Q54 — AWS SOA-C02 Ch.1
Question 54 of 100 | ← Chapter 1
A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits. Which solution will meet these requirements?
- A. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWS Key Management Service (AWS KMS) encryption.
- B. Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for write-once, read-many (WORM) access. ✓
- C. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure server-side encryption.
- D. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure multi-factor authentication (MFA).
Correct Answer: B. Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for write-once, read-many (WORM) access.
Explanation
该题考察利用AWS存储服务实现数据长期不可变存储的能力。AWS文档指出,Amazon S3 Glacier的保管库锁定策略允许设置不可编辑的合规性策略,确保数据在指定保留期内无法被修改或删除,满足WORM要求。选项A的EBS不支持不可变性,且主要用于块存储;选项C和D的S3 Standard-IA虽支持存储但未提及对象锁定功能,仅加密或MFA无法防止数据篡改。选项B的Glacier保管库锁定直接对应合规性存档场景,符合题干对日志不可编辑和长期保存的需求。