Answer-first summary for fast verification
Answer: Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years.
## Explanation **Correct Answer: C** **Why Option C is correct:** 1. **Immediate accessibility for 1 year**: S3 Standard provides immediate access to objects. 2. **Archive for additional 9 years**: S3 Lifecycle policy transitions objects to S3 Glacier Deep Archive after 1 year, which is suitable for long-term archival. 3. **No one can delete during 10-year period**: S3 Object Lock in **compliance mode** ensures that no one (including root users) can delete or modify objects during the retention period. Compliance mode provides the strongest protection. 4. **Maximum resiliency**: S3 Standard and S3 Glacier Deep Archive both provide high durability (99.999999999% - 11 nines). **Why other options are incorrect:** **Option A**: - S3 Glacier doesn't provide immediate accessibility (retrieval times range from minutes to hours) - Access control policies can be overridden by root users - Doesn't meet the "immediately accessible for 1 year" requirement **Option B**: - IAM policies can be changed by administrators, so they don't provide immutable protection - Doesn't prevent root users from deleting objects - Doesn't meet the requirement that "no one" can delete records **Option D**: - S3 One Zone-IA doesn't provide maximum resiliency (only stores data in one availability zone) - S3 Object Lock in governance mode allows some users with special permissions to delete objects - Doesn't meet the "maximum resiliency" requirement **Key AWS Concepts:** - **S3 Object Lock**: Provides WORM (Write Once Read Many) protection - **Compliance mode**: No one can delete or modify objects during retention period - **Governance mode**: Some users with special permissions can delete objects - **S3 Lifecycle policies**: Automate transitions between storage classes - **S3 Glacier Deep Archive**: Lowest-cost storage for long-term archival (retrieval times 12+ hours) - **Maximum resiliency**: Requires storage across multiple availability zones (not S3 One Zone-IA)
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company needs to store its accounting records in Amazon S3. The records must be immediately accessible for 1 year and then must be archived for an additional 9 years. No one at the company, including administrative users and root users, can be able to delete the records during the entire 10-year period. The records must be stored with maximum resiliency.
Which solution will meet these requirements?
A
Store the records in S3 Glacier for the entire 10-year period. Use an access control policy to deny deletion of the records for a period of 10 years.
B
Store the records by using S3 Intelligent-Tiering. Use an IAM policy to deny deletion of the records. After 10 years, change the IAM policy to allow deletion.
C
Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years.
D
Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 year. Use S3 Object Lock in governance mode for a period of 10 years.