exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 52 discussion

A company has several petabytes of data. The company must preserve this data for 7 years to comply with regulatory requirements. The company's compliance team asks a security officer to develop a strategy that will prevent anyone from changing or deleting the data.
Which solution will meet this requirement MOST cost-effectively?

  • A. Create an Amazon S3 bucket. Configure the bucket to use S3 Object Lock in compliance mode. Upload the data to the bucket. Create a resource-based bucket policy that meets all the regulatory requirements.
  • B. Create an Amazon S3 bucket. Configure the bucket to use S3 Object Lock in governance mode. Upload the data to the bucket. Create a user-based IAM policy that meets all the regulatory requirements.
  • C. Create a vault in Amazon S3 Glacier. Create a Vault Lock policy in S3 Glacier that meets all the regulatory requirements. Upload the data to the vault.
  • D. Create an Amazon S3 bucket. Upload the data to the bucket. Use a lifecycle rule to transition the data to a vault in S3 Glacier. Create a Vault Lock policy that meets all the regulatory requirements.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
IPLogic
2 days, 7 hours ago
Selected Answer: C
To meet the requirement of preserving several petabytes of data for 7 years in a cost-effective manner while ensuring that the data cannot be changed or deleted, option C is the most suitable solution. Here's why: Creating a vault in Amazon S3 Glacier and implementing a Vault Lock policy ensures that the data is stored using a write-once-read-many (WORM) model, which prevents any changes or deletions during the specified retention period. S3 Glacier is designed for long-term storage of infrequently accessed data, making it a cost-effective choice for this use case. The Vault Lock policy will enforce compliance with regulatory requirements by ensuring that the data remains immutable for the entire retention period. This approach leverages the cost benefits of S3 Glacier for long-term storage while providing the necessary security and compliance features to meet the company's requirements.
upvoted 1 times
...
BBR01
4 months, 2 weeks ago
Selected Answer: A
For the folks voting for C with the link in the comment, it clearly says "This page is only for existing customers of the S3 Glacier service using Vaults and the original REST API from 2012."
upvoted 1 times
Just_Ninja
2 months, 3 weeks ago
Its C: The claim that S3 Glacier Vaults are only for existing customers using the original 2012 API is incorrect. While newer S3 Glacier Storage Classes have been introduced, S3 Glacier Vaults with Vault Lock are still fully supported and available for both new and existing customers. Vault Lock remains a cost-effective option for securing data with WORM (Write Once, Read Many) compliance, making it ideal for long-term data storage with regulatory requirements. AWS continues to support this solution for all customers, including those setting up new Glacier Vaults​. In short, Vault Lock is not restricted to legacy customers and is available for current use.
upvoted 1 times
...
...
Sodev
8 months ago
C. Right here ! https://docs.aws.amazon.com/amazonglacier/latest/dev/getting-started-upload-archive.html
upvoted 2 times
...
Boul
8 months, 3 weeks ago
C. Petabytes of data takes a lot of storage, therefore require the cheapest storage: Glacier, if looking for a cost efficiency. The vault policy will keep it safe. D is not realistic. Uploading petabytes of data to a bucket would require a AWS Snowmobile
upvoted 1 times
...
walter_white_008
8 months, 3 weeks ago
Selected Answer: C
https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock-policy.html
upvoted 1 times
...
Raphaello
10 months ago
Selected Answer: C
The data is already there, we just want to keep it for COMPLIANCE for SEVEN years. There's no need to place the date in S3 bucket then use lifecycle to move it to Glacier. Option C is correct.
upvoted 1 times
...
trashbox
11 months, 3 weeks ago
Exam on 2023-12-18
upvoted 1 times
...
kejam
1 year ago
Selected Answer: C
https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock-policy.html
upvoted 1 times
...
cjkuga
1 year, 1 month ago
Selected Answer: C
Both A and C work here but C is the MOST cost-effective.
upvoted 4 times
...
pupsik
1 year, 1 month ago
Selected Answer: A
Question doesn't ask for a backup solution, so Glacier is not a good fir here.
upvoted 2 times
Aamee
1 year ago
No, it clearly states that "The company must preserve this data for 7 years"... so how would you keep such large data safe and specifically complianced with all the regulatory reqs. That's why going with C here.
upvoted 1 times
...
...
100fold
1 year, 1 month ago
Selected Answer: C
Correction, answer C
upvoted 2 times
...
AgboolaKun
1 year, 1 month ago
Selected Answer: C
The correct answer here is C. This option ticks all the boxes. Several petabytes of data + 7 years + Regulatory Compliance + MOST cost-effective solution. D is close but we don't S3 at all.
upvoted 2 times
100fold
1 year, 1 month ago
Thanks AgboolKun! What are your thoughts on #49? Agree with answer C as well. Can set the policy on Vault Lock that cannot be altered. https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-access-policy.html
upvoted 2 times
AgboolaKun
1 year, 1 month ago
@100fold, I agree with your answer (C) in #49. There is no better option to C!! I upvoted your answer already!!
upvoted 1 times
100fold
1 year, 1 month ago
@AgboolaKun, I sat the exam Friday and marked 926. 80% from this study were on my exam. 6-7 new questions, one related to AWS KMS keyrings. Good luck everyone!
upvoted 5 times
kejam
1 year ago
Were most questions from examtopics aws-certified-security-specialty-scs-c02 ? or also the previous one for aws-certified-security-specialty-scs-c01 ?
upvoted 1 times
100fold
1 year ago
@kejam I studied both SCS-C02 & SCS-01, but 80%+- were from this C02 study. You’ll notice C01questions are merged. The other % were totally new questions. My access expires today so I can’t comment further, but good luck you’ll be good with this C02 study 👍
upvoted 3 times
...
...
...
...
...
...
100fold
1 year, 1 month ago
Selected Answer: A
Answer A. Compliance mode will prevent anyone from changing or deleting the data including the root user. Requested by the company's compliance team. https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html
upvoted 1 times
100fold
1 year, 1 month ago
Correction to Answer C. https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-access-policy.html
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...