Q72 — AWS DVA-C02 Ch.1

Question 72 of 100 | ← Chapter 1

A developer is deploying an application that stores files in an Amazon S3 bucket. These files must be encrypted at rest. The developer wants to replicate files to an S3 bucket in a different AWS Region for disaster recovery. What is the minimal configuration required to accomplish this task?

Correct Answer: A. Use server-side encryption with Amazon S3 managed keys (SSE-S3) to encrypt files. Enable S3 Cross-Region Replication.

Explanation

Option A is correct because SSE-S3 is the simplest, fully managed encryption option compatible with S3 Cross-Region Replication (CRR). CRR natively supports replication of SSE-S3–encrypted objects without requiring additional key management or manual intervention. Option B requires replicating KMS keys across Regions and configuring replication-specific KMS permissions—increasing complexity. Option C is manual, non-automated, and not resilient. Option D is invalid—S3 Lifecycle rules cannot move objects between Regions. 【Lantern Certification: swufelp1999】