Q74 — AWS SCS-C02 Ch.1

Question 74 of 100 | ← Chapter 1

A company is storing data in Amazon S3 Glacier. A security engineer implemented a new vault lock policy for 10 TB of data and called the initiate-vault-lock operation 12 hours ago. The audit team identied a typo in the policy that is allowing unintended access to the vault. What is the MOST cost-effective way to correct this error?

Correct Answer: A. Call the abort-vault-lock operation. Update the policy. Call the initiate-vault-lock operation again.

Explanation

Amazon S3 Glacier的vault lock策略在调用`initiate-vault-lock`后进入待定状态,未完成最终确认前可被中止。AWS文档指出,在锁定策略前,若发现错误,可通过`abort-vault-lock`终止请求并修正策略。选项A通过中止当前锁定、修正策略并重新发起操作,避免了数据迁移或删除的高昂成本。选项B涉及数据迁移和重建存储,不必要且成本高。选项C和D无法在策略待定时直接更新或覆盖。