will meet these requirements?

Answer options

• A. Use AWS DataSync to move the existing data to Amazon S3. Use AWS CloudTrail to log data events.
• B. Use AWS Snowcone to move the existing data to Amazon S3. Use AWS CloudTrail to log management events.
• C. Use Amazon S3 Transfer Acceleration to move the existing data to Amazon S3. Use AWS CloudTrail to log data events.
• D. Use AWS Storage Gateway to move the existing data to Amazon S3. Use AWS CloudTrail to log management events.

Correct answer: A

Explanation

AWS DataSync is the optimal service for securely and quickly migrating active, frequently changing on-premises data directly to Amazon S3. To satisfy the regulatory requirement for auditing access at all levels, AWS CloudTrail must be configured to log data events, which record object-level API activity. Options utilizing management events only audit bucket-level actions, which does not satisfy the requirement for auditing at all levels of the stored data.