Question 235 of 1,040
Design Resilient ArchitecturesmediumMultiple ChoiceObjective-mapped

S3 Cross-Region Replication and Versioning for Disaster Recovery

This SAA-C03 practice question tests your understanding of design resilient architectures. Match the stated requirement to the specific cloud service, access model, or configuration option — many options are valid in isolation but not for this scenario. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Your media processing pipeline writes original uploads to an S3 bucket and later generates derivative files. An operator accidentally deletes a subset of original uploads in production. You need to (1) restore the deleted objects with minimal data loss and (2) protect against both regional disasters and future operator mistakes. The company requires recovery even if objects are deleted and later overwritten.

What is the most effective change to meet these requirements?

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Enable S3 versioning on the bucket and configure cross-Region replication so previous versions are available after regional loss and accidental deletion.

Option A is correct because enabling S3 Versioning preserves all object versions, including overwrites and deletions (which become delete markers), allowing you to restore deleted objects by removing the delete marker. Cross-Region Replication (CRR) replicates both current and previous versions to a secondary Region, protecting against regional disasters. Together, they ensure recovery even if objects are deleted and later overwritten, meeting all requirements.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Enable S3 versioning on the bucket and configure cross-Region replication so previous versions are available after regional loss and accidental deletion.

    Why this is correct

    Versioning retains prior object versions, and cross-Region replication provides redundancy across Regions for recovery after deletion or disaster.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Move all objects to S3 Glacier Instant Retrieval and apply a lifecycle policy to keep only the latest object copy.

    Why it's wrong here

    Glacier storage tiers do not prevent deletion of the latest version, and keeping only the latest copy fails the recovery requirement.

    When this WOULD be correct

    This option would be correct if the requirements were to reduce storage costs for infrequently accessed data while maintaining millisecond retrieval times, and there was no need to recover from accidental deletion or regional disasters.

  • Use S3 server-side encryption with KMS keys and rely on access logs to manually recover the deleted objects.

    Why it's wrong here

    Encryption protects confidentiality but does not retain deleted data, and access logs do not reconstruct object contents.

    When this WOULD be correct

    If the requirement was to audit who deleted objects and when, without needing to restore them, enabling S3 server access logs and using AWS CloudTrail would be correct. This scenario focuses on detective controls, not recovery.

  • Enable S3 bucket policies that deny DeleteObject, but do not enable versioning or replication.

    Why it's wrong here

    A deny policy can reduce future mistakes, but it does not provide recovery for the already-deleted objects or disaster resilience.

    When this WOULD be correct

    A question requiring prevention of accidental deletion by unauthorized users (e.g., preventing a junior admin from deleting objects) where versioning is already enabled and disaster recovery is not a concern. The policy would block delete API calls while versioning retains previous versions.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The SAA-C03 exam frequently reuses these exact scenarios with slightly different constraints.

Enable S3 versioning on the bucket and configure cross-Region replication so previous versions are available after regional loss and accidental deletion.Correct answer

Why this is correct

Versioning retains prior object versions, and cross-Region replication provides redundancy across Regions for recovery after deletion or disaster.

Move all objects to S3 Glacier Instant Retrieval and apply a lifecycle policy to keep only the latest object copy.Wrong answer — click to see why

Why this is wrong here

Glacier Instant Retrieval does not provide versioning, so deleted objects cannot be restored. Additionally, a lifecycle policy keeping only the latest copy would not protect against accidental deletion or overwrites, and Glacier does not offer cross-region replication for disaster recovery.

★ When this WOULD be the correct answer

This option would be correct if the requirements were to reduce storage costs for infrequently accessed data while maintaining millisecond retrieval times, and there was no need to recover from accidental deletion or regional disasters.

Why candidates choose this

Candidates may mistakenly believe that Glacier Instant Retrieval provides versioning or that a lifecycle policy can protect against deletion, overlooking that versioning is essential for recovery.

Use S3 server-side encryption with KMS keys and rely on access logs to manually recover the deleted objects.Wrong answer — click to see why

Why this is wrong here

Access logs only record requests; they do not restore deleted objects. Manual recovery from logs is impractical and cannot restore objects that were overwritten, failing the requirement for recovery after overwrite.

★ When this WOULD be the correct answer

If the requirement was to audit who deleted objects and when, without needing to restore them, enabling S3 server access logs and using AWS CloudTrail would be correct. This scenario focuses on detective controls, not recovery.

Why candidates choose this

Candidates may think that encryption and logs provide comprehensive protection, overlooking that logs are not a backup mechanism and cannot restore deleted or overwritten objects.

Enable S3 bucket policies that deny DeleteObject, but do not enable versioning or replication.Wrong answer — click to see why

Why this is wrong here

Denying DeleteObject via bucket policy does not protect against regional disasters, and if an operator deletes objects, they are still permanently lost because versioning is not enabled. Overwritten objects are also unrecoverable.

★ When this WOULD be the correct answer

A question requiring prevention of accidental deletion by unauthorized users (e.g., preventing a junior admin from deleting objects) where versioning is already enabled and disaster recovery is not a concern. The policy would block delete API calls while versioning retains previous versions.

Why candidates choose this

Candidates think a bucket policy denying deletes is a simple, low-cost solution that directly prevents operator mistakes, overlooking the need for versioning to recover already-deleted objects and the lack of regional disaster protection.

Analysis generated from the official SAA-C03blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates may think a bucket policy denying DeleteObject is sufficient to prevent data loss, but it does not protect against overwrites, authorized user mistakes, or regional disasters, and without versioning, deleted objects are permanently lost.

Detailed technical explanation

How to think about this question

S3 Versioning works by assigning a unique version ID to each object upload; when an object is deleted, a delete marker is inserted instead of removing the underlying data, and you can restore the object by deleting the delete marker. Cross-Region Replication (CRR) asynchronously replicates objects to a destination bucket in a different AWS Region, and when configured with versioning, it replicates all versions, including delete markers (if enabled), ensuring data durability across regions. The combination of versioning and CRR provides a robust recovery mechanism against both accidental deletions and regional outages, with a Recovery Point Objective (RPO) typically within minutes.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A media company stores terabytes of video archives that are accessed once a year for audit purposes. Moving these objects to a cold storage tier (Azure Archive, S3 Glacier, or Google Nearline) costs a fraction of hot storage. Questions like this test whether you understand storage tiers, access frequency tradeoffs, and retrieval latency requirements.

Quick reference

AWS S3 Storage Class Comparison

Storage ClassMin DurationRetrievalUse Case
S3 StandardNoneImmediateFrequently accessed data
S3 Standard-IA30 daysImmediateInfrequent access, rapid retrieval
S3 One Zone-IA30 daysImmediateNon-critical infrequent data
S3 Intelligent-TieringNoneImmediate–hoursUnknown or changing access patterns
S3 Glacier Instant90 daysMillisecondsArchive with instant retrieval
S3 Glacier Flexible90 daysMinutes–hoursArchive, flexible retrieval
S3 Glacier Deep Archive180 daysHoursLong-term compliance archive

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related SAA-C03 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SAA-C03 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SAA-C03 question test?

Design Resilient Architectures — This question tests Design Resilient Architectures — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Enable S3 versioning on the bucket and configure cross-Region replication so previous versions are available after regional loss and accidental deletion. — Option A is correct because enabling S3 Versioning preserves all object versions, including overwrites and deletions (which become delete markers), allowing you to restore deleted objects by removing the delete marker. Cross-Region Replication (CRR) replicates both current and previous versions to a secondary Region, protecting against regional disasters. Together, they ensure recovery even if objects are deleted and later overwritten, meeting all requirements.

What should I do if I get this SAA-C03 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

8 more ways this is tested on SAA-C03

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. A ticket booking system stores uploaded documents in S3. The business requires a copy in another AWS Region for disaster recovery. What should be configured?

medium
  • A.S3 lifecycle transition to Glacier Flexible Retrieval
  • B.An EBS snapshot schedule
  • C.S3 Cross-Region Replication with versioning enabled
  • D.A CloudFront distribution

Why C: S3 Cross-Region Replication (CRR) with versioning enabled automatically copies objects from a source bucket in one AWS Region to a destination bucket in another Region, meeting the disaster recovery requirement for a geographically separate copy. Versioning must be enabled on both buckets to support replication of all object versions, ensuring consistency and recoverability. This is the native S3 feature designed for cross-region data redundancy without custom scripting or third-party tools.

Variation 2. A ticket booking system stores uploaded documents in S3. The business requires a copy in another AWS Region for disaster recovery. What should be configured? The architecture review board prefers a managed AWS-native control.

medium
  • A.S3 lifecycle transition to Glacier Flexible Retrieval
  • B.An EBS snapshot schedule
  • C.S3 Cross-Region Replication with versioning enabled
  • D.A CloudFront distribution

Why C: S3 Cross-Region Replication (CRR) is a fully managed AWS-native feature that automatically replicates objects from a source S3 bucket in one AWS Region to a destination bucket in another Region, meeting the disaster recovery requirement for a geographically separate copy. Enabling versioning on both buckets is mandatory for CRR to function, as it tracks object versions and ensures consistency during replication.

Variation 3. A ticket booking system stores uploaded documents in S3. The business requires a copy in another AWS Region for disaster recovery. What should be configured? The design must avoid adding custom operational scripts.

medium
  • A.S3 lifecycle transition to Glacier Flexible Retrieval
  • B.An EBS snapshot schedule
  • C.S3 Cross-Region Replication with versioning enabled
  • D.A CloudFront distribution

Why C: S3 Cross-Region Replication (CRR) automatically replicates objects from a source bucket in one AWS Region to a destination bucket in another Region, providing a disaster recovery copy without custom scripts. Enabling versioning on both buckets is a prerequisite for CRR, ensuring that all object versions are replicated and that the destination bucket can maintain a complete history of changes.

Variation 4. A media company stores original uploads in an S3 bucket. They must recover from accidental overwrites/deletes and also recover quickly from a full Region outage. The required RPO is about 1 hour. Which configuration best meets these requirements?

medium
  • A.Enable an S3 lifecycle policy to transition objects to Glacier after 7 days without enabling versioning.
  • B.Enable S3 cross-Region replication (CRR) but leave the bucket without versioning enabled.
  • C.Enable S3 versioning and configure cross-Region replication to a bucket in another Region.
  • D.Rely on frequent EBS snapshots of a temporary cache used during uploads.

Why C: Option C is correct because enabling S3 versioning protects against accidental overwrites and deletes by preserving all object versions, while cross-Region replication (CRR) asynchronously replicates objects to a bucket in another Region, enabling recovery from a full Region outage. With an RPO of about 1 hour, CRR meets this requirement as replication typically completes within minutes to a few hours, and versioning ensures point-in-time recovery of previous object states.

Variation 5. A media company stores original uploads in an S3 bucket. They must recover from accidental overwrites/deletes and also recover quickly from a full Region outage. The required RPO is about 1 hour. Which configuration best meets these requirements?

medium
  • A.Enable an S3 lifecycle policy to transition objects to Glacier after 7 days without enabling versioning.
  • B.Enable S3 cross-Region replication (CRR) but leave the bucket without versioning enabled.
  • C.Enable S3 versioning and configure cross-Region replication to a bucket in another Region.
  • D.Rely on frequent EBS snapshots of a temporary cache used during uploads.

Why C: Option C is correct because enabling S3 versioning protects against accidental overwrites and deletes by preserving all object versions, while cross-Region replication (CRR) asynchronously replicates objects to a bucket in another Region, providing recovery from a full Region outage. With versioning enabled, CRR replicates both current and previous object versions, meeting the ~1-hour RPO (typically within minutes for new objects) and ensuring data durability across Regions.

Variation 6. A team uses an S3 bucket to store important customer-generated exports. They need protection against accidental overwrites and also want copies of the data in another AWS Region for disaster recovery. Which S3 configuration best satisfies both requirements?

easy
  • A.Enable S3 lifecycle policies to automatically move objects to Glacier after 30 days only.
  • B.Enable S3 versioning and configure Cross-Region Replication to a destination bucket in another Region.
  • C.Disable all versioning and rely on AWS Backup to restore objects from a scheduled backup window.
  • D.Enable S3 Block Public Access and SSE-S3 encryption, without using versioning or replication.

Why B: Option B is correct because enabling S3 versioning protects against accidental overwrites by preserving all object versions, allowing recovery of previous versions. Configuring Cross-Region Replication (CRR) automatically replicates objects to a destination bucket in another AWS Region, providing disaster recovery by maintaining a copy of the data in a separate geographic location.

Variation 7. A team uses an S3 bucket to store important customer-generated exports. They need protection against accidental overwrites and also want copies of the data in another AWS Region for disaster recovery. Which S3 configuration best satisfies both requirements?

easy
  • A.Enable S3 lifecycle policies to automatically move objects to Glacier after 30 days only.
  • B.Enable S3 versioning and configure Cross-Region Replication to a destination bucket in another Region.
  • C.Disable all versioning and rely on AWS Backup to restore objects from a scheduled backup window.
  • D.Enable S3 Block Public Access and SSE-S3 encryption, without using versioning or replication.

Why B: Option B is correct because enabling S3 versioning protects against accidental overwrites by preserving previous versions of objects, and configuring Cross-Region Replication (CRR) automatically replicates objects to a destination bucket in another AWS Region, providing disaster recovery. This combination meets both requirements without manual intervention.

Variation 8. Your media processing pipeline writes original uploads to an S3 bucket and later generates derivative files. An operator accidentally deletes a subset of original uploads in production. You need to (1) restore the deleted objects with minimal data loss and (2) protect against both regional disasters and future operator mistakes. The company requires recovery even if objects are deleted and later overwritten. What is the most effective change to meet these requirements?

medium
  • A.Enable S3 versioning on the bucket and configure cross-Region replication so previous versions are available after regional loss and accidental deletion.
  • B.Move all objects to S3 Glacier Instant Retrieval and apply a lifecycle policy to keep only the latest object copy.
  • C.Use S3 server-side encryption with KMS keys and rely on access logs to manually recover the deleted objects.
  • D.Enable S3 bucket policies that deny DeleteObject, but do not enable versioning or replication.

Why A: Option A is correct because enabling S3 Versioning preserves all object versions, including deleted markers and overwritten objects, allowing recovery from accidental deletions. Cross-Region Replication (CRR) replicates both current and previous versions to a secondary region, providing protection against regional disasters. This combination ensures that even if objects are deleted and later overwritten, the original versions remain recoverable in both the source and destination buckets.

Keep practising

More SAA-C03 practice questions

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This SAA-C03 practice question is part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SAA-C03 exam.