ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 539 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 539
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A law firm needs to share information with the public. The information includes hundreds of files that must be publicly readable. Modifications or deletions of the files by anyone before a designated future date are prohibited.
Which solution will meet these requirements in the MOST secure way?

  • A. Upload all flies to an Amazon S3 bucket that is configured for static website hosting. Grant read-only IAM permissions to any AWS principals that access the S3 bucket until the designated date.
  • B. Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period in accordance with the designated date. Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objects.
  • C. Create a new Amazon S3 bucket with S3 Versioning enabled. Configure an event trigger to run an AWS Lambda function in case of object modification or deletion. Configure the Lambda function to replace the objects with the original versions from a private S3 bucket.
  • D. Upload all files to an Amazon S3 bucket that is configured for static website hosting. Select the folder that contains the files. Use S3 Object Lock with a retention period in accordance with the designated date. Grant read-only IAM permissions to any AWS principals that access the S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kamino at Dec. 13, 2021, 7:08 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Frosticus
Highly Voted 3 years, 4 months ago
Selected Answer: B
It can't be D because "Grant read-only IAM permissions to any AWS principal" the public would not have an AWS principal. It needs to be a bucket policy for anonymous read only access.
upvoted 25 times
...
Venki_dev
Highly Voted 3 years, 2 months ago
Selected Answer: B
Answer is B You have to create a new bucket with Object lock enabled during the bucket creation You cannot use Object lock for an existing bucket (like in case of option D) (unless it was configured at the time of creation) also i just tried creating new bucket with Object lock enabled, and it shows me following message "Bucket Versioning can't be disabled when Object Lock is enabled." So in short, you have to have new bucket created, ( it will automatically have versioning enabled) also it cant be IAM permissions but bucket policies so D is ruled out in this case also
upvoted 10 times
...
BD12
Most Recent 2 years, 7 months ago
Selected Answer: D
upvoted 1 times
...
Drake21
2 years, 9 months ago
Version is enable when we want to delete the bucket/object, but the question has mention that 'No one cannot delete the files". Why we have to care about versioning
upvoted 1 times
...
queen101
2 years, 10 months ago
BBBBBBBBBBBBBB
upvoted 1 times
...
marklovesaws143
2 years, 10 months ago
Selected Answer: B
BBBBBBBBBBBBBBBBBBBBBBBB
upvoted 1 times
...
monazir
2 years, 10 months ago
the answer is D
upvoted 1 times
...
guillepower
2 years, 11 months ago
Selected Answer: B
Found this on the AWS FAQs, correct answer should be B If you’re more interested in “Who can access this S3 bucket?” then S3 bucket policies will likely suit you better. You can easily answer this by looking up a bucket and examining the bucket policy.
upvoted 1 times
...
naveenagurjara
2 years, 11 months ago
Two Points: Anyone is banned from modifying or deleting the files before to a specified future date. And Which solution satisfies these criteria the SAFEST way possible? Anyone banned means both external and internal. Safest way means more than one method... so D
upvoted 1 times
...
naveenagurjara
2 years, 11 months ago
normally B but.. it says 'no one' can alter or delete that means internal and external users.. so D may be correct...
upvoted 1 times
...
slcheng
2 years, 11 months ago
Selected Answer: B
Agreed with B
upvoted 1 times
...
bighedgedog
3 years ago
Selected Answer: B
Access to the public.
upvoted 1 times
...
Ashu_0007
3 years ago
Selected Answer: B
It must be B as object lock can be created on only new buckets
upvoted 2 times
...
mikozy
3 years, 2 months ago
D is the right answer
upvoted 1 times
...
shahzebkhan111
3 years, 3 months ago
Object lock can't be enabled on an existing bucket. To do so, the user needs to contact customer support.
upvoted 2 times
...
primeprince
3 years, 3 months ago
D is the right answer. no versioning is needed here. Read-only status guarantees no deletion or change of files.
upvoted 1 times
Six_Fingered_Jose
2 years, 10 months ago
https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html > Object Lock works only in versioned buckets
upvoted 3 times
...
...
hyks
3 years, 4 months ago
B Versioning and Object Lock
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel