Free Top Amazon/AWS DEA-C01 Actual Exam Questions - Question 4 Discussion
customer record data for 7 years after each record is created. The root user also must not have the
ability to delete or modify the data.
A data engineer wants to use S3 Object Lock to secure the data.
Which solution will meet these requirements?
It’s B because compliance mode blocks root user from deleting or modifying objects during retention.
B makes sense since compliance mode locks objects from root changes, but I'm unsure if default retention applies automatically. Does the default retention really cover all objects without setting it individually?
It’s B, because compliance mode prevents root override, which is key here.
B/D? Compliance mode stops root from deleting, so it’s needed. But you still have to set the 7-year retention on each object since default retention isn’t automatic. So, a combo of B and D sounds right.
I’m skeptical about option A since governance mode can be overridden by the root user. Compliance mode (B) sounds stronger for locking down deletion rights, but does it truly auto-set the 7-year retention on all objects without manual action?
Maybe D since you can’t rely on bucket-level defaults to enforce root restrictions.
This is tricky, but I think B makes the most sense because compliance mode blocks even root from deleting. The default retention period isn’t automatic though, so you’d still set 7 years on each object. B.
B/D? Compliance mode definitely prevents root from deleting data, but enabling it on the bucket doesn’t automatically set retention. So you still have to set the 7-year retention per object like in D.
B/D? Compliance mode definitely blocks root from deleting/modifying data, which fits the requirement. But I’m unsure if you still need to set the retention per object or if enabling compliance mode on the bucket sets a default period automatically. On the other hand, option D suggests setting retention individually, which would be a manual and error-prone process, making B seem more practical if it handles the default duration bucket-wide. Governance mode (A) doesn’t block root user actions fully, so that seems off. Legal holds (C) don’t have fixed retention periods, so probably not the best f
B. Compliance mode is the only way to prevent even the root user from deleting or modifying objects during the retention period, so this fits the strict rule. Governance mode can be overridden by root.
It’s B because compliance mode blocks root user deletions, unlike governance mode.