Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 2 Question 56 Discussion

[Data Protection]A company stores sensitive data in an Amazon S3 bucket. The company encrypts the data at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3). A security engineer must prevent any modifications to the data in the S3 bucket. Which solution will meet this requirement?
B) Configure S3 Object Lock in compliance mode with S3 bucket versioning enabled.
A) Configure S3 bucket policies to deny DELETE and PUT object permissions.
C) Change the encryption on the S3 bucket to use AWS Key Management Service (AWS KMS) customer managed keys.
D) Configure the S3 bucket with multi-factor authentication (MFA) delete protection.

Amazon SCS-C02 Exam - Topic 2 Question 56 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 56
Topic #: 2
[All SCS-C02 Questions]

[Data Protection]

A company stores sensitive data in an Amazon S3 bucket. The company encrypts the data at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3). A security engineer must prevent any modifications to the data in the S3 bucket. Which solution will meet this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Renato at Mar 07, 2026, 05:45 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Leatha
24 days ago
Wait, does anyone really trust SSE-S3 for sensitive data?
upvoted 0 times
...
Marilynn
29 days ago
I think A could work too, but it’s not foolproof.
upvoted 0 times
...
Edelmira
1 month ago
Option B is the best choice for preventing modifications!
upvoted 0 times
...
Melynda
1 month ago
Not sure if MFA delete is enough, what if someone gets access?
upvoted 0 times
...
Kandis
1 month ago
Totally agree with B, compliance mode is key!
upvoted 0 times
...
Iluminada
2 months ago
Wait, does anyone actually use Object Lock? Seems complicated.
upvoted 0 times
...
Sherrell
2 months ago
I think A could work too, but it might not cover everything.
upvoted 0 times
...
Aja
2 months ago
Option B is the best choice for preventing modifications.
upvoted 0 times
...
Mattie
2 months ago
I practiced a similar question about S3 permissions, and I think versioning with Object Lock is definitely the way to go for data integrity.
upvoted 0 times
...
Venita
2 months ago
I feel like MFA delete protection could be a good choice too, but it might not cover all scenarios for preventing changes.
upvoted 0 times
...
German
3 months ago
I'm not entirely sure, but I think bucket policies can help deny certain actions. However, I'm not confident if they fully prevent modifications.
upvoted 0 times
...
Kiera
3 months ago
I remember we discussed S3 Object Lock in compliance mode in class. It seems like the best option to prevent modifications.
upvoted 0 times
...

Save Cancel