Learn how Amazon S3 Glacier Vault Lock enables write-once, read-many (WORM) archiving to meet legal and compliance requirements. Ensure data immutability and protect your critical documents with this powerful AWS feature.
Table of Contents
Question
A company must archive its documents by using a write-once, read-many (WORM) model to meet legal and compliance obligations.
Which feature of Amazon S3 can the company use to meet this requirement?
A. S3 Versioning
B. S3 bucket policy
C. S3 Glacier Vault Lock
D. S3 multi-factor authentication (MFA) delete
Answer
C. S3 Glacier Vault Lock
Explanation
Amazon S3 Glacier Vault Lock is a feature that allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults. With Vault Lock, you can create a lockable policy that is designed to ensure write-once, read-many (WORM) data storage for regulatory and compliance needs.
Here’s why the other options are incorrect:
A. S3 Versioning: While S3 Versioning helps protect against accidental deletes and overwrites by maintaining multiple versions of an object, it does not enforce a WORM model. Objects can still be deleted or overwritten, making it unsuitable for meeting legal and compliance obligations that require immutable data storage.
B. S3 bucket policy: S3 bucket policies are used to manage access permissions to your S3 buckets and objects. While you can use bucket policies to restrict access, they do not inherently enforce a WORM model or prevent objects from being deleted or modified.
D. S3 multi-factor authentication (MFA) delete: S3 MFA delete adds an extra layer of security by requiring additional authentication for deleting objects. However, it does not prevent objects from being modified or overwritten, which is essential for maintaining a WORM model.
S3 Glacier Vault Lock, on the other hand, enables you to create a lockable policy that prevents any changes to the vault or the archives within it. Once the policy is locked, it becomes immutable, ensuring that the data cannot be altered or deleted until the lock expires or is removed by an authorized user. This feature is specifically designed to meet the stringent requirements of a WORM model, making it the ideal choice for legal and compliance archiving.
Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.