AWS Certified SysOps Administrator – Associate — Question 205

A company manages its multi-account environment by using AWS Organizations. The company needs to automate the creation of daily incremental backups of any Amazon Elastic Block Store (Amazon EBS) volume that is marked with a Lifecycle: Production tag in one of its primary AWS accounts.

The company wants to prevent users from using Amazon EC2 * permissions to delete any of these production snapshots.

What should a SysOps administrator do to meet these requirements?

Answer options

• A. Create a daily snapshot of all EBS volumes by using Amazon Data Lifecycle Manager. Specify Lifecycle as the tag key. Specify Production as the tag value.
• B. Associate a service control policy (SCP) with the account to deny users the ability to delete EBS snapshots. Create an Amazon EventBridge rule with a 24-hour cron schedule. Configure EBS Create Snapshot as the target. Target all EBS volumes with the specified tags.
• C. Create a daily snapshot of all EBS volumes by using AWS Backup. Specify Lifecycle as the tag key. Specify Production as the tag value.
• D. Create a daily Amazon Machine Image (AMI) of every production EC2 instance within the AWS account by using Amazon Data Lifecycle Manager.

Correct answer: C

Explanation

The correct answer is C because AWS Backup is specifically designed to manage backups for EBS volumes, allowing for automated daily snapshots based on tags. Option A, while it uses Data Lifecycle Manager, does not offer the same level of backup management as AWS Backup. Option B focuses on policy enforcement rather than the actual backup process, and option D is not applicable since it discusses AMIs instead of EBS snapshots.