AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company wants to implement a backup strategy for Amazon EC2 data and multiple Amazon S3 buckets. Because of regulatory requirements, the company must retain backup files for a specific time period. The company must not alter the files for the duration of the retention period.

Which solution will meet these requirements?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Use AWS Backup to create a backup vault that has a vault lock in governance mode. Create the required backup plan.

Use Amazon Data Lifecycle Manager to create the required automated snapshot policy.

Use Amazon S3 File Gateway to create the backup. Configure the appropriate S3 Lifecycle management.

Use AWS Backup to create a backup vault that has a vault lock in compliance mode. Create the required backup plan.

Explanation:

Explanation

The correct answer is D because:

AWS Backup with Compliance Mode Vault Lock provides the strongest protection for regulatory requirements:
- Compliance mode prevents anyone (including the root user) from deleting or modifying backups during the retention period
- Once locked, the retention settings cannot be changed or shortened
- This meets the requirement that "the company must not alter the files for the duration of the retention period"
Why not option A (Governance Mode):
- Governance mode allows users with special permissions to override retention settings
- It doesn't provide the same level of immutability required for strict regulatory compliance
Why not option B (Amazon Data Lifecycle Manager):
- This only handles EBS snapshots, not S3 buckets
- Doesn't provide the same vault lock protection for immutability
Why not option C (S3 File Gateway with Lifecycle):
- S3 Lifecycle management helps with storage tiering but doesn't prevent file alteration
- S3 File Gateway is for hybrid storage, not comprehensive backup management
- Doesn't provide the required immutability protection

Key AWS Services:

AWS Backup: Centralized backup service for EC2, S3, and other AWS services
Backup Vault Lock: Provides WORM (Write Once Read Many) protection
- Governance mode: Allows privileged users to override
- Compliance mode: No one can override - perfect for regulatory requirements

This solution ensures that backup files remain unaltered throughout the retention period, meeting strict regulatory compliance needs.

Powered ByGPT-5.2

Comments

Loading comments...