A security engineer is tasked with implementing a write-once-read-many (WORM) model for data storage in Amazon S3 buckets using the S3 Standard storage class. The requirement is to prevent any user, including the AWS account root user, from overwriting or deleting the objects. Which of the following solutions will effectively meet this requirement?

Exam-Like

Create new S3 buckets with S3 Object Lock enabled in compliance mode. Place objects in the S3 buckets.

63.6%

Use S3 Glacier Vault Lock to attach a Vault Lock policy to new S3 buckets. Wait 24 hours to complete the Vault Lock process. Place objects in the S3 buckets.

9.1%

Create new S3 buckets with S3 Object Lock enabled in governance mode. Place objects in the S3 buckets.

18.2%

Create new S3 buckets with S3 Object Lock enabled in governance mode. Add a legal hold to the S3 buckets. Place objects in the S3 buckets.

9.1%

AWS Certified Security - Specialty

Get started today

Comments