Exam SAP-C02 All QuestionsBrowse all questions from this exam
Go to Exam
Question 58

A company has a monolithic application that is critical to the company’s business. The company hosts the application on an Amazon EC2 instance that runs Amazon Linux 2. The company’s application team receives a directive from the legal department to back up the data from the instance’s encrypted Amazon Elastic Block Store (Amazon EBS) volume to an Amazon S3 bucket. The application team does not have the administrative SSH key pair for the instance. The application must continue to serve the users.

Which solution will meet these requirements?

    Correct Answer: A

    To back up the data from an EC2 instance's EBS volume to an S3 bucket without interruption to the running application and without requiring SSH access, attach an IAM role to the instance with permissions to write to S3. Then, use the AWS Systems Manager Session Manager to access the instance and run commands to copy the data to S3. This method enables remote access without needing administrative SSH keys and maintains the continuous operation of the application.

Discussion
masetromainOption: C

The correct answer is C. Taking a snapshot of the EBS volume using Amazon Data Lifecycle Manager (DLM) will meet the requirements because it allows you to create a backup of the volume without the need to access the instance or its SSH key pair. Additionally, DLM allows you to schedule the backups to occur at specific intervals and also enables you to copy the snapshots to an S3 bucket. This approach will not impact the running application as the backup is performed on the EBS volume level. Option A is not correct because the instance would need an IAM role with permission to write to S3 and access to the instance via Systems Manager Session Manager. Option B is not correct because it would require stopping the instance, which would impact the running application. Option D is not correct because it would require stopping the instance and creating a new EC2 instance, which would impact the running application.

Atila50

thank you for correcting some of these answers and for the explanations to them

mmendozaf

Assuming that EBS is encrypted, I think that is much easier to run the copy command from AW system manager

Sab

Your reasoning is wrong . Option A has mentioned that instance profile role is attached to EC2 instance.

mav3r1ck

Not true! Feel free to challenge me if you think I am wrong. Taking a snapshot of the EBS volume using Amazon DLM is a straightforward approach to ensure data durability and availability. However, this option does not directly address the requirement to move data to an S3 bucket. While EBS snapshots are stored on S3, they are not accessible as regular S3 objects for direct file manipulation or viewing, meaning additional steps would be required to access and use the data in the format specified by the requirement. Verdict: Does Not Fully Meet Requirements. DLM manages snapshots for EBS volumes but doesn't facilitate direct, accessible backups to S3 as described.

gustori99

I'll try to challange you :-) You can use EBS direct APIs to access data from an EBS snapshot. This is how you can read the data from the snapshot and copy it to S3. https://docs.aws.amazon.com/ebs/latest/userguide/ebs-accessing-snapshot.html

bititanOption: A

taking a backup of the data to s3. aws doesn't allow up to view snapshots in s3

tmlong18

The requirement is only 'back up'

TonytheTigerOption: C

Option C: You can back up the data on your Amazon EBS volumes by making point-in-time copies, known as Amazon EBS snapshot. EBS snapshots are stored in Amazon S3 https://docs.aws.amazon.com/ebs/latest/userguide/ebs-snapshots.html AWS DLM - https://docs.aws.amazon.com/ebs/latest/userguide/ebs-creating-snapshot.html

ninomfr64Option: A

Not B and D. because when you create an image of the instance, by default Amazon EC2 shuts down the instance, takes snapshots of any attached volumes, creates AMI, and then reboots the instance. This breaks the requirement to keep the app running https://docs.aws.amazon.com/toolkit-for-visual-studio/latest/user-guide/tkv-create-ami-from-instance.html Not C. Because EBS snapshots taken by DLM are stored on S3 that is not accessible from users. also you cannot copy snapshots to S3 (you can copy across regions and across accounts, but still in S3 not accessible from users) https://repost.aws/knowledge-center/ebs-copy-snapshot-data-s3-create-volume A does the job, this is not very clean options as to properly run commands via SSM we need SSM Agents installed (this is in the scenario as Amazon Linux 2 comes with the agent) and IAM Role with SSM permission and this specific point is not stated in the scenario.

mav3r1ckOption: A

Answer.. A! This option stands out because it allows secure, keyless access to the EC2 instance without requiring the administrative SSH key pair. By attaching an IAM role with S3 write permissions to the instance, you can use Session Manager to execute data copy commands directly to S3. This method does not disrupt the running application, meeting the requirement for continuous operation.

gofavad926Option: A

A meets the requirements by allowing the application team to back up data without interrupting the service and without needing the SSH key pair.

marszalekmOption: A

https://repost.aws/knowledge-center/ebs-copy-snapshot-data-s3-create-volume

ShenanniganOption: C

Option A is a manual process where you have to connect via SSM Session manager - too tedious and requires huge manual effort to maintain backups So going with C, as you can't manage the snapshot in S3 but you can restore it if anything goes wrong

ahhatemOption: C

One issue with option A is that an ec2 instance with a role granting access to only S3, wouldn’t be registered with the session manager and it won’t be possible to create a session.

titi_rOption: A

"A" seems ok as an option. "C" is wrong because the question asks you to copy the DATA=FILES to S3. You cannot copy the files from a snapshot made by an encrypted volume to S3 bucket.

vip2Option: C

C looks more better than A according to keep application running all time

vip2Option: C

currect answer is C Data Lifecycle Manager (DLM) direct APIs can be used to read the data from the snapshot and copy the data to Amazon S3.

cnethers

C Reason You can use Amazon Data Lifecycle Manager to automate the creation, retention, and deletion of EBS snapshots and EBS-backed AMIs. When you automate snapshot and AMI management, it helps you to: Protect valuable data by enforcing a regular backup schedule. Create standardized AMIs that can be refreshed at regular intervals. Retain backups as required by auditors or internal compliance. Reduce storage costs by deleting outdated backups. Create disaster recovery backup policies that back up data to isolated Regions or accounts.

HelpnosenseOption: D

Vote D because other than it doesn't mention choose no reboot when creating image, the rest steps cover all the necessities to backup data on ebs to s3. But consider B explicitly mention with reboot option while D not reason to assume D will use no reboot option. Answer C and A have too much assumption that not state in the question and answer. A: not sure ssm agent is installed and configure to work with system manager. C: missing steps to mount volume on new create ec2 with s3 instance profile attached.

iulian0585Option: A

I don't see an easy way to copy files to an S3 bucket other the answer A. C copying block data to a bucket is also posible but it's binary data, so not in a easy usable format.

onepunchfinish

The answer is C. Option C: Amazon Data Lifecycle Manager provides an automated, policy-based lifecycle management solution for Amazon Elastic Block Store (EBS) Snapshots and EBS-backed Amazon Machine Images (AMIs). Automate the creation of point-in-time copy of your block storage data with user-defined policies that you can customise based on data protection needs. Amazon Data Lifecycle Manager requires no scripting or special training. You can use the Amazon Elastic Block Store (Amazon EBS) direct APIs to create EBS snapshots, write data directly to your snapshots, read data on your snapshots, and identify the differences or changes between two snapshots. These APIs can be used to read the data from the snapshot and copy the data to Amazon S3. Option A is not correct: Running manual commands on a business-critical instance isn't recommended and DLM can safely take the snapshot without needing to log in to the instance in any way.

adelynllllllllll

C: Tested, there is no option to copy the snapshot to S3.

adelynllllllllll

correction: I mean it should be A, not C.

tmlong18

the snapshot is stored in S3 but fully manged by AWS

hogtrough

"EBS snapshots are stored in Amazon S3, in S3 buckets that you can't access directly." https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html