ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 12 · Domain 1.3: Data Security
A financial institution must store regulatory documents in Amazon S3 for 7 years. During this time, the documents cannot be deleted or modified by anyone, including the AWS account root user. Which S3 feature should be used?
A financial institution must store regulatory documents in Amazon S3 for 7 years. During this time, the documents cannot be deleted or modified by anyone, including the AWS account root user. Which S3 feature should be used?
Answer options:
A.
S3 Object Lock in Governance mode.
B.
S3 Object Lock in Compliance mode.
C.
S3 Versioning with MFA Delete.
D.
AWS Backup Vault Lock.
How to approach this question
Distinguish between S3 Object Lock Governance mode (can be bypassed) and Compliance mode (cannot be bypassed).
Full Answer
B.S3 Object Lock in Compliance mode.✓ Correct
S3 Object Lock in Compliance mode.
S3 Object Lock in Compliance mode ensures that an object version cannot be overwritten or deleted by any user, including the root user in your AWS account, for the duration of the retention period.
Common mistakes
Selecting Governance mode, which is less strict.
Practice the full AWS SAA-C03 Practice Exam 5
65 questions · hints · full answers · grading
More questions from this exam
Q01A company needs to grant an external auditor read-only access to specific AWS resources. The audi...EasyQ02An application running on EC2 instances needs to access objects in an S3 bucket. The security tea...MediumQ03A company is designing a VPC for a multi-tier web application. They need to block specific malici...MediumQ04A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...HardQ05A company hosts a web application on an Application Load Balancer (ALB). They are experiencing SQ...Medium