A financial services company has a compliance requirement that all archived data must be preserved exclusively in a non-rewriteable and non-erasable format.
What solution satisfies this requirement in the most cost-effective way?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D.
Option A is incorrect because Amazon S3 versioning does not protect object versions from being deleted.
Option B is incorrect because it is not the most cost-effective solution.
The question specifically asks about archived data.
Storing archived data in Amazon S3 Glacier is more cost-effective than Amazon S3.
Option C is incorrect because it does not satisfy the requirements.
Amazon S3 bucket policies can be changed, thus removing protection on the objects.
Option D is CORRECT because Amazon S3 Glacier is the most cost-effective storage solution for archive data.
Amazon S3 Glacier Vault Lock can be used to implement a “Write-Once-Read-Many” archive storage solution.
Reference.
https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock.html https://aws.amazon.com/blogs/aws/glacier-vault-lock/The most cost-effective solution that satisfies the compliance requirement for the financial services company to preserve archived data exclusively in a non-rewriteable and non-erasable format is to enable Amazon S3 Object Lock.
Amazon S3 Object Lock is a feature of Amazon S3 that helps customers enforce retention policies as an additional layer of data protection against object deletion and modification. When Amazon S3 Object Lock is enabled on a bucket or an object, it prevents the deletion or modification of the object for the duration of the retention period.
Option A, enabling Amazon S3 Versioning, is not sufficient for meeting the compliance requirement since versioned objects can still be deleted or modified by authorized users, which violates the non-rewriteable and non-erasable requirement.
Option C, implementing Amazon S3 Bucket Policy with deny statements for object delete operations, can prevent object deletion but it does not prevent object modification, which again violates the non-rewriteable requirement.
Option D, implementing Amazon S3 Glacier Vault Lock, is designed for data archiving rather than data storage and is not a cost-effective solution for meeting the compliance requirement for data preservation in a non-rewriteable and non-erasable format.
Therefore, the correct answer is B, enabling Amazon S3 Object Lock, which meets the compliance requirement by preventing object deletion or modification for the duration of the retention period, ensuring the data is preserved exclusively in a non-rewriteable and non-erasable format.