AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Explanation:

Explanation

Correct Answer: A

Why Option A is correct:

Serverless SQL Analysis: Amazon Athena is a serverless query service that allows you to analyze data in S3 using standard SQL. This meets the requirement for a serverless solution to analyze data using SQL.
Cross-Region Replication: S3 Cross-Region Replication (CRR) replicates encrypted objects to another region, meeting the data replication requirement.
Encryption with KMS multi-Region keys: Using SSE-KMS with multi-Region keys ensures that encrypted objects can be replicated and decrypted in the destination region without requiring separate key management, reducing operational overhead.
Least operational overhead: This solution uses managed services (Athena, S3 CRR, KMS multi-Region keys) that require minimal operational management.

Why other options are incorrect:

Option B: Uses Amazon RDS instead of Athena. RDS is not a serverless SQL analysis service for S3 data; it's a managed relational database service that requires provisioning and management of database instances.
Option C: Uses SSE-S3 (S3-managed keys) instead of KMS multi-Region keys. When using SSE-S3, encrypted objects cannot be replicated to another region via CRR because S3-managed keys are region-specific and cannot be accessed in other regions.
Option D: Combines the issues of both B and C - uses RDS (not serverless analysis) and SSE-S3 (cannot replicate encrypted objects).

Key AWS Services Understanding:

Amazon Athena: Serverless interactive query service for analyzing data in S3 using SQL
S3 Cross-Region Replication (CRR): Automatically replicates objects across AWS regions
SSE-KMS with multi-Region keys: Allows encrypted objects to be replicated and decrypted in destination regions
SSE-S3: Uses S3-managed encryption keys that are region-specific and cannot be used for cross-region replication of encrypted objects

Explanation:

Explanation

Correct Answer: A

Why Option A is correct:

Serverless SQL Analysis: Amazon Athena is a serverless query service that allows you to analyze data in S3 using standard SQL. This meets the requirement for a serverless solution to analyze data using SQL.
Cross-Region Replication: S3 Cross-Region Replication (CRR) replicates encrypted objects to another region, meeting the data replication requirement.
Encryption with KMS multi-Region keys: Using SSE-KMS with multi-Region keys ensures that encrypted objects can be replicated and decrypted in the destination region without requiring separate key management, reducing operational overhead.
Least operational overhead: This solution uses managed services (Athena, S3 CRR, KMS multi-Region keys) that require minimal operational management.

Why other options are incorrect:

Option B: Uses Amazon RDS instead of Athena. RDS is not a serverless SQL analysis service for S3 data; it's a managed relational database service that requires provisioning and management of database instances.
Option C: Uses SSE-S3 (S3-managed keys) instead of KMS multi-Region keys. When using SSE-S3, encrypted objects cannot be replicated to another region via CRR because S3-managed keys are region-specific and cannot be accessed in other regions.
Option D: Combines the issues of both B and C - uses RDS (not serverless analysis) and SSE-S3 (cannot replicate encrypted objects).

Key AWS Services Understanding:

Amazon Athena: Serverless interactive query service for analyzing data in S3 using SQL
S3 Cross-Region Replication (CRR): Automatically replicates objects across AWS regions
SSE-KMS with multi-Region keys: Allows encrypted objects to be replicated and decrypted in destination regions
SSE-S3: Uses S3-managed encryption keys that are region-specific and cannot be used for cross-region replication of encrypted objects

Comments (0)

No comments yet.

A company wants to move its application to a serverless solution. The serverless solution needs to analyze existing and new data by using SQL. The company stores the data in an Amazon S3 bucket. The data requires encryption and must be replicated to a different AWS Region.

Which solution will meet these requirements with the LEAST operational overhead?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Create a new S3 bucket. Load the data into the new S3 bucket. Use S3 Cross-Region Replication (CRR) to replicate encrypted objects to an S3 bucket in another Region. Use server-side encryption with AWS KMS multi-Region keys (SSE-KMS). Use Amazon Athena to query the data.