Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 5 Question 44 Discussion

A security engineer needs to implement a write-once-read-many (WORM) model for data that a company will store in Amazon S3 buckets. The company uses the S3 Standard storage class for all of its S3 buckets. The security engineer must en-sure that objects cannot be overwritten or deleted by any user, including the AWS account root user.Which solution will meet these requirements?
A) Create new S3 buckets with S3 Object Lock enabled in compliance mode. Place objects in the S3 buckets.
B) Use S3 Glacier Vault Lock to attach a Vault Lock policy to new S3 buckets. Wait 24 hours to complete the Vault Lock process. Place objects in the S3 buckets.
C) Create new S3 buckets with S3 Object Lock enabled in governance mode. Place objects in the S3 buckets.
D) Create new S3 buckets with S3 Object Lock enabled in governance mode. Add a legal hold to the S3 buckets. Place objects in the S3 buckets.

Amazon SCS-C02 Exam - Topic 5 Question 44 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 44
Topic #: 5
[All SCS-C02 Questions]

A security engineer needs to implement a write-once-read-many (WORM) model for data that a company will store in Amazon S3 buckets. The company uses the S3 Standard storage class for all of its S3 buckets. The security engineer must en-sure that objects cannot be overwritten or deleted by any user, including the AWS account root user.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Margurite at Apr 05, 2025, 08:19 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Precious
5 months ago
D seems risky with legal holds; I’d stick with A.
upvoted 0 times
...
Truman
6 months ago
C doesn’t prevent root access, so it’s not a solid choice.
upvoted 0 times
...
Kathrine
6 months ago
Wait, can the root user really bypass these settings? Sounds sketchy!
upvoted 0 times
...
Chana
6 months ago
I think B could work too, but it’s more complex.
upvoted 0 times
...
Britt
6 months ago
A is the way to go for WORM compliance!
upvoted 0 times
...
Weldon
7 months ago
I recall that governance mode allows some flexibility, but I don't think it fully meets the requirement of preventing all deletions.
upvoted 0 times
...
Dante
7 months ago
I feel like S3 Glacier Vault Lock was mentioned in a different context, maybe for archiving, but I'm not confident it applies here.
upvoted 0 times
...
Cherrie
7 months ago
I think we practiced a similar question where we had to choose between governance and compliance modes. Compliance seems safer for WORM.
upvoted 0 times
...
Cherry
7 months ago
I remember studying S3 Object Lock, but I'm not sure if compliance mode is the only way to prevent deletions.
upvoted 0 times
...
Chauncey
7 months ago
I'm leaning towards Option D. Adding a legal hold in addition to enabling governance mode for S3 Object Lock seems like the most robust way to ensure the objects cannot be overwritten or deleted, even by the root user.
upvoted 0 times
...
Lakeesha
8 months ago
Option A seems like the most direct solution - enable S3 Object Lock in compliance mode and place the objects in the buckets. That should meet the requirement of making the objects immutable.
upvoted 0 times
...
Aleta
8 months ago
Hmm, I'm a bit confused about the difference between compliance mode and governance mode for S3 Object Lock. I'll need to review the details of each to determine the best solution.
upvoted 0 times
...
Valentin
8 months ago
This looks like a straightforward question about implementing a WORM model for data storage in S3. I think the key is to enable S3 Object Lock and understand the different modes.
upvoted 0 times
...
Ernestine
1 year ago
Hold up, are we really debating WORM storage on S3? Next thing you know, they'll be asking us to store data on floppy disks!
upvoted 0 times
...
Tom
1 year ago
Hmm, Option C looks pretty solid too. Governance mode should do the trick without the extra legal hold.
upvoted 0 times
Stephaine
11 months ago
Let's go with Option C for the WORM model implementation.
upvoted 0 times
...
Olive
12 months ago
Legal hold might be unnecessary with governance mode in place.
upvoted 0 times
...
Emogene
1 year ago
I agree, governance mode is a solid solution for implementing WORM.
upvoted 0 times
...
Rupert
1 year ago
Option C is a good choice. It provides the necessary protection.
upvoted 0 times
...
...
Leeann
1 year ago
I'm not sure, but I think both A) and D) could potentially meet the requirements. It depends on the specific needs of the company.
upvoted 0 times
...
Luann
1 year ago
I disagree, I believe the correct answer is D) Create new S3 buckets with S3 Object Lock enabled in governance mode and add a legal hold.
upvoted 0 times
...
Sabine
1 year ago
I'm leaning towards Option D. The legal hold is a nice added layer of protection for those precious objects.
upvoted 0 times
Ona
1 year ago
Yeah, Option D seems like the best solution to ensure the data cannot be overwritten or deleted.
upvoted 0 times
...
Kiley
1 year ago
I agree, the legal hold provides an additional layer of protection for the objects.
upvoted 0 times
...
Justine
1 year ago
Option D sounds like a good choice. The legal hold adds extra security.
upvoted 0 times
...
...
Stefania
1 year ago
I think the answer is A) Create new S3 buckets with S3 Object Lock enabled in compliance mode.
upvoted 0 times
...
Ira
1 year ago
Option A seems like the way to go. Can't go wrong with good old S3 Object Lock in compliance mode.
upvoted 0 times
Cherry
1 year ago
User 2: Agreed, it's a reliable solution to ensure data integrity.
upvoted 0 times
...
Karan
1 year ago
User 1: Option A seems like the way to go. Can't go wrong with good old S3 Object Lock in compliance mode.
upvoted 0 times
...
...

Save Cancel