Explanation:

S3 Object Lock compliance mode prevents any user — including the root user and AWS — from deleting or overwriting objects during the retention period. Governance mode, by contrast, allows users with special IAM permissions to override the lock. Only compliance mode satisfies the requirement that even the root user cannot modify the data.

Question 4.
A company stores customer records in Amazon S3. The company must not delete or modify the customer record data for 7 years after each record is created. The root user also must not have the ability to delete or modify the data. A data engineer wants to use S3 Object Lock to secure the data. Which solution will meet these requirements?

Exam-Like

Community

RRitesh

Last updated: May 4, 2026 at 14:51

Enable governance mode on the S3 bucket. Use a default retention period of 7 years.

Enable compliance mode on the S3 bucket. Use a default retention period of 7 years.

Place a legal hold on individual objects in the S3 bucket. Set the retention period to 7 years.

Set the retention period for individual objects in the S3 bucket to 7 years.

AWS Certified Data Engineer - Associate

Get started today

Get started today

Comments (0)