AWS Certified Solutions Architect – Associate (SAA-C03) — Question 968

A company needs to implement a new data retention policy for regulatory compliance. As part of this policy, sensitive documents that are stored in an Amazon S3 bucket must be protected from deletion or modification for a fixed period of time.

Which solution will meet these requirements?

Answer options

• A. Activate S3 Object Lock on the required objects and enable governance mode.
• B. Activate S3 Object Lock on the required objects and enable compliance mode.
• C. Enable versioning on the S3 bucket. Set a lifecycle policy to delete the objects after a specified period.
• D. Configure an S3 Lifecycle policy to transition objects to S3 Glacier Flexible Retrieval for the retention duration.

Correct answer: B

Explanation

Amazon S3 Object Lock in compliance mode ensures that a protected object version cannot be overwritten or deleted by any user, including the root user, during the retention period. Governance mode is insufficient because users with special permissions can still bypass the retention settings. S3 Versioning and S3 Lifecycle policies do not prevent unauthorized deletion or modification of data as required by strict regulatory compliance.