ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization collects disk images from compromised Amazon EC2 instances and uploads them to a dedicated Amazon S3 bucket for later forensic analysis. To maintain a defensible chain of custody, security policy requires that evidence objects remain immutable and undeletable for at least 90 days, while still being immediately accessible for investigators. Which approach best meets these requirements?
Enable S3 Versioning on the bucket and add a lifecycle rule that permanently deletes previous versions after 90 days.
Enable S3 Object Lock in Compliance mode on the evidence bucket and configure a 90-day retention period.
Encrypt evidence objects with AWS KMS and enable server access logging on the bucket to prevent modification.
Store the evidence files in an Amazon S3 Glacier vault and apply a 90-day Vault Lock policy to enforce retention.
Amazon S3 Object Lock places objects in a write-once-read-many (WORM) state. When the bucket is configured for Object Lock in Compliance mode with a 90-day retention period, each object version is protected from overwrites or deletions by any user-including the root account-until the timer expires. Because the objects can remain in the S3 Standard storage class (or another instant-access class), investigators can retrieve them immediately.
S3 Versioning alone cannot prevent an administrator from permanently deleting every version of an object, so it does not satisfy the immutability requirement. Storing evidence in an Amazon S3 Glacier vault with a 90-day Vault Lock policy would enforce retention but incurs retrieval times of several hours, failing the requirement for immediate access. Encrypting objects with AWS KMS and enabling server access logging adds confidentiality and auditability but does not stop modification or deletion. Therefore, enabling S3 Object Lock in Compliance mode is the only option that fulfills all stated constraints.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon S3 Object Lock and how does Compliance mode work?
Open an interactive chat with Bash
How does the retention period in S3 Object Lock affect object accessibility?
Open an interactive chat with Bash
Why is S3 Glacier Vault Lock unsuitable for immediate investigator access?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .