ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 296 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 296
Topic #: 1
[All AWS Certified Security - Specialty Questions]

The security engineer implemented a new vault stock policy for 10TB of data and called initiate-vault-lock 12 hours ago. The audit team identified a typo that is allowing incorrect access to the vault.
What is the MOST cost-effective way to correct this?

  • A. Call the abort-vault-lock operation, fix the typo, and call the initiate-vault-lock again.
  • B. Copy the vault data to Amazon S3, delete the vault, and create a new vault with the data.
  • C. Update the policy, keeping the vault lock in place.
  • D. Update the policy, and call initiate-vault-lock again to apply the new policy.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Reference:
https://docs.aws.amazon.com/amazonglacier/latest/dev/api-AbortVaultLock.html
by BillyC at Aug. 25, 2019, 5:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
josellama2000
Highly Voted 3 years, 9 months ago
Correct is A abort-vault-lock is a AWS-CLI S3 command This command aborts the vault locking process if the vault lock is not in the Locked state However, it returns an AccessDenied error if the vault is on Locked state, InitiateVaultLock is a AWS-CLI S3 command this command change the state of tha vault-lock to "InProgress" CompleteVaultLock is a AWS-CLI S3 command this command change the state of tha vault-lock to "Locked" https://docs.aws.amazon.com/cli/latest/reference/glacier/abort-vault-lock.html
upvoted 28 times
cloudprincipal
3 years, 8 months ago
Agreed, :A. Call the abort-vault-lock operation, fix the typo, and call the initiate-vault-lock again.
upvoted 1 times
...
aws_learner
3 years, 8 months ago
This cannot be done through Console.
upvoted 3 times
...
...
Toptip
Most Recent 2 years, 1 month ago
Selected Answer: A
A is correct
upvoted 1 times
...
rdiaz
2 years, 2 months ago
Selected Answer: A
A is ok
upvoted 1 times
...
jishrajesh
2 years, 6 months ago
A is correct
upvoted 1 times
...
sanjaym
3 years, 8 months ago
Ans: A 100%
upvoted 2 times
...
Haxor
3 years, 8 months ago
A because it says "called initiate-vault-lock 12 hours ago" and you can abort vault lock within 24 hours of creating it.
upvoted 1 times
...
devjava
3 years, 8 months ago
Ans > A
upvoted 2 times
...
tomtom2020
3 years, 8 months ago
the answer is "A"
upvoted 3 times
...
RaySmith
3 years, 8 months ago
A is correct
upvoted 3 times
...
awssecuritynewbie
3 years, 8 months ago
I was surprised by after research YES A Is correct : "You must complete the vault locking process within 24 hours after the vault lock enters the InProgress state. After the 24 hour window ends, the lock ID expires, the vault automatically exits the InProgress state, and the vault lock policy is removed from the vault. You call CompleteVaultLock to complete the vault locking process by setting the state of the vault lock to Locked " Ref https://docs.aws.amazon.com/cli/latest/reference/glacier/initiate-vault-lock.html
upvoted 4 times
...
RakeshTaninki
3 years, 8 months ago
A is correct, there will be 24 hrs of time after the initiating the valut lock, you can call abort vault lock to cancel if you have done anything wrong.
upvoted 4 times
...
bp339
3 years, 8 months ago
A is correct
upvoted 3 times
...
AnNguyen
3 years, 8 months ago
Answer is A Initiate the lock by attaching a vault lock policy to your vault, which sets the lock to an in-progress state and returns a lock ID. While in the in-progress state, you have 24 hours to validate your vault lock policy before the lock ID expires. Use the lock ID to complete the lock process. If the vault lock policy doesn't work as expected, you can abort the lock and restart from the beginning. For information on how to use the S3 Glacier API to lock a vault, see Locking a Vault by Using the Amazon S3 Glacier API. https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock-policy.html
upvoted 3 times
Lunga
3 years, 8 months ago
I agree that it is A. The process must be aborted before the policy can be changed.
upvoted 2 times
...
...
jaysource
3 years, 9 months ago
A IS CORRECT
upvoted 2 times
...
bugybq
3 years, 9 months ago
you have 24 hours to validate your vault lock policy before the lock ID expires.
upvoted 3 times
...
INASR
3 years, 9 months ago
A is correct
upvoted 3 times
...
BillyC
3 years, 9 months ago
A is Correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel