Answer: Use AWS Backup to create a backup vault that has a vault lock in compliance mode. Create the required backup plan.

## Explanation The correct answer is **D** because: 1. **AWS Backup with Compliance Mode Vault Lock** provides the strongest protection for regulatory requirements: - **Compliance mode** prevents anyone (including the root user) from deleting or modifying backups during the retention period - Once locked, the retention settings cannot be changed or shortened - This meets the requirement that "the company must not alter the files for the duration of the retention period" 2. **Why not option A (Governance Mode)**: - Governance mode allows users with special permissions to override retention settings - It doesn't provide the same level of immutability required for strict regulatory compliance 3. **Why not option B (Amazon Data Lifecycle Manager)**: - This only handles EBS snapshots, not S3 buckets - Doesn't provide the same vault lock protection for immutability 4. **Why not option C (S3 File Gateway with Lifecycle)**: - S3 Lifecycle management helps with storage tiering but doesn't prevent file alteration - S3 File Gateway is for hybrid storage, not comprehensive backup management - Doesn't provide the required immutability protection **Key AWS Services**: - **AWS Backup**: Centralized backup service for EC2, S3, and other AWS services - **Backup Vault Lock**: Provides WORM (Write Once Read Many) protection - **Governance mode**: Allows privileged users to override - **Compliance mode**: No one can override - perfect for regulatory requirements This solution ensures that backup files remain unaltered throughout the retention period, meeting strict regulatory compliance needs.

Author: LeetQuiz Editorial Team