AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company is partnering with a vendor to process customer data. The company uploads sensitive data files as objects into an Amazon S3 bucket, from which the vendor downloads the objects for processing. A security engineer needs to ensure that these objects do not remain in the S3 bucket for more than 72 hours. Which solution should the security engineer implement to meet this requirement?
Explanation:
The correct answer is B. Configuring an S3 Lifecycle rule on the S3 bucket to expire objects that have been in the S3 bucket for 72 hours is the most appropriate solution. S3 Lifecycle policies are specifically designed to manage objects in your S3 buckets according to your requirements. This is a built-in feature of Amazon S3 and is straightforward to implement, providing a reliable and automated way to ensure that objects are deleted after 72 hours. Other options, such as using Amazon Macie (A), EventBridge with Lambda (C), or S3 Intelligent-Tiering (D), are either not designed specifically for this purpose or overly complicated for this scenario.