Topic 1 Question 337
3 つ選択A company runs applications in hundreds of production AWS accounts. The company uses AWS Organizations with all features enabled and has a centralized backup operation that uses AWS Backup.
The company is concerned about ransomware attacks. To address this concern, the company has created a new policy that all backups must be resilient to breaches of privileged-user credentials in any production account.
Which combination of steps will meet this new requirement?
Implement cross-account backup with AWS Backup vaults in designated non-production accounts.
Add an SCP that restricts the modification of AWS Backup vaults.
Implement AWS Backup Vault Lock in compliance mode. C. Implement least privilege access for the IAM service role that is assigned to AWS Backup.
Configure the backup frequency, lifecycle, and retention period to ensure that at least one backup always exists in the cold tier.
Configure AWS Backup to write all backups to an Amazon S3 bucket in a designated non-production account. Ensure that the S3 bucket has S3 Object Lock enabled.
ユーザの投票
コメント(15)
- 正解だと思う選択肢: ACE
ACE for sure
A. Implement cross-account backup with AWS Backup vaults in designated non-production accounts. This will allow the company to securely copy their backups to other accounts that are part of their organization for operational or security reasons1. C. Implement AWS Backup Vault Lock in compliance mode. This will provide an additional layer of protection and immutability to the backup vaults, preventing any user (including the root user) or AWS from deleting or modifying the backups until the retention period is complete2. E. Configure the backup frequency, lifecycle, and retention period to ensure that at least one backup always exists in the cold tier. This will help the company to avoid accidental or malicious deletion of backups by enforcing a minimum retention period and moving the backups to a lower-cost storage tier2.
👍 5devalenzuela862023/11/21 - 正解だと思う選択肢: ACD
ACD, because AWS Backup can't use S3 as DataVault. For make backups resilent - need to enable Vault Locks
👍 4HunkyBunky2023/11/22 Answer ABC is a consistent combined options and makes more sense
👍 2George882023/11/26
シャッフルモード