Q72 — AWS DVA-C02 Ch.1
Question 72 of 100 | ← Chapter 1
A developer is deploying an application that stores files in an Amazon S3 bucket. These files must be encrypted at rest. The developer wants to replicate files to an S3 bucket in a different AWS Region for disaster recovery. What is the minimal configuration required to accomplish this task?
- A. Use server-side encryption with Amazon S3 managed keys (SSE-S3) to encrypt files. Enable S3 Cross-Region Replication. ✓
- B. Use server-side encryption (SSE) with AWS Key Management Service (AWS KMS) customer master keys (CMKs) to encrypt files. Enable S3 Cross-Region Replication.
- C. Use the s3 sync command to synchronize files to an S3 bucket in another Region.
- D. Configure S3 Lifecycle rules to automatically transition files to an S3 bucket in another Region.
Correct Answer: A. Use server-side encryption with Amazon S3 managed keys (SSE-S3) to encrypt files. Enable S3 Cross-Region Replication.
Explanation
Option A is correct because SSE-S3 is the simplest, fully managed encryption option compatible with S3 Cross-Region Replication (CRR). CRR natively supports replication of SSE-S3–encrypted objects without requiring additional key management or manual intervention. Option B requires replicating KMS keys across Regions and configuring replication-specific KMS permissions—increasing complexity. Option C is manual, non-automated, and not resilient. Option D is invalid—S3 Lifecycle rules cannot move objects between Regions. 【Lantern Certification: swufelp1999】