AWS Certified Cloud Practitioner (CLF-C02) — Question 402

A company must archive its documents by using a write-once, read-many (WORM) model to meet legal and compliance obligations.

Which feature of Amazon S3 can the company use to meet this requirement?

Answer options

• A. S3 Versioning
• B. S3 bucket policy
• C. S3 Glacier Vault Lock
• D. S3 multi-factor authentication (MFA) delete

Correct answer: C

Explanation

Amazon S3 Glacier Vault Lock allows you to enforce compliance controls using a vault lock policy, which can lock the policy to prevent any future modifications or deletions, thereby meeting write-once, read-many (WORM) requirements. Other features like S3 Versioning, S3 bucket policies, and S3 MFA delete provide data protection and access controls, but they do not enforce a non-rewritable and non-erasable WORM state for compliance archiving.