AWS Certified SysOps Administrator – Associate (legacy) — Question 651

A company needs to implement a system for object-based storage in a write-once, read-many (WORM) model. Objects cannot be deleted or changed after they are stored, even by an AWS account root user or administrators.
Which solution will meet these requirements?

Answer options

• A. Set up Amazon S3 Cross-Region Replication and run daily updates.
• B. Set up Amazon S3 Object Lock in governance mode with S3 Versioning enabled.
• C. Set up Amazon S3 Object Lock in compliance mode with S3 Versioning enabled.
• D. Set up an Amazon S3 Lifecycle policy to move the objects to Amazon S3 Glacier.

Correct answer: B

Explanation

Amazon S3 Object Lock, when used with S3 Versioning, provides WORM protection to prevent objects from being deleted or overwritten. Setting up governance mode ensures that objects are protected from deletion by unauthorized users, satisfying the requirement to secure the data. Other options like Cross-Region Replication or S3 Lifecycle policies do not natively enforce WORM compliance at the object level.