AWS Certified SysOps Administrator – Associate — Question 74

A company wants to archive sensitive data on Amazon S3 Glacier. The company’s regulatory and compliance requirements do not allow any modifications to the data by any account.

Which solution meets these requirements?

Answer options

• A. Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy after 24 hours.
• B. Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy within 24 hours.
• C. Configure S3 Object Lock in governance mode. Upload all files after 24 hours.
• D. Configure S3 Object Lock in governance mode. Upload all files within 24 hours.

Correct answer: B

Explanation

Option B is correct because it specifies that the vault lock policy must be validated within 24 hours, ensuring compliance with regulatory requirements. Option A is incorrect as it suggests validation after 24 hours, which may violate the compliance requirement. Options C and D are not applicable since they involve S3 Object Lock, which does not meet the specific requirement of preventing modifications by any account.