Answer-first summary for fast verification
Answer: Using Amazon S3 with S3 Object Lock in compliance mode., Applying server-side encryption with AWS KMS customer managed keys and setting up key rotation.
To store contract documents for a 5-year period ensuring they cannot be overwritten or deleted, Amazon S3 with S3 Object Lock in compliance mode (Option B) should be used. Compliance mode ensures that the data cannot be altered or deleted by any user, including the root user. For encryption at rest with automatic annual key rotation, server-side encryption with AWS Key Management Service (AWS KMS) customer managed keys (Option D) is recommended. AWS KMS allows for automatic key rotation which reduces operational overhead. Hence, the correct answers are B and D.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How should a solutions architect store contract documents for a 5-year period, ensuring immutability and automatic annual key rotation with minimal operational overhead?
A
Using Amazon S3 with S3 Object Lock in governance mode.
B
Using Amazon S3 with S3 Object Lock in compliance mode.
C
Applying server-side encryption with SSE-S3 and setting up key rotation.
D
Applying server-side encryption with AWS KMS customer managed keys and setting up key rotation.
E
Applying server-side encryption with AWS KMS customer provided keys and setting up key rotation.
No comments yet.