ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 16 · Domain 1.3: Data Security
A financial institution needs to store highly sensitive regulatory documents in Amazon S3. The documents must be protected from deletion or modification for exactly 7 years to meet compliance requirements. Which S3 feature should a solutions architect recommend?
A financial institution needs to store highly sensitive regulatory documents in Amazon S3. The documents must be protected from deletion or modification for exactly 7 years to meet compliance requirements. Which S3 feature should a solutions architect recommend?
Answer options:
A.
S3 Versioning with MFA Delete
B.
S3 Object Lock in Governance mode
C.
S3 Object Lock in Compliance mode
D.
S3 Lifecycle policies
How to approach this question
Look for 'protected from deletion' and 'compliance requirements'. S3 Object Lock in Compliance mode is the WORM (Write Once Read Many) solution.
Full Answer
C.S3 Object Lock in Compliance mode✓ Correct
S3 Object Lock in Compliance mode
S3 Object Lock in Compliance mode prevents any user, including the AWS account root user, from deleting or overwriting an object for a specified duration.
Common mistakes
Confusing Governance mode (can be bypassed) with Compliance mode (cannot be bypassed).
Practice the full AWS SAA-C03 Practice Exam 7
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team needs...MediumQ02An application runs on Amazon EC2 instances and needs to access an Amazon S3 bucket. What is the ...EasyQ03A company wants to implement federated access to the AWS Management Console for its employees usi...MediumQ04A company is building a mobile application that requires users to sign in using their social medi...EasyQ05A security team wants to enforce MFA for all IAM users before they can terminate EC2 instances. H...Medium