AWS Certified Solutions Architect – Associate (SAA-C03) — Question 75

A company needs to store its accounting records in Amazon S3. The records must be immediately accessible for 1 year and then must be archived for an additional 9 years. No one at the company, including administrative users and root users, can be able to delete the records during the entire 10-year period. The records must be stored with maximum resiliency.
Which solution will meet these requirements?

Answer options

• A. Store the records in S3 Glacier for the entire 10-year period. Use an access control policy to deny deletion of the records for a period of 10 years.
• B. Store the records by using S3 Intelligent-Tiering. Use an IAM policy to deny deletion of the records. After 10 years, change the IAM policy to allow deletion.
• C. Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years.
• D. Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 year. Use S3 Object Lock in governance mode for a period of 10 years.

Correct answer: C

Explanation

The correct answer is C because it utilizes S3 Lifecycle policies to manage the transition of records to S3 Glacier Deep Archive after one year, ensuring they are archived properly. Additionally, S3 Object Lock in compliance mode prevents any deletions for the entire 10 years, meeting the security requirement. Options A and B do not fulfill the archival needs correctly, as they either do not use Object Lock effectively or permit deletion after a certain period. Option D uses S3 One Zone-IA which does not provide the same level of resiliency as Glacier Deep Archive.