Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 85 discussion

You can use S3 Object Lock to store objects using a write-once-read-many (WORM) model. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. You can use S3 Object Lock to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion. Versioning is required and automatically activated as Object Lock is enabled. https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html

***CORRECT*** A. Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled. S3 Versioning allows multiple versions of an object to be stored in the same bucket. This means that when an object is modified or deleted, the previous version is preserved. S3 Object Lock adds additional protection by allowing objects to be placed under a legal hold or retention period, during which they cannot be deleted or modified. Together, S3 Versioning and S3 Object Lock can be used to meet the requirement of not allowing documents to be modified or deleted after they are stored.

Ans A - 'S3 Object Lock' allows objects to be stored under legal retention regime during which they cannot be changed/deleted. Versioning helps tracking...

A is the correct answer

https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html "S3 Object Lock can help prevent Amazon S3 objects from being deleted or overwritten for a fixed amount of time or indefinitely. " B is archiving which won't stop deletion C ACL can be modified D Sounds like there will be a write volume and a read volume which means write volume will have permissions for deletion

S3 Versioning ensures that all versions of an object are retained when overwritten or deleted - this prevents deletion. S3 Object Lock can be used to apply a retention period and legal hold on objects to prevent them from being overwritten or deleted, even by users with full permissions. Option B only archives objects on a schedule but does not prevent modification or deletion. Option C uses ACLs which can still be overridden by users with full permissions. Option D relies on the application to enforce mounting as read-only, which is not as robust as using S3 Object Lock.

S3 Versioning allows you to preserve every version of a document as it is uploaded or modified. This prevents accidental or intentional modifications or deletions of the documents. S3 Object Loc allows you to set a retention period or legal hold on the objects, making them immutable during the specified period. This ensures that the stored documents cannot be modified or deleted, even by privileged users or administrators. B. Configuring an S3 Lifecycle policy to archive documents periodically does not guarantee the prevention of document modification or deletion after they are stored. C. Enabling S3 Versioning alone does not prevent modifications or deletions of objects. Configuring an ACL does not guarantee the prevention of modifications or deletions by authorized users. D. Using EFS does not prevent modifications or deletions of the documents by users or processes with write permissions.

S3 Versioning and S3 Object Lock enabled meet the requirements, hence A is correct ans.

Option A. Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled. This will ensure that the documents cannot be modified or deleted after they are stored, and will meet the regulatory requirement. S3 Versioning allows you to store multiple versions of an object in the same bucket, and S3 Object Lock enables you to apply a retention policy to objects in the bucket to prevent their deletion.

Option A. Object Lock will prevent modifications to documents

Why not C

A is correct

https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html

aaaaaaaaa

aaaaaaaaaaa