What is the MOST cost-effective solution to meet the company’s needs?

By:
In: SAP-C01
Tagged:
With: 1 Comment
A financial company is building a system to generate monthly, immutable bank account statements for its users.Statements are stored in Amazon S3.Users should have immediate access to their monthly statements for up to 2 years.Some users access their statements frequently, whereas others rarely access their statements.The company’s security and compliance policy requires that the statements be retained for at least 7 years.

What is the MOST cost-effective solution to meet the company’s needs?

Create an S3 bucket with Object Lock disabled. Store statements in S3 Standard. Define an S3 Lifecycle policy to transition the data to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days. Define another S3 Lifecycle policy to move the data to S3 Glacier Deep Archive after 2 years. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.

Create an S3 bucket with versioning enabled. Store statements in S3 Intelligent-Tiering. Use same-Region replication to replicate objects to a backup S3 bucket. Define an S3 Lifecycle policy for the backup S3 bucket to move the data to S3 Glacier. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.

Create an S3 bucket with Object Lock enabled. Store statements in S3 Intelligent-Tiering. Enable compliance mode with a default retention period of 2 years. Define an S3 Lifecycle policy to move the data to S3 Glacier after 2 years. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.

Create an S3 bucket with versioning disabled. Store statements in S3 One Zone-Infrequent Access (S3 One Zone-IA). Define an S3 Lifecycle policy to move the data to S3 Glacier Deep Archive after 2 years. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.

Explanations:

While this option suggests transitioning to S3 Standard-IA and then to S3 Glacier Deep Archive, it does not use Object Lock, which is required to ensure compliance with the retention policy. Without Object Lock, the data could be deleted before the 7-year retention period is met.

This option uses S3 Intelligent-Tiering, which is not necessary for this use case as it doesn’t align with the requirement for immediate access and long-term retention. Furthermore, it does not include Object Lock for compliance, which is essential for ensuring data retention for at least 7 years.

This option utilizes S3 Intelligent-Tiering for efficient cost management while retaining immediate access. Object Lock is enabled in compliance mode, which ensures the data cannot be deleted for at least 2 years. The lifecycle policy transitions data to S3 Glacier after 2 years and the Glacier Vault Lock policy prevents deletion of archives for 7 years, aligning with the company’s requirements.

Although this option transitions data to S3 Glacier Deep Archive after 2 years, it does not include Object Lock, which is essential for enforcing the 7-year retention policy. Moreover, using S3 One Zone-IA may lead to potential data loss due to lack of redundancy across availability zones, which is not advisable for important compliance data.

2025-09-29

1 Comment

  1. Noah
    Author

    I suspect that the answer is:
    Create an S3 bucket with Object Lock enabled. Store statements in S3 Intelligent-Tiering. Enable compliance mode with a default retention period of 2 years. Define an S3 Lifecycle policy to move the data to S3 Glacier after 2 years. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.

Leave a Reply

Your email address will not be published. Required fields are marked *

13 − 1 =