AWS Certified SysOps Administrator – Associate (legacy) — Question 756

The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also data for customers that reside in the US must not leave the US without explicit authorization.
What must you do to comply with this requirement for a web based profile management application running on EC2?

Answer options

• A. Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile
• B. Run EC2 instances in multiple Regions and leverage Route 53's Latency Based Routing capabilities to route traffic to the appropriate region to create their profile
• C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile
• D. Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile

Correct answer: C

Explanation

To meet strict data residency requirements, the application must be deployed in multiple AWS Regions (such as one in the EU and one in the US) so that data is stored locally. Using a third-party IP geolocation data provider ensures accurate routing based on the user's physical location, whereas Route 53 Latency Based Routing only routes based on network latency and does not guarantee geographic compliance. Single-region solutions (A and D) are invalid because they would force either EU or US data to leave its respective region.