AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company needs to store its accounting records in Amazon S3. The records must be immediately accessible for 1 year and then must be archived for an additional 9 years. No one at the company, including administrative users and root users, can be able to delete the records during the entire 10-year period. The records must be stored with maximum resiliency.

Which solution will meet these requirements?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Store the records in S3 Glacier for the entire 10-year period. Use an access control policy to deny deletion of the records for a period of 10 years.

Store the records by using S3 Intelligent-Tiering. Use an IAM policy to deny deletion of the records. After 10 years, change the IAM policy to allow deletion.

Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years.

Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 year. Use S3 Object Lock in governance mode for a period of 10 years.

Explanation:

Explanation

Correct Answer: C

Why Option C is correct:

Immediate accessibility for 1 year: S3 Standard provides immediate access to objects.
Archive for additional 9 years: S3 Lifecycle policy transitions objects to S3 Glacier Deep Archive after 1 year, which is suitable for long-term archival.
No one can delete during 10-year period: S3 Object Lock in compliance mode ensures that no one (including root users) can delete or modify objects during the retention period. Compliance mode provides the strongest protection.
Maximum resiliency: S3 Standard and S3 Glacier Deep Archive both provide high durability (99.999999999% - 11 nines).

Why other options are incorrect:

Option A:

S3 Glacier doesn't provide immediate accessibility (retrieval times range from minutes to hours)
Access control policies can be overridden by root users
Doesn't meet the "immediately accessible for 1 year" requirement

Option B:

IAM policies can be changed by administrators, so they don't provide immutable protection
Doesn't prevent root users from deleting objects
Doesn't meet the requirement that "no one" can delete records

Option D:

S3 One Zone-IA doesn't provide maximum resiliency (only stores data in one availability zone)
S3 Object Lock in governance mode allows some users with special permissions to delete objects
Doesn't meet the "maximum resiliency" requirement

Key AWS Concepts:

S3 Object Lock: Provides WORM (Write Once Read Many) protection
- Compliance mode: No one can delete or modify objects during retention period
- Governance mode: Some users with special permissions can delete objects
S3 Lifecycle policies: Automate transitions between storage classes
S3 Glacier Deep Archive: Lowest-cost storage for long-term archival (retrieval times 12+ hours)
Maximum resiliency: Requires storage across multiple availability zones (not S3 One Zone-IA)

Powered ByGPT-5.2

Comments

Loading comments...