Topic 1 Question 154
A company needs to save the results from a medical trial to an Amazon S3 repository. The repository must allow a few scientists to add new files and must restrict all other users to read-only access. No users can have the ability to modify or delete any files in the repository. The company must keep every file in the repository for a minimum of 1 year after its creation date. Which solution will meet these requirements?
Use S3 Object Lock in governance mode with a legal hold of 1 year.
Use S3 Object Lock in compliance mode with a retention period of 365 days.
Use an IAM role to restrict all users from deleting or changing objects in the S3 bucket. Use an S3 bucket policy to only allow the IAM role.
Configure the S3 bucket to invoke an AWS Lambda function every time an object is added. Configure the function to track the hash of the saved object so that modified objects can be marked accordingly.
ユーザの投票
コメント(17)
Answer : B Reason: Compliance Mode. The key difference between Compliance Mode and Governance Mode is that there are NO users that can override the retention periods set or delete an object, and that also includes your AWS root account which has the highest privileges.
👍 16Qjb8m9h2022/11/14- 正解だと思う選択肢: B
B is best answer but I feel none of the answers covers the requirement for only few users(scientiest) are able to upload(create) the file in the bucket and all other users has Read only access.
👍 3career360guru2022/12/17 - 正解だと思う選択肢: B
Answer is B Compliance:
- Object versions can't be overwritten or deleted by any user, including the root user
- Objects retention modes can't be changed, and retention periods can't be shortened
Governance:
- Most users can't overwrite or delete an object version or alter its lock settings
- Some users have special permissions to change the retention or delete the object
👍 3lazyyoung2022/12/20
シャッフルモード