ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An SSCP is tasked with designing a seven-year archive for monthly financial transaction logs stored in AWS. The solution must ensure that each log file is immutable after it is written, encrypted at rest, cost-efficient for long-term retention, and still retrievable within 12 hours to satisfy audit requests. Which approach best meets these secure long-term storage requirements?
Configure AWS Backup to copy logs into a warm storage vault with a seven-year retention policy and cross-Region replication.
Store compressed logs in Amazon S3 Glacier Deep Archive, enable S3 Object Lock in compliance mode, and apply server-side encryption with AWS KMS-managed keys.
Retain logs on encrypted Amazon EBS volumes attached to a stopped EC2 instance and take annual snapshots for seven years.
Upload logs to an Amazon S3 Standard bucket with versioning enabled and default server-side encryption (SSE-S3).
Amazon S3 Glacier Deep Archive is AWS's lowest-cost storage class for long-term retention. When combined with S3 Object Lock in compliance mode, each object is placed in a write-once, read-many (WORM) state that cannot be altered or deleted until the retention period expires, meeting immutability requirements. Server-side encryption with KMS keys ensures that data remains encrypted at rest. Standard retrieval from Glacier Deep Archive is typically available within 12 hours, which satisfies the audit retrieval window at minimal cost.
Storing data on encrypted EBS volumes, even if snapshots are taken, does not provide WORM protection and incurs higher ongoing storage costs. Keeping data in S3 Standard with versioning is far more expensive over seven years and versioning alone does not prevent tampering. AWS Backup warm storage offers longer retention, but it is priced higher than Glacier Deep Archive and does not inherently enforce object-level immutability. Therefore, the Glacier Deep Archive solution with Object Lock and KMS encryption is the only option that addresses all security, cost, and retrieval requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon S3 Glacier Deep Archive, and why is it suitable for long-term storage?
Open an interactive chat with Bash
What is S3 Object Lock in compliance mode, and how does it enforce immutability?
Open an interactive chat with Bash
How does server-side encryption with AWS KMS-managed keys protect data at rest?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .