Answer-first summary for fast verification
Answer: Create new S3 buckets with S3 Object Lock enabled in compliance mode. Place objects in the S3 buckets.
The correct answer is A. S3 Object Lock in compliance mode ensures that objects cannot be overwritten or deleted by any user, including the AWS account root user. Compliance mode is a more stringent retention mode compared to governance mode, making it suited for scenarios where data must be preserved in an unalterable state. Options B, C, and D do not meet the full requirement: S3 Glacier Vault Lock targets archive storage and is not using S3 Standard storage class, while governance mode in options C and D does not fully prevent root account access without additional configurations.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A security engineer is tasked with implementing a write-once-read-many (WORM) model for data storage in Amazon S3 buckets using the S3 Standard storage class. The requirement is to prevent any user, including the AWS account root user, from overwriting or deleting the objects. Which of the following solutions will effectively meet this requirement?
A
Create new S3 buckets with S3 Object Lock enabled in compliance mode. Place objects in the S3 buckets.
B
Use S3 Glacier Vault Lock to attach a Vault Lock policy to new S3 buckets. Wait 24 hours to complete the Vault Lock process. Place objects in the S3 buckets.
C
Create new S3 buckets with S3 Object Lock enabled in governance mode. Place objects in the S3 buckets.
D
Create new S3 buckets with S3 Object Lock enabled in governance mode. Add a legal hold to the S3 buckets. Place objects in the S3 buckets.