AWS Certified SysOps Administrator – Associate (legacy) — Question 562

An application is being migrated to AWS with the requirement that archived data be retained for at least 7 years.
What Amazon Glacier configuration option should be used to meet this compliance requirement?

Answer options

• A. A Glacier data retrieval policy
• B. A Glacier vault access policy
• C. A Glacier vault lock policy
• D. A Glacier vault notification

Correct answer: C

Explanation

An Amazon S3 Glacier Vault Lock policy allows you to deploy and enforce compliance controls on individual vaults using a Write Once Read Many (WORM) policy. Once locked, the policy becomes immutable and cannot be altered or deleted, ensuring the data is retained for the mandatory 7 years. Vault access policies can be changed and thus do not guarantee compliance, while data retrieval policies control data transfer limits and vault notifications are used for event alerts.