AWS Certified SysOps Administrator – Associate — Question 327

A company stores its internal data within an Amazon S3 bucket. All existing data within the S3 bucket is protected by using server-side encryption with Amazon S3 managed encryption keys (SSE-S3). S3 Versioning is enabled. A SysOps administrator must replicate the internal data to another S3 bucket in a different AWS account for disaster recovery. All the existing data is copied from the source S3 bucket to the destination S3 bucket.

Which replication solution is MOST operationally efficient?

Answer options

• A. Add a replication rule to the source bucket and specify the destination bucket. Create a bucket policy for the destination bucket to allow the owner of the source bucket to replicate objects.
• B. Schedule an AWS Batch job with Amazon EventBridge to copy new objects from the source bucket to the destination bucket. Create a Batch Operations IAM role in the destination account.
• C. Configure an Amazon S3 event notification for the source bucket to invoke an AWS Lambda function to copy new objects to the destination bucket. Ensure that the Lambda function has cross-account access permissions.
• D. Run a scheduled script on an Amazon EC2 instance to copy new objects from the source bucket to the destination bucket. Assign cross-account access permissions to the EC2 instance's role.

Correct answer: A

Explanation

Amazon S3 Cross-Region Replication (CRR) is a native, fully managed feature that automatically replicates new objects cross-account with minimal setup, making Option A the most operationally efficient solution. Options B, C, and D introduce unnecessary complexity and operational overhead by requiring the deployment, monitoring, and maintenance of custom scripts, Lambda functions, or virtual servers. Because SSE-S3 encryption is natively supported by S3 replication, no extra steps are required to handle the encryption keys.