AWS Certified Security – Specialty (SCS-C02) — Question 96

A company's data scientists want to create artificial intelligence and machine learning (AI/ML) training models by using Amazon SageMaker. The training models will use large datasets in an Amazon S3 bucket. The datasets contain sensitive information.

On average, the data scientists need 30 days to train models. The S3 bucket has been secured appropriately. The company's data retention policy states that all data that is older than 45 days must be removed from the S3 bucket.

Which action should a security engineer take to enforce this data retention policy?

Answer options

• A. Configure an S3 Lifecycle rule on the S3 bucket to delete objects after 45 days.
• B. Create an AWS Lambda function to check the last-modified date of the S3 objects and delete objects that are older than 45 days. Create an S3 event notification to invoke the Lambda function for each PutObject operation.
• C. Create an AWS Lambda function to check the last-modified date of the S3 objects and delete objects that are older than 45 days. Create an Amazon EventBridge rule to invoke the Lambda function each month.
• D. Configure S3 Intelligent-Tiering on the S3 bucket to automatically transition objects to another storage class.

Correct answer: A

Explanation

The correct action is to configure an S3 Lifecycle rule to automatically delete objects after 45 days, as this directly aligns with the data retention policy. The alternative options involving Lambda functions add unnecessary complexity and do not leverage the built-in capabilities of S3 for managing object lifecycles. Option D does not address the deletion requirement of older data.