Answer-first summary for fast verification
Answer: Apply S3 Object Lock in compliance mode with a 365-day retention period.
The correct answer is B. S3 Object Lock in compliance mode ensures that files cannot be modified or deleted for the specified retention period, in this case, 365 days. Governance mode (option A) does not provide the same level of protection as compliance mode. IAM roles and bucket policies (option C) can restrict access and modifications but do not inherently enforce retention periods. The Lambda function (option D) tracks modifications but does not prevent deletions or enforce retention periods automatically.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company must store medical trial results in an Amazon S3 repository, ensuring only a select group of scientists can add files, while all others have read-only access. The solution must prevent file modification or deletion and guarantee file retention for at least one year post-creation. Which approach meets these criteria?
A
Implement S3 Object Lock in governance mode with a 1-year legal hold.
B
Apply S3 Object Lock in compliance mode with a 365-day retention period.
C
Utilize an IAM role to prevent deletion or modification of S3 objects, and an S3 bucket policy to grant the role add-only access for scientists and read-only for others.
D
Enable an S3 bucket to trigger a Lambda function on new object additions, which records object hashes to detect modifications.