Q74 — AWS SCS-C02 Ch.1
Question 74 of 100 | ← Chapter 1
A company is storing data in Amazon S3 Glacier. A security engineer implemented a new vault lock policy for 10 TB of data and called the initiate-vault-lock operation 12 hours ago. The audit team identied a typo in the policy that is allowing unintended access to the vault. What is the MOST cost-effective way to correct this error?
- A. Call the abort-vault-lock operation. Update the policy. Call the initiate-vault-lock operation again. ✓
- B. Copy the vault data to a new S3 bucket. Delete the vault Create a new vault with the data.
- C. Update the policy to keep the vault lock in place.
- D. Update the policy. Call the initiate-vault-lock operation again to apply the new policy.
Correct Answer: A. Call the abort-vault-lock operation. Update the policy. Call the initiate-vault-lock operation again.
Explanation
Amazon S3 Glacier的vault lock策略在调用`initiate-vault-lock`后进入待定状态,未完成最终确认前可被中止。AWS文档指出,在锁定策略前,若发现错误,可通过`abort-vault-lock`终止请求并修正策略。选项A通过中止当前锁定、修正策略并重新发起操作,避免了数据迁移或删除的高昂成本。选项B涉及数据迁移和重建存储,不必要且成本高。选项C和D无法在策略待定时直接更新或覆盖。