SAA-C03 · Question #241
SAA-C03 Question #241: Real Exam Question with Answer & Explanation
The correct answer is C: Create an S3 Object Lock default retention policy that retains data for 7 years in compliance. The requirement is toprevent data deletion by any user, including administrators, for 7 years while allowing automatic deletion afterward. S3 Object Lock in Compliance Mode (Correct Choice - C) Compliance mode ensures that even the root user cannot delete or modify the objects du
Question
A company plans to use an Amazon S3 bucket to archive backup data. Regulations require the company to retain the backup data for 7 years. During the retention period, the company must prevent users, including administrators, from deleting the data. The company can delete the data after 7 years. Which solution will meet these requirements?
Options
- ACreate an S3 bucket policy that denies delete operations for 7 years. Create an S3 Lifecycle
- BCreate an S3 Object Lock default retention policy that retains data for 7 years in governance
- CCreate an S3 Object Lock default retention policy that retains data for 7 years in compliance
- DCreate an S3 Batch Operations job to set a legal hold on each object for 7 years. Create an S3
Explanation
The requirement is toprevent data deletion by any user, including administrators, for 7 years while allowing automatic deletion afterward. S3 Object Lock in Compliance Mode (Correct Choice - C) Compliance mode ensures that even the root user cannot delete or modify the objects during the retention period. After 7 years, the S3 Lifecycle policy automatically deletes the objects. This meets bothimmutability and automatic deletionrequirements. Governance Mode (Option B - Incorrect) Governance mode prevents deletion,but administrators can override it. The requirement explicitly states thateven administrators must not be able to delete the data. S3 Bucket Policy (Option A - Incorrect) An S3 bucket policy candeny deletes, but policies can be modified at any time by administrators. It does not enforce strict retention like Object Lock. S3 Batch Operations Job (Option D - Incorrect) A legal hold does not have an automatic expiration. Legal holds must be manually removed, which is not efficient. Why Option C is Correct: S3 Object Lock in Compliance Mode prevents deletion by all users, including administrators. The S3 Lifecycle policy deletes the data automatically after 7 years, reducing operational overhead.
Community Discussion
No community discussion yet for this question.