ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 13 · Domain 1.3: Data Security
A financial institution must store compliance records in Amazon S3 for 7 years. The records must not be deleted or modified by anyone, including the AWS account root user, during this period. Which S3 feature meets this requirement?
A financial institution must store compliance records in Amazon S3 for 7 years. The records must not be deleted or modified by anyone, including the AWS account root user, during this period. Which S3 feature meets this requirement?
Answer options:
A.
S3 Versioning with MFA Delete
B.
S3 Object Lock in Governance mode
C.
S3 Object Lock in Compliance mode
D.
S3 Lifecycle policies
How to approach this question
Look for 'cannot be deleted by anyone, including root'. This requires S3 Object Lock in Compliance mode.
Full Answer
C.S3 Object Lock in Compliance mode✓ Correct
S3 Object Lock in Compliance mode
S3 Object Lock in Compliance mode provides strict WORM protection. Once applied, the retention period cannot be shortened, and objects cannot be deleted or overwritten by any user, including the root user.
Common mistakes
Selecting Governance mode, which can be bypassed by privileged users.
Practice the full AWS SAA-C03 Practice Exam 3
65 questions · hints · full answers · grading
More questions from this exam
Q01A company stores sensitive documents in an Amazon S3 bucket. The security team requires that only...EasyQ02A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...MediumQ03A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (AL...EasyQ04A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized ...MediumQ05A company needs to encrypt data at rest in Amazon RDS and manage database credentials securely. T...Medium