Answer-first summary for fast verification
Answer: Turn on S3 Object Lock with compliance retention mode for the S3 bucket. Set the retention period to expire after 7 years. Use S3 Batch Operations to bring the existing data into compliance.
## Explanation **Correct Answer: D** **Why Option D is correct:** 1. **S3 Object Lock with compliance retention mode** is specifically designed for legal and regulatory compliance requirements where data must be retained for a fixed period and cannot be deleted or modified by anyone, including root users. 2. **Compliance mode** provides stronger protection than governance mode - it prevents object deletion by any user, including the root account, until the retention period expires. 3. **Using S3 Batch Operations** is the most efficient way to apply retention settings to existing objects with minimal operational overhead. S3 Batch Operations can process millions of objects with a single job, automating what would otherwise be a manual, time-consuming process. 4. This solution meets the legal requirement for 7-year retention with the least operational overhead. **Why other options are incorrect:** **Option A:** S3 Versioning with lifecycle policies and MFA delete doesn't provide the same level of legal compliance protection. Versioning tracks object versions but doesn't prevent deletion, and MFA delete only adds an extra authentication step but doesn't guarantee retention. **Option B:** Governance mode allows privileged users to override retention settings, which doesn't meet strict legal compliance requirements. Also, manually recopying all existing objects creates significant operational overhead. **Option C:** While compliance mode is correct, manually recopying all existing objects creates significant operational overhead compared to using S3 Batch Operations. **Key AWS Concepts:** - **S3 Object Lock**: Provides write-once-read-many (WORM) functionality to prevent object deletion or modification during a retention period. - **Compliance Mode**: Strongest retention mode - no one can delete or modify objects, including root users. - **Governance Mode**: Allows privileged users with specific permissions to override retention settings. - **S3 Batch Operations**: Automates large-scale operations on S3 objects, ideal for applying retention settings to existing data. - **Legal Hold**: Alternative to retention periods, but not mentioned in options. This solution ensures data immutability for exactly 7 years with minimal ongoing management.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company stores data in PDF format in an Amazon S3 bucket. The company must follow a legal requirement to retain all new and existing data in Amazon S3 for 7 years. Which solution will meet these requirements with the LEAST operational overhead?
A
Turn on the S3 Versioning feature for the S3 bucket. Configure S3 Lifecycle to delete the data after 7 years. Configure multi-factor authentication (MFA) delete for all S3 objects.
B
Turn on S3 Object Lock with governance retention mode for the S3 bucket. Set the retention period to expire after 7 years. Recopy all existing objects to bring the existing data into compliance.
C
Turn on S3 Object Lock with compliance retention mode for the S3 bucket. Set the retention period to expire after 7 years. Recopy all existing objects to bring the existing data into compliance.
D
Turn on S3 Object Lock with compliance retention mode for the S3 bucket. Set the retention period to expire after 7 years. Use S3 Batch Operations to bring the existing data into compliance.