ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security team must keep Apache access logs for 13 months to satisfy an audit requirement. Logs are written every minute to an Amazon S3 bucket in eu-west-1. The solution must minimize storage costs and guarantee that no user or process can delete or overwrite the logs during the retention period. Which approach best meets these goals?
Enable S3 Versioning and add a lifecycle rule that moves noncurrent object versions to S3 Glacier Flexible Retrieval after 30 days and permanently deletes objects after 400 days.
Use AWS Backup with a 400-day backup plan that protects the S3 bucket and stores the backups in S3 Glacier Deep Archive.
Copy the log files to Amazon EFS and enable EFS Infrequent Access with lifecycle management set to 400 days.
Enable S3 Object Lock in Compliance mode with a 400-day retention period and add a lifecycle rule that transitions objects to S3 Glacier Instant Retrieval after 30 days.
Using Amazon S3 Object Lock in Compliance mode places every log object in a write-once, read-many (WORM) state; no one, including the root user, can delete or alter the object until the retention date passes. A lifecycle rule can still move the objects to a colder, less expensive storage class such as S3 Glacier Instant Retrieval after 30 days, reducing cost while leaving the WORM protection in place for the full 400-day period. Versioning alone cannot stop a privileged user from permanently deleting all versions, AWS Backup for S3 does not protect the original objects from deletion, and moving the data to EFS introduces higher cost and lacks WORM protection. Therefore, enabling Object Lock in Compliance mode with an appropriate retention period and adding a transition rule provides both immutability and cost efficiency.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is S3 Object Lock and how does Compliance mode work?
Open an interactive chat with Bash
What are the benefits of transitioning data to S3 Glacier, and what is S3 Glacier Instant Retrieval?
Open an interactive chat with Bash
Why is S3 Versioning insufficient protection for preventing deletion or modification of logs?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .