A company must store accounting records in Amazon S3. Records must be immediately accessible for 1 year and then archived for an additional 9 years. No one at the company, including administrators and the root user, can delete the records during the entire 10-year period. The records must be stored with maximum resiliency. Which solution meets these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years..
Why this is the answer
The correct solution uses an S3 Lifecycle policy to manage storage tiers and S3 Object Lock in compliance mode for immutability. S3 Standard provides immediate access for the first year. After 1 year, the Lifecycle policy transitions objects to S3 Glacier Deep Archive, which is cost-effective for long-term archiving. S3 Object Lock in compliance mode prevents deletion or modification by any user, including the root user, for the specified 10-year retention period, meeting the strict immutability requirement. Incorrect options: Storing directly in S3 Glacier would not provide immediate accessibility for the first year. An access control policy alone cannot prevent deletion by the root user or accounts with sufficient permissions. S3 Intelligent-Tiering manages transitions but doesn't enforce immutability. An IAM policy can be changed, allowing deletion. S3 One Zone-IA is not as resilient as S3 Glacier Deep Archive for long-term archives, and governance mode for S3 Object Lock allows privileged users to delete objects, failing the "no one can delete" requirement.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed