Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 52 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 52
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has several petabytes of data. The company must preserve this data for 7 years to comply with regulatory requirements. The company's compliance team asks a security officer to develop a strategy that will prevent anyone from changing or deleting the data.
Which solution will meet this requirement MOST cost-effectively?

  • A. Create an Amazon S3 bucket. Configure the bucket to use S3 Object Lock in compliance mode. Upload the data to the bucket. Create a resource-based bucket policy that meets all the regulatory requirements.
  • B. Create an Amazon S3 bucket. Configure the bucket to use S3 Object Lock in governance mode. Upload the data to the bucket. Create a user-based IAM policy that meets all the regulatory requirements.
  • C. Create a vault in Amazon S3 Glacier. Create a Vault Lock policy in S3 Glacier that meets all the regulatory requirements. Upload the data to the vault.
  • D. Create an Amazon S3 bucket. Upload the data to the bucket. Use a lifecycle rule to transition the data to a vault in S3 Glacier. Create a Vault Lock policy that meets all the regulatory requirements.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 100fold at Oct. 18, 2023, 7:17 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
BBR01
2 months, 2 weeks ago
Selected Answer: A
For the folks voting for C with the link in the comment, it clearly says "This page is only for existing customers of the S3 Glacier service using Vaults and the original REST API from 2012."
upvoted 1 times
Just_Ninja
3 weeks ago
Its C: The claim that S3 Glacier Vaults are only for existing customers using the original 2012 API is incorrect. While newer S3 Glacier Storage Classes have been introduced, S3 Glacier Vaults with Vault Lock are still fully supported and available for both new and existing customers. Vault Lock remains a cost-effective option for securing data with WORM (Write Once, Read Many) compliance, making it ideal for long-term data storage with regulatory requirements. AWS continues to support this solution for all customers, including those setting up new Glacier Vaults​. In short, Vault Lock is not restricted to legacy customers and is available for current use.
upvoted 1 times
...
...
Sodev
6 months ago
C. Right here ! https://docs.aws.amazon.com/amazonglacier/latest/dev/getting-started-upload-archive.html
upvoted 2 times
...
Boul
6 months, 3 weeks ago
C. Petabytes of data takes a lot of storage, therefore require the cheapest storage: Glacier, if looking for a cost efficiency. The vault policy will keep it safe. D is not realistic. Uploading petabytes of data to a bucket would require a AWS Snowmobile
upvoted 1 times
...
walter_white_008
6 months, 3 weeks ago
Selected Answer: C
https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock-policy.html
upvoted 1 times
...
Raphaello
7 months, 4 weeks ago
Selected Answer: C
The data is already there, we just want to keep it for COMPLIANCE for SEVEN years. There's no need to place the date in S3 bucket then use lifecycle to move it to Glacier. Option C is correct.
upvoted 1 times
...
trashbox
9 months, 3 weeks ago
Exam on 2023-12-18
upvoted 1 times
...
kejam
11 months ago
Selected Answer: C
https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock-policy.html
upvoted 1 times
...
cjkuga
11 months, 1 week ago
Selected Answer: C
Both A and C work here but C is the MOST cost-effective.
upvoted 4 times
...
pupsik
11 months, 2 weeks ago
Selected Answer: A
Question doesn't ask for a backup solution, so Glacier is not a good fir here.
upvoted 2 times
Aamee
10 months, 2 weeks ago
No, it clearly states that "The company must preserve this data for 7 years"... so how would you keep such large data safe and specifically complianced with all the regulatory reqs. That's why going with C here.
upvoted 1 times
...
...
100fold
11 months, 2 weeks ago
Selected Answer: C
Correction, answer C
upvoted 2 times
...
AgboolaKun
11 months, 2 weeks ago
Selected Answer: C
The correct answer here is C. This option ticks all the boxes. Several petabytes of data + 7 years + Regulatory Compliance + MOST cost-effective solution. D is close but we don't S3 at all.
upvoted 2 times
100fold
11 months, 2 weeks ago
Thanks AgboolKun! What are your thoughts on #49? Agree with answer C as well. Can set the policy on Vault Lock that cannot be altered. https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-access-policy.html
upvoted 2 times
AgboolaKun
11 months ago
@100fold, I agree with your answer (C) in #49. There is no better option to C!! I upvoted your answer already!!
upvoted 1 times
100fold
11 months ago
@AgboolaKun, I sat the exam Friday and marked 926. 80% from this study were on my exam. 6-7 new questions, one related to AWS KMS keyrings. Good luck everyone!
upvoted 5 times
kejam
11 months ago
Were most questions from examtopics aws-certified-security-specialty-scs-c02 ? or also the previous one for aws-certified-security-specialty-scs-c01 ?
upvoted 1 times
100fold
10 months, 3 weeks ago
@kejam I studied both SCS-C02 & SCS-01, but 80%+- were from this C02 study. You’ll notice C01questions are merged. The other % were totally new questions. My access expires today so I can’t comment further, but good luck you’ll be good with this C02 study 👍
upvoted 3 times
...
...
Load full discussion...
...
...
...
...
100fold
11 months, 3 weeks ago
Selected Answer: A
Answer A. Compliance mode will prevent anyone from changing or deleting the data including the root user. Requested by the company's compliance team. https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html
upvoted 1 times
100fold
11 months, 2 weeks ago
Correction to Answer C. https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-access-policy.html
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel