ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 320 - SAP-C02 discussion

Report
Export

A company runs applications in hundreds of production AWS accounts. The company uses AWS Organizations with all features enabled and has a centralized backup operation that uses AWS Backup.

The company is concerned about ransomware attacks. To address this concern, the company has created a new policy that all backups must be resilient to breaches of privileged-user credentials in any production account.

Which combination of steps will meet this new requirement? (Select THREE.)

A.
Implement cross-account backup with AWS Backup vaults in designated non-production accounts.
Answers
A.
Implement cross-account backup with AWS Backup vaults in designated non-production accounts.
B.
Add an SCP that restricts the modification of AWS Backup vaults.
Answers
B.
Add an SCP that restricts the modification of AWS Backup vaults.
C.
Implement AWS Backup Vault Lock in compliance mode.
Answers
C.
Implement AWS Backup Vault Lock in compliance mode.
D.
Configure the backup frequency, lifecycle, and retention period to ensure that at least one backup always exists in the cold tier. E. Configure AWS Backup to write all backups to an Amazon S3 bucket in a designated non-production account. Ensure that the S3 bucket has S3 Object Lock enabled.
Answers
D.
Configure the backup frequency, lifecycle, and retention period to ensure that at least one backup always exists in the cold tier. E. Configure AWS Backup to write all backups to an Amazon S3 bucket in a designated non-production account. Ensure that the S3 bucket has S3 Object Lock enabled.
E.
Implement least privilege access for the IAM service role that is assigned to AWS Backup.
Answers
E.
Implement least privilege access for the IAM service role that is assigned to AWS Backup.
Suggested answer: A, B, C
asked 16/09/2024
Channa Leang
39 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first