Q72 — AWS SCS-C02 Ch.1

Question 72 of 100 | ← Chapter 1

A company needs a solution to protect critical data from being permanently deleted. The data is stored in Amazon S3 buckets. The company needs to replicate the S3 objects from the company's primary AWS Region to a secondary Region to meet disaster recovery requirements. The company must also ensure that users who have administrator access cannot permanently delete the data in the secondary Region. Which solution will meet these requirements?

Correct Answer: B. Implement S3 Object Lock in compliance mode in the primary Region. Configure S3 replication to replicate the objects to an S3 bucket in the secondary Region.  

Explanation

该题考察如何通过S3 Object Lock和跨区域复制实现数据保护。AWS文档指出,启用S3 Object Lock(合规模式)的对象在保留期限内禁止任何用户(包括管理员)删除或覆盖。配置跨区域复制时,若源桶启用Object Lock且目标桶也启用该功能,复制后的对象将继承保留设置(参考Amazon S3 Replication文档)。选项B正确,因合规模式确保次级区域数据即使管理员也无法删除。其他选项如C仅阻止删除复制,未防止直接删除;D的版本化无法阻止永久删除;A的AWS Backup Vault Lock治理模式允许特定权限覆盖,不符合要求。