AWS Certified Solutions Architect – Associate (SAA-C03) — Question 439

A company wants to implement a backup strategy for Amazon EC2 data and multiple Amazon S3 buckets. Because of regulatory requirements, the company must retain backup files for a specific time period. The company must not alter the files for the duration of the retention period.

Which solution will meet these requirements?

Answer options

• A. Use AWS Backup to create a backup vault that has a vault lock in governance mode. Create the required backup plan.
• B. Use Amazon Data Lifecycle Manager to create the required automated snapshot policy.
• C. Use Amazon S3 File Gateway to create the backup. Configure the appropriate S3 Lifecycle management.
• D. Use AWS Backup to create a backup vault that has a vault lock in compliance mode. Create the required backup plan.

Correct answer: D

Explanation

AWS Backup provides a centralized solution to back up both Amazon EC2 and Amazon S3 resources. To satisfy the strict regulatory requirement that prevents backups from being altered or deleted by any user, including the root account, the AWS Backup Vault Lock must be deployed in compliance mode. Governance mode is inappropriate here because it allows authorized administrators to modify or delete the lock configuration.