Answer-first summary for fast verification
Answer: Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled.
## Explanation **Correct Answer: A** **Why Option A is correct:** 1. **S3 Object Lock** is specifically designed for regulatory compliance requirements where objects need to be immutable (cannot be modified or deleted) for a specific retention period or indefinitely. 2. **S3 Versioning** works with Object Lock to prevent deletion of objects - when Object Lock is enabled, even if you try to delete an object, it creates a delete marker but the actual object version remains protected. 3. Object Lock provides two modes: - **Governance mode**: Users with special permissions can override retention settings - **Compliance mode**: No one can override the retention settings, not even the root AWS account 4. This combination meets the regulatory requirement that "new documents cannot be modified or deleted after they are stored." **Why other options are incorrect:** **Option B:** S3 Lifecycle policies are for transitioning objects between storage classes (like moving to Glacier) or expiring objects. They don't prevent modification or deletion of objects. **Option C:** S3 Versioning alone doesn't prevent deletion - it only preserves previous versions when objects are overwritten. ACLs restricting access to read-only can be bypassed by users with appropriate permissions and don't provide true immutability. **Option D:** Amazon EFS with read-only mounting doesn't prevent modification or deletion at the file system level. Users with appropriate permissions could still modify or delete files, and EFS doesn't have built-in immutability features like S3 Object Lock. **Key AWS Services:** - **S3 Object Lock**: Provides write-once-read-many (WORM) functionality - **S3 Versioning**: Preserves all versions of an object - **Compliance Mode**: Ensures objects cannot be deleted or overwritten by anyone, including the root AWS account This solution is commonly used for regulatory compliance in industries like healthcare (HIPAA), finance (SEC Rule 17a-4), and other sectors requiring data immutability.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has a production web application in which users upload documents through a web interface or a mobile app. According to a new regulatory requirement, new documents cannot be modified or deleted after they are stored. What should a solutions architect do to meet this requirement?
A
Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled.
B
Store the uploaded documents in an Amazon S3 bucket. Configure an S3 Lifecycle policy to archive the documents periodically.
C
Store the uploaded documents in an Amazon S3 bucket with S3 Versioning enabled. Configure an ACL to restrict all access to read-only.
D
Store the uploaded documents on an Amazon Elastic File System (Amazon EFS) volume. Access the data by mounting the volume in read-only mode.