A financial institution must store compliance records in Amazon S3 for 7 years. The records must not be deleted or modified by anyone, including the AWS account root user, during this period. Which S3 feature meets this requirement?

Answer options:

S3 Versioning with MFA Delete

S3 Object Lock in Governance mode

S3 Object Lock in Compliance mode

S3 Lifecycle policies

How to approach this question

Look for 'cannot be deleted by anyone, including root'. This requires S3 Object Lock in Compliance mode.

Full Answer

C.S3 Object Lock in Compliance mode✓ Correct

S3 Object Lock in Compliance mode provides strict WORM protection. Once applied, the retention period cannot be shortened, and objects cannot be deleted or overwritten by any user, including the root user.

Common mistakes

Selecting Governance mode, which can be bypassed by privileged users.

Question 12 All questions Question 14

Practice the full AWS SAA-C03 Practice Exam 3

65 questions · hints · full answers · grading

More questions from this exam

Q01A company stores sensitive documents in an Amazon S3 bucket. The security team requires that only...Easy Q02A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...Medium Q03A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (AL...Easy Q04A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized ...Medium Q05A company needs to encrypt data at rest in Amazon RDS and manage database credentials securely. T...Medium

View all 65 questions →