A financial company must store regulatory documents in Amazon S3. Compliance rules dictate that the documents must be stored in a Write-Once-Read-Many (WORM) model and cannot be deleted or modified by anyone, including the AWS account root user, for exactly 7 years.<br/><br/>Which TWO actions should a solutions architect take? (Select TWO.)

Answer options:

Enable S3 Object Lock in Governance mode.

Enable S3 Object Lock in Compliance mode.

Set a retention period of 7 years.

Use an S3 bucket policy to deny the s3:DeleteObject action.

Enable S3 Versioning and MFA Delete.

How to approach this question

Differentiate between Compliance mode and Governance mode in S3 Object Lock.

Full Answer

Enable S3 Object Lock in Compliance mode.<br/>Set a retention period of 7 years.

S3 Object Lock in Compliance mode ensures objects cannot be overwritten or deleted by any user, including the root user, for the duration of the retention period. This is required for strict regulatory WORM compliance.

Common mistakes

Selecting Governance mode or thinking MFA Delete is sufficient for WORM compliance.

Question 15 All questions Question 17

Practice the full AWS SAA-C03 Practice Exam 6

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02A company has two AWS accounts: Account A for development and Account B for production. Developer...Medium Q03A mobile application needs to authenticate users using their social media accounts (Facebook, Goo...Easy Q04A company is running an application on Amazon EC2 instances. The application needs to connect to ...Medium Q05A company has 50 AWS accounts managed by AWS Organizations. The IT team wants to implement a cent...Easy

View all 65 questions →