ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 895 discussion

Exam question from Amazon's AWS-SysOps
Question #: 895
Topic #: 1
[All AWS-SysOps Questions]

A company needs to implement a system for object-based storage in a write-once, read-many (WORM) model. Objects cannot be deleted or changed after they are stored, even by an AWS account root user or administrators.
Which solution will meet these requirements?

  • A. Set up Amazon S3 Cross-Region Replication and run daily updates.
  • B. Set up Amazon S3 Object Lock in governance mode with S3 Versioning enabled.
  • C. Set up Amazon S3 Object Lock in compliance mode with S3 Versioning enabled.
  • D. Set up an Amazon S3 Lifecycle policy to move the objects to Amazon S3 Glacier.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://aws.amazon.com/blogs/storage/protecting-data-with-amazon-s3-object-lock/
by krishna2812 at May 3, 2021, 8:32 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
albert_kuo
10 months ago
Selected Answer: C
• Object versions can't be overwritten or deleted by any user, including the root user • Objects retention modes can't be changed, and retention periods can't be shortened
upvoted 1 times
...
Finger41
1 year, 11 months ago
Selected Answer: C
https://aws.amazon.com/blogs/storage/protecting-data-with-amazon-s3-object-lock/
upvoted 1 times
...
Cyril_the_Squirl
2 years, 8 months ago
C is Correct. You should use the Compliance mode if you have a requirement to store compliant data. You should only use the Compliance mode if you never want any user, including the root user in your AWS account, to be able to delete the objects during a pre-defined retention period.
upvoted 1 times
...
RicardoD
2 years, 8 months ago
C is the answer Compliance mode needs to be used in order to forbid Root user to delete files
upvoted 1 times
...
Reilgh
2 years, 8 months ago
C - Governance mode allows deletion based on special permissions. Where as Compliance mode doesn't even allow Root users to delete.
upvoted 2 times
...
DoktaDee
2 years, 8 months ago
You should use the Governance mode if you want to protect objects from being deleted by most users during a pre-defined retention period, but at the same time want some users with special permissions to have the flexibility to alter the retention settings or delete the objects. Users with the s3:BypassGovernanceRetention permission can override or remove governance-mode retention settings. Most customers will use the Governance mode since they don’t have compliant storage requirements. You should use the Compliance mode if you have a requirement to store compliant data. You should only use the Compliance mode if you never want any user, including the root user in your AWS account, to be able to delete the objects during a pre-defined retention period. Answer C . https://aws.amazon.com/blogs/storage/protecting-data-with-amazon-s3-object-lock/
upvoted 4 times
...
Rijndael
2 years, 9 months ago
C - Compliance Mode https://aws.amazon.com/blogs/storage/protecting-data-with-amazon-s3-object-lock/ https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html
upvoted 1 times
...
binhdt2611
2 years, 9 months ago
it should be C n compliance mode, a protected object version can't be overwritten or deleted by any user, including the root user in your AWS account. When an object is locked in compliance mode, its retention mode can't be changed, and its retention period can't be shortened. Compliance mode helps ensure that an object version can't be overwritten or deleted for the duration of the retention period. If B, we can still delete object if we have a special permission https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html
upvoted 1 times
...
Rambogan12
2 years, 9 months ago
C is the answer https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html
upvoted 3 times
...
krishna2812
2 years, 9 months ago
B is good
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel