Topic 1 Question 295
A company manages its multi-account environment by using AWS Organizations. The company needs to automate the creation of daily incremental backups of any Amazon Elastic Block Store (Amazon EBS) volume that is marked with a Lifecycle: Production tag in one of its primary AWS accounts.
The company wants to prevent users from using Amazon EC2 * permissions to delete any of these production snapshots.
What should a SysOps administrator do to meet these requirements?
Create a daily snapshot of all EBS volumes by using Amazon Data Lifecycle Manager. Specify Lifecycle as the tag key. Specify Production as the tag value.
Associate a service control policy (SCP) with the account to deny users the ability to delete EBS snapshots. Create an Amazon EventBridge rule with a 24-hour cron schedule. Configure EBS Create Snapshot as the target. Target all EBS volumes with the specified tags.
Create a daily snapshot of all EBS volumes by using AWS Backup. Specify Lifecycle as the tag key. Specify Production as the tag value.
Create a daily Amazon Machine Image (AMI) of every production EC2 instance within the AWS account by using Amazon Data Lifecycle Manager.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: C
I think answer is "C" because using AWS backup is the established method/tool for this, and EC2 instance role/profile would not be allow to control or delete backups unless explicitly allowed. The word "cron" in en answer "B" is red flag that is is the wrong answer. I know all about cron, and it's invaluable and bullet proof on a system. However, it's anathema to AWS Cloud way of doing things. Wherever you see the word "cron" in AWS response, you know its the wrong answer (IMHO).
👍 4Gomer2023/05/03 - 正解だと思う選択肢: A
Explanation: In this scenario, the objective is to automate the creation of daily incremental backups for EBS volumes marked with a specific tag and prevent users from deleting these snapshots using EC2 permissions. Amazon Data Lifecycle Manager (DLM) is a service that can automate the creation, retention, and deletion of EBS snapshots based on policies. By creating a DLM policy with a daily schedule and configuring it to target EBS volumes with the "Lifecycle: Production" tag, you can achieve the automated backup requirement.
👍 2thetnyeinmoe2023/05/26
シャッフルモード