ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company is migrating legal hold documents to AWS. Compliance rules require that each object be stored redundantly across at least three Availability Zones, protected from accidental or malicious deletion, and recoverable even if the customer loses access to its own encryption keys. Which solution meets these requirements while keeping storage costs to a minimum?
Store the data in an S3 One Zone-IA bucket with versioning enabled and default encryption set to SSE-KMS using a customer-managed CMK.
Create an Amazon S3 Standard bucket, enable versioning and MFA Delete, and set default server-side encryption to SSE-S3.
Place the documents on Amazon EFS Standard with lifecycle management to Infrequent Access; rely on POSIX permissions for protection.
Deploy encrypted EBS volumes in an Auto Scaling group spanning three AZs and schedule daily snapshots to Amazon S3 Glacier Deep Archive.
Amazon S3 Standard automatically stores every object redundantly across a minimum of three Availability Zones, providing high durability and resilience. Enabling versioning ensures that previous versions remain available for recovery, while MFA Delete protects them from accidental or malicious removal. Choosing server-side encryption with Amazon S3-managed keys (SSE-S3) satisfies the encryption mandate without relying on customer-managed keys, so the data can still be decrypted even if a customer key is lost. One Zone-IA does not span multiple AZs, EFS is costlier for object storage, and EBS snapshots plus cross-AZ volumes do not inherently place every object in three AZs. SSE-KMS with a customer-managed CMK would violate the key-loss recovery requirement because deleting or disabling the CMK renders data unreadable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon S3 versioning, and why is it important?
Open an interactive chat with Bash
What is SSE-S3, and how does it differ from SSE-KMS?
Open an interactive chat with Bash
Why is Amazon S3 Standard the best choice for meeting compliance requirements in this scenario?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .