Q32 — AWS SCS-C02 Ch.1
Question 32 of 100 | ← Chapter 1
A company has several petabytes of data. The company must preserve this data for 7 years to comply with regulatory requirements. The company's compliance team asks a security ocer to develop a strategy that will prevent anyone from changing or deleting the data. Which solution will meet this requirement MOST cost-effectively?
- A. Create an Amazon S3 bucket. Congure the bucket to use S3 Object Lock in compliance mode. Upload the data to the bucket. Create a resource-based bucket policy that meets all the regulatory requirements.
- B. Create an Amazon S3 bucket. Congure the bucket to use S3 Object Lock in governance mode. Upload the data to the bucket. Create a user-based IAM policy that meets all the regulatory requirements.
- C. Create a vault in Amazon S3 Glacier. Create a Vault Lock policy in S3 Glacier that meets all the regulatory requirements. Upload the data to the vault. ✓
- D. Create an Amazon S3 bucket. Upload the data to the bucket. Use a lifecycle rule to transition the data to a vault in S3 Glacier. Create a Vault Lock policy that meets all the regulatory requirements.
Correct Answer: C. Create a vault in Amazon S3 Glacier. Create a Vault Lock policy in S3 Glacier that meets all the regulatory requirements. Upload the data to the vault.
Explanation
题目要求设计一个策略,确保数据在7年内不可更改或删除,同时考虑成本效益。AWS的Amazon S3 Glacier服务提供Vault Lock功能,允许设置不可变的合规性策略,直接锁定数据。相比其他选项,Glacier存储成本通常低于标准S3,尤其在长期归档场景中。选项C直接将数据上传到Glacier Vault并应用Vault Lock策略,无需中间步骤或额外配置,避免了S3存储层可能产生的更高费用。其他选项涉及S3存储或过渡步骤,可能增加成本或引入管理复杂性。Glacier Vault Lock的不可变特性严格符合合规要求,且经济高效。来源:AWS文档关于S3 Glacier Vault Lock的说明。