DOP-C02 · Question #234
DOP-C02 Question #234: Real Exam Question with Answer & Explanation
The correct answer is A: Create a new IAM role that allows the Amazon S3 and S3 Batch Operations service principals to. Explanation Achieving high availability with S3 replication requires three coordinated components: proper permissions, ongoing replication, and backfilling existing data. Option A is correct because S3 Cross-Region Replication requires an IAM role that grants both the S3 service
Question
A company deploys an application in two AWS Regions. The application currently uses an Amazon S3 bucket in the primary Region to store data. A DevOps engineer needs to ensure that the application is highly available in both Regions. The DevOps engineer has created a new S3 bucket in the secondary Region. All existing and new objects must be in both S3 buckets. The application must fail over between the Regions with no data loss. Which combination of steps will meet these requirements with the MOST operational efficiency? (Choose three.)
Options
- ACreate a new IAM role that allows the Amazon S3 and S3 Batch Operations service principals to
- BCreate a new IAM role that allows the AWS Batch service principal to assume the role that has
- CCreate an S3 Cross-Region Replication (CRR) rule on the source S3 bucket. Configure the rule to
- DCreate a two-way replication rule on the source S3 bucket. Configure the rule to use the IAM role
- ECreate an AWS Batch job that has an AWS Fargate orchestration type. Configure the job to use
- FCreate an operation in S3 Batch Operations to replicate the contents of the source S3 bucket to
Explanation
Explanation
Achieving high availability with S3 replication requires three coordinated components: proper permissions, ongoing replication, and backfilling existing data. Option A is correct because S3 Cross-Region Replication requires an IAM role that grants both the S3 service principal (for ongoing replication) and the S3 Batch Operations service principal (for the backfill job) the necessary permissions to read and write objects across buckets. Option C is correct because Cross-Region Replication (CRR) handles all new objects going forward, continuously syncing the source bucket to the destination with no manual intervention. Option F is correct because CRR only replicates objects created after the rule is enabled - S3 Batch Operations is specifically designed to replicate existing objects, closing that gap.
Why distractors are wrong: Option B is incorrect because AWS Batch (a compute service) has no native role in S3 replication workflows - S3 Batch Operations is the correct service. Option D is wrong because two-way (bidirectional) replication is unnecessary here and adds complexity; the requirement is one-directional replication with failover capability, not active-active synchronization. Option E is incorrect because AWS Fargate/Batch is a compute orchestration service, not an appropriate tool for S3 object replication, making it both operationally inefficient and architecturally mismatched.
Memory Tip: Think of it as "Permission → Replicate New → Backfill Old" - every S3 replication setup needs an IAM role (A), a CRR rule for new objects (C), and Batch Operations for existing objects (F). If a distractor mentions "AWS Batch" instead of "S3 Batch Operations," it's almost always a trap!
Topics
Community Discussion
No community discussion yet for this question.