AWS Certified SysOps Administrator – Associate — Question 384

A company has an application that uses Amazon DynamoDB tables. The tables are spread across AWS accounts and AWS Regions. The company uses AWS CloudFormation to deploy AWS resources.

A new team at the company is deleting unused AWS resources. The team accidentally deletes several production DynamoDB tables by running an AWS Lambda function that makes a DynamoDB DeleteTable API call. The table deletions cause an application outage.

A SysOps administrator must implement a solution that minimizes the chance of accidental deletions of tables. The solution also must minimize data loss that results from accidental deletions.

Which combination of steps will meet these requirements? (Choose two.)

Answer options

• A. Enable termination protection for the CloudFormation stacks that deploy the DynamoDB tables.
• B. Enable deletion protection for the DynamoDB tables.
• C. Enable point-in-time recovery for the DynamoDB tables. Restore the tables if they are accidentally deleted.
• D. Schedule daily backups of the DynamoDB tables. Restore the tables if they are accidentally deleted.
• E. Export the DynamoDB tables to Amazon S3 every day. Use Import from Amazon S3 to restore data for tables that are accidentally deleted.

Correct answer: B, C

Explanation

Enabling deletion protection on the DynamoDB tables prevents them from being deleted by any user or API call, including the Lambda function. Point-in-time recovery (PITR) provides continuous backups that allow restoring a table to any point in time within the last 35 days, minimizing data loss to the second before deletion. CloudFormation termination protection only prevents stack deletion but does not block direct API-level resource deletions, and daily backup options (D and E) do not minimize data loss as effectively as PITR.