AWS Certified SysOps Administrator – Associate — Question 135

A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits.

Which solution will meet these requirements?

Answer options

• A. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWS Key Management Service (AWS KMS) encryption.
• B. Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for write-once, read-many (WORM) access.
• C. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure server-side encryption.
• D. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure multi-factor authentication (MFA).

Correct answer: B

Explanation

Option B is correct because storing data in an Amazon S3 Glacier vault with a vault lock policy ensures that the logs are archived for a long duration and protects them from any modifications. The other options either do not provide the necessary write-once, read-many (WORM) protection or are not designed for long-term archiving.