ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization stores CloudTrail logs in an S3 bucket that has a 90-day lifecycle expiration. The legal department sends a litigation hold requiring retention of all security-related logs for at least three years and preventing any user (even root) from overwriting or deleting them. As the security practitioner, which action best supports this legal hold while minimizing operational disruption?
Replicate the bucket to another region using cross-region replication, then change the destination bucket's versioning setting to keep every version indefinitely.
Enable S3 Object Lock in compliance mode on a new bucket, copy existing log objects to it, and reconfigure CloudTrail to write to the locked bucket.
Tag all existing log objects with a LegalHold tag and modify the lifecycle rule to transition them to Glacier Deep Archive after 90 days.
Disable the lifecycle expiration rule on the current bucket and rely on IAM deny policies to stop deletions for three years.
S3 Object Lock in compliance mode enforces Write Once Read Many (WORM) protection for a defined retention period. Once enabled, no user-including the root account-can alter or delete protected objects until the retention period expires, satisfying the litigation-hold requirement. Creating a new locked bucket, migrating existing logs, and re-pointing CloudTrail maintains operations while guaranteeing three-year preservation.
Tagging objects and adjusting lifecycle rules or Glacier transitions still allow deletions by privileged users, so they do not meet an immutable hold requirement. IAM deny policies can be overridden by turning them off or changing them, and disabling lifecycle expiration alone does not provide tamper-proof protection. Cross-region replication with versioning retains old versions, but any version can still be deleted by an administrator, so it does not provide the non-mutable guarantee demanded by a legal hold.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is S3 Object Lock in compliance mode?
Open an interactive chat with Bash
How does enabling S3 Object Lock protect against data deletion or modification?
Open an interactive chat with Bash
What are alternatives to S3 Object Lock for data retention, and how do they differ?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .