ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 15 · Domain 1.3: Data Security
A financial institution needs to store regulatory records in Amazon S3. The records must not be deleted or overwritten by any user, including the AWS account root user, for a period of 7 years. Which S3 feature meets this requirement?
A financial institution needs to store regulatory records in Amazon S3. The records must not be deleted or overwritten by any user, including the AWS account root user, for a period of 7 years. Which S3 feature meets this requirement?
Answer options:
A.
S3 Versioning with MFA Delete
B.
S3 Object Lock in Governance mode
C.
S3 Object Lock in Compliance mode
D.
S3 Lifecycle policies
How to approach this question
Identify the need for WORM (Write Once Read Many) storage that even the root user cannot bypass. This is S3 Object Lock in Compliance mode.
Full Answer
C.S3 Object Lock in Compliance mode✓ Correct
S3 Object Lock in Compliance mode
S3 Object Lock provides WORM storage. In Compliance mode, a protected object version can't be overwritten or deleted by any user, including the root user in your AWS account. In Governance mode, users with special permissions can alter the retention settings.
Common mistakes
Confusing Governance mode (can be bypassed) with Compliance mode (cannot be bypassed).
Practice the full AWS SAA-C03 Practice Exam 1
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02A solutions architect is designing an application that will run on Amazon EC2 instances. The appl...EasyQ03A company wants to implement a federated identity solution for its employees to access the AWS Ma...MediumQ04A mobile application needs to access Amazon DynamoDB directly to read user-specific data. The app...HardQ05A company is hosting a web application on Amazon EC2 instances. The application connects to an Am...Medium