AWS Certified SysOps Administrator – Associate — Question 196

A company migrates a write-once, ready-many (WORM) drive to an Amazon S3 bucket that has S3 Object Lock configured in governance mode. During the migration, the company copies unneeded data to the S3 bucket.

A SysOps administrator attempts to delete the unneeded data from the S3 bucket by using the AWS CLI. However, the SysOps administrator receives an error.

Which combination of steps should the SysOps administrator take to successfully delete the unneeded data? (Choose two.)

Answer options

• A. Increase the Retain Until Date.
• B. Assume a role that has the s3:BypassLegalRetention permission.
• C. Assume a role that has the s3:BypassGovernanceRetention permission.
• D. Include the x-amz-bypass-governance-retention:true header in the request when issuing the delete command.
• E. Include the x-amz-bypass-legal-retention:true header in the request when issuing the delete command.

Correct answer: C, D

Explanation

The correct options, C and D, allow the administrator to bypass the governance mode restrictions by assuming a role that grants the necessary permissions and including the appropriate header in the delete request. Options A and B do not provide the required permissions or actions needed to delete the data under governance mode, making them incorrect for this scenario.