Answer-first summary for fast verification
Answer: Create a new S3 bucket. Load the data into the new S3 bucket. Use S3 Cross-Region Replication (CRR) to replicate encrypted objects to an S3 bucket in another Region. Use server-side encryption with AWS KMS multi-Region keys (SSE-KMS). Use Amazon Athena to query the data.
## Explanation **Correct Answer: A** **Why Option A is correct:** 1. **Serverless SQL Analysis**: Amazon Athena is a serverless query service that allows you to analyze data in S3 using standard SQL. This meets the requirement for a serverless solution to analyze data using SQL. 2. **Cross-Region Replication**: S3 Cross-Region Replication (CRR) replicates encrypted objects to another region, meeting the data replication requirement. 3. **Encryption with KMS multi-Region keys**: Using SSE-KMS with multi-Region keys ensures that encrypted objects can be replicated and decrypted in the destination region without requiring separate key management, reducing operational overhead. 4. **Least operational overhead**: This solution uses managed services (Athena, S3 CRR, KMS multi-Region keys) that require minimal operational management. **Why other options are incorrect:** - **Option B**: Uses Amazon RDS instead of Athena. RDS is not a serverless SQL analysis service for S3 data; it's a managed relational database service that requires provisioning and management of database instances. - **Option C**: Uses SSE-S3 (S3-managed keys) instead of KMS multi-Region keys. When using SSE-S3, encrypted objects cannot be replicated to another region via CRR because S3-managed keys are region-specific and cannot be accessed in other regions. - **Option D**: Combines the issues of both B and C - uses RDS (not serverless analysis) and SSE-S3 (cannot replicate encrypted objects). **Key AWS Services Understanding:** - **Amazon Athena**: Serverless interactive query service for analyzing data in S3 using SQL - **S3 Cross-Region Replication (CRR)**: Automatically replicates objects across AWS regions - **SSE-KMS with multi-Region keys**: Allows encrypted objects to be replicated and decrypted in destination regions - **SSE-S3**: Uses S3-managed encryption keys that are region-specific and cannot be used for cross-region replication of encrypted objects
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company wants to move its application to a serverless solution. The serverless solution needs to analyze existing and new data by using SQL. The company stores the data in an Amazon S3 bucket. The data requires encryption and must be replicated to a different AWS Region.
Which solution will meet these requirements with the LEAST operational overhead?
A
Create a new S3 bucket. Load the data into the new S3 bucket. Use S3 Cross-Region Replication (CRR) to replicate encrypted objects to an S3 bucket in another Region. Use server-side encryption with AWS KMS multi-Region keys (SSE-KMS). Use Amazon Athena to query the data.
B
Create a new S3 bucket. Load the data into the new S3 bucket. Use S3 Cross-Region Replication (CRR) to replicate encrypted objects to an S3 bucket in another Region. Use server-side encryption with AWS KMS multi-Region keys (SSE-KMS). Use Amazon RDS to query the data.
C
Load the data into the existing S3 bucket. Use S3 Cross-Region Replication (CRR) to replicate encrypted objects to an S3 bucket in another Region. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Use Amazon Athena to query the data.
D
Load the data into the existing S3 bucket. Use S3 Cross-Region Replication (CRR) to replicate encrypted objects to an S3 bucket in another Region. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Use Amazon RDS to query the data.