A law firm needs to publish hundreds of files so the public can read them. Modifications or deletions by anyone before a specified future date must be prevented. Which solution meets these requirements in the MOST secure way?
Choose an answer
Tap an option to check your answer.
Correct answer: Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period that covers the designated date. Configure the bucket for static website hosting and set an S3 bucket policy to allow read-only access to the objects..
Why this is the answer
The correct answer leverages S3 Object Lock in compliance mode, which prevents objects from being overwritten or deleted by any user, including the root user, until the retention period expires. Enabling S3 Versioning is a prerequisite for Object Lock. Static website hosting allows public access, and a bucket policy grants read-only permissions. The first incorrect option relies solely on IAM permissions, which can be overridden by users with sufficient privileges, failing to prevent modifications or deletions. The third incorrect option uses a Lambda function for recovery, which is reactive and doesn't prevent the initial modification or deletion, making it less secure than Object Lock. The fourth incorrect option incorrectly states that Object Lock can be applied to a "folder" within S3; Object Lock applies at the object or bucket level, not to prefixes (folders).
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed