Which solution will meet these requirements?

By:
In: SAA-C03
Tagged:
With: 2 Comments
A company needs to store its accounting records in Amazon S3.The records must be immediately accessible for 1 year and then must be archived for an additional 9 years.No one at the company, including administrative users and root users, can be able to delete the records during the entire 10-year period.The records must be stored with maximum resiliency.

Which solution will meet these requirements?

Store the records in S3 Glacier for the entire 10-year period. Use an access control policy to deny deletion of the records for a period of 10 years.

Store the records by using S3 Intelligent-Tiering. Use an IAM policy to deny deletion of the records. After 10 years, change the IAM policy to allow deletion.

Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years.

Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 year. Use S3 Object Lock in governance mode for a period of 10 years.

Explanations:

S3 Glacier is not immediately accessible; it requires retrieval time. Additionally, using an access control policy to prevent deletion does not provide the required compliance and data integrity features that are needed for the entire retention period.

S3 Intelligent-Tiering allows for data movement based on access patterns but does not meet the requirement for preventing deletions for the entire 10-year period effectively. Changing the IAM policy after 10 years does not satisfy the requirement of locking the data from deletion.

This option uses S3 Object Lock in compliance mode, which prevents deletion of the records for the specified duration (10 years). The S3 Lifecycle policy effectively transitions the data from S3 Standard to S3 Glacier Deep Archive after 1 year, meeting the storage and archiving requirements while ensuring maximum resiliency.

S3 One Zone-IA does not provide the level of resiliency required compared to S3 Glacier Deep Archive. Additionally, using S3 Object Lock in governance mode does not fully prevent deletions by users with the right permissions, which is against the requirements.

2026-03-17

2 Comments

  1. Tiffany
    Author

    I would say the answer is:
    Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years.

  2. Shirley
    Author

    I believe the answer is:
    Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 6 =