ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 4.3: Migration StrategyMigrationSnowballSecurityAthena

AWS SAP-C02 · Question 53 · Domain 4.3: Migration Strategy

An enterprise is migrating its analytics platform to AWS. They have 10 PB of historical data currently stored on an on-premises NAS. The data must be migrated to Amazon S3. Once in S3, the data will be queried by Amazon Athena. The data contains sensitive PII that must be encrypted at rest using keys managed by the enterprise. The migration must be completed within 2 months. Which combination of actions should the Architect take? (Select THREE)

Answer options:

A.

Order multiple AWS Snowball Edge Storage Optimized devices to transfer the 10 PB of data to AWS.

B.

Create an AWS KMS Customer Managed Key (CMK) and configure the S3 bucket to use SSE-KMS as the default encryption.

C.

Configure Amazon Athena to use the same KMS CMK to encrypt query results.

D.

Use AWS DataSync over a 1 Gbps AWS Direct Connect connection to transfer the data.

E.

Configure the S3 bucket to use SSE-S3 (Amazon S3 managed keys) for default encryption.

F.

Use AWS Database Migration Service (DMS) to migrate the data from the NAS to S3.

How to approach this question

Calculate transfer time for 10PB (requires offline transfer) and select the KMS options that give the customer control over the keys.

Full Answer

Order multiple AWS Snowball Edge Storage Optimized devices to transfer the 10 PB of data to AWS., Create an AWS KMS Customer Managed Key (CMK) and configure the S3 bucket to use SSE-KMS as the default encryption., Configure Amazon Athena to use the same KMS CMK to encrypt query results.
Migrating 10 PB of data within 2 months requires an offline transfer method like AWS Snowball Edge (or Snowmobile). To meet the encryption requirement, you must use Server-Side Encryption with AWS KMS Customer Managed Keys (SSE-KMS). Because Athena saves query results to an S3 bucket, you must also configure Athena to encrypt those results using the same KMS key to ensure all sensitive data remains protected.

Common mistakes

Choosing DataSync without doing the math on how long 10 PB takes over a network.
52All questions54

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 5

75 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A global enterprise is redesigning its AWS network architecture across 50 AWS accounts and 3 AWS ...HardQ02A company uses AWS Organizations to manage multiple accounts. The security team mandates that no ...MediumQ03A financial institution requires a disaster recovery strategy for its critical trading applicatio...HardQ04An enterprise is setting up a new multi-account AWS environment using AWS Control Tower. They nee...MediumQ05A company has a complex AWS environment with hundreds of linked accounts under AWS Organizations....Hard
View all 75 questions →