Amazon Exam SCS-C02 Topic 5 Question 44 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 44
Topic #: 5

A security engineer needs to implement a write-once-read-many (WORM) model for data that a company will store in Amazon S3 buckets. The company uses the S3 Standard storage class for all of its S3 buckets. The security engineer must en-sure that objects cannot be overwritten or deleted by any user, including the AWS account root user.

Which solution will meet these requirements?

ACreate new S3 buckets with S3 Object Lock enabled in compliance mode. Place objects in the S3 buckets.

BUse S3 Glacier Vault Lock to attach a Vault Lock policy to new S3 buckets. Wait 24 hours to complete the Vault Lock process. Place objects in the S3 buckets.

CCreate new S3 buckets with S3 Object Lock enabled in governance mode. Place objects in the S3 buckets.

DCreate new S3 buckets with S3 Object Lock enabled in governance mode. Add a legal hold to the S3 buckets. Place objects in the S3 buckets.

Show Suggested Answer

Suggested Answer: A

by Margurite at Apr 05, 2025, 08:19 AM

Limited Time Offer

25%

1 months ago

I'm leaning towards Option D. The legal hold is a nice added layer of protection for those precious objects.

upvoted 0 times

Justine

23 days ago

Option D sounds like a good choice. The legal hold adds extra security.

upvoted 0 times

...

Stefania

1 months ago

I think the answer is A) Create new S3 buckets with S3 Object Lock enabled in compliance mode.

upvoted 0 times

...

Ira

2 months ago

Option A seems like the way to go. Can't go wrong with good old S3 Object Lock in compliance mode.

upvoted 0 times

Cherry

27 days ago

User 2: Agreed, it's a reliable solution to ensure data integrity.

upvoted 0 times

...

Karan

28 days ago

User 1: Option A seems like the way to go. Can't go wrong with good old S3 Object Lock in compliance mode.

upvoted 0 times

...