Exam SAP-C02 All QuestionsBrowse all questions from this exam
Go to Exam
Question 452

A company stores and manages documents in an Amazon Elastic File System (Amazon EFS) file system. The file system is encrypted with an AWS Key Management Service (AWS KMS) key. The file system is mounted to an Amazon EC2 instance that runs proprietary software.

The company has enabled automatic backups for the file system. The automatic backups use the AWS Backup default backup plan.

A solutions architect must ensure that deleted documents can be recovered within an RPO of 100 minutes.

Which solution will meet these requirements?

    Correct Answer: A

    To ensure that deleted documents can be recovered within an RPO of 100 minutes, it is necessary to have a frequent backup schedule. Creating a new IAM role and a new backup plan ensures that the proper permissions are in place. Updating the KMS key policy allows the new IAM role to use the key, facilitating the encrypted backups. Implementing an hourly backup schedule meets the requirement of recovering data within 100 minutes, as hourly backups will ensure that no data is older than 60 minutes at worst. This approach provides a balance between frequency and managing operational overhead without requiring non-standard solutions like custom cron tasks.

Discussion
AesthetOption: A

C is not supported, see here: https://docs.aws.amazon.com/aws-backup/latest/devguide/backup-feature-availability.html#features-by-resource B is not possible (minimum is 1 hour, according to https://aws.amazon.com/blogs/storage/automating-backups-and-optimizing-backup-costs-for-amazon-efs-using-aws-backup/#:~:text=cron%20expression%20that%20creates%20backups%20as%20frequently%20as%20hourly). So I vote for A

VerRiOption: A

The default backup plan is once a day, which cannot meet the RPO, so C and D are out. We need both EventBridge and Lambda functions to frequently backup the EFS, so B is out.

DgixOption: A

First of all, using the existing default backup plan means backups only once a day, which disqualifies both C and D. We are thus left with A and B, which both fulfil the RPO. B is slightly more wasteful in that 30-minute backups are overkill. Also, B requires a custom cron task to be set up using EventBridge as it is a non-standard one for AWS Backup. A, however, can be accomplished without extra operational overhead. Therefore, A.

pangchnOption: B

B Using the AWS Backup console, you can choose a frequency of every 12 hours, daily, weekly, or monthly. You can also create a cron expression that creates backups as frequently as hourly ref: https://aws.amazon.com/blogs/storage/automating-backups-and-optimizing-backup-costs-for-amazon-efs-using-aws-backup/ PITR is not supported for EFS mentioned by djangoUnchained, so C is out From AWS console, the most frequently backup is daily.

053081fOption: A

I checked the AWS Backup console and you cannot setup backup plan less than 1 hour, so 30 min backup(B) will be excluded.

titi_rOption: A

Answer A.

AWSPro1234

Answer C.

CMMCOption: C

Creating a new IAM role and updating the KMS key policy to allow the role to use the key ensures that the backup mechanism has the necessary permissions for encryption. Enabling continuous backups for point-in-time recovery to increases the likelihood of being able to recover deleted documents within the specified RPO of 100 minutes.

djangoUnchained

It seems PITR is not supported for EFS https://docs.aws.amazon.com/aws-backup/latest/devguide/point-in-time-recovery.html