Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your security team must archive cloud audit logs to meet a regulation that mandates seven years of write-once-read-many (WORM) retention while also minimizing cost after the first 90 days. The company already stores logs in an S3-compatible object-storage service that supports both lifecycle policies and an "object lock" feature. Which archival configuration BEST satisfies the regulatory immutability requirement and the long-term cost objective?

  • Keep the logs in object storage without object lock but restrict write access to a service account protected by multifactor authentication.

  • Enable object lock in compliance mode on the log bucket and add a lifecycle policy that transitions objects to the provider's cold archive tier after 90 days.

  • Store the logs on encrypted block storage volumes and replicate them asynchronously to a second region for seven years.

  • Place the logs on a managed file-share service, turn on file versioning, and keep weekly snapshots for seven years.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Data Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot