Answer-first summary for fast verification
Answer: By enabling S3 Object Lock, versioning, applying legal holds, and granting s3:PutObjectLegalHold permission to authorized IAM users.
The correct answer is D. Enabling S3 Object Lock with versioning, adding legal holds to the objects, and granting the s3:PutObjectLegalHold permission to authorized IAM users will ensure that the data remains immutable until explicitly changed by authorized users. Legal holds prevent objects from being deleted, and you can control who can set and remove these holds through IAM policies. This setup meets the company’s requirements for data immutability and selective deletion permissions.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How should a solutions architect configure Amazon S3 to ensure that data remains immutable until explicitly changed by authorized users, and only those users can delete the objects?
A
By creating an S3 Glacier vault and applying a WORM policy.
B
By enabling S3 Object Lock with a 100-year governance mode retention period and versioning.
C
By using AWS CloudTrail to monitor and restore from backup in case of unauthorized modifications.
D
By enabling S3 Object Lock, versioning, applying legal holds, and granting s3:PutObjectLegalHold permission to authorized IAM users.
No comments yet.