AWS Certified Solutions Architect – Associate (SAA-C03) — Question 874

A company wants to move its application to a serverless solution. The serverless solution needs to analyze existing data and new data by using SQL. The company stores the data in an Amazon S3 bucket. The data must be encrypted at rest and replicated to a different AWS Region.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Create a new S3 bucket that uses server-side encryption with AWS KMS multi-Region keys (SSE-KMS). Configure Cross-Region Replication (CRR). Load the data into the new S3 bucket. Use Amazon Athena to query the data.
• B. Create a new S3 bucket that uses server-side encryption with Amazon S3 managed keys (SSE-S3). Configure Cross-Region Replication (CRR). Load the data into the new S3 bucket. Use Amazon RDS to query the data.
• C. Configure Cross-Region Replication (CRR) on the existing S3 bucket. Use server-side encryption with Amazon S3 managed keys (SSE-S3). Use Amazon Athena to query the data.
• D. Configure S3 Cross-Region Replication (CRR) on the existing S3 bucket. Use server-side encryption with AWS KMS multi-Region keys (SSE-KMS). Use Amazon RDS to query the data.

Correct answer: C

Explanation

Option C is correct because configuring Cross-Region Replication (CRR) and SSE-S3 on the existing S3 bucket avoids the overhead of creating a new bucket and migrating data. Amazon Athena is a serverless interactive query service that allows direct SQL querying of S3 data with zero infrastructure management, unlike Amazon RDS which requires provisioning and data ingestion. Using SSE-S3 also minimizes operational overhead compared to managing SSE-KMS keys across multiple regions.