ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your security team must retain web application logs for seven years to satisfy audit requirements. Once the retention period ends, the logs should be automatically removed to minimize storage costs. Logs must remain tamper-proof during the entire retention period, even for administrators with full AWS permissions. Which solution best meets these requirements while keeping operational overhead low?
Stream the logs to Amazon CloudWatch Logs with a seven-year retention setting and enable log integrity validation.
Send the logs to an Amazon S3 bucket enabled for Object Lock in compliance mode and add a Lifecycle rule that expires objects after seven years.
Store the logs in Amazon S3 Glacier Deep Archive and turn on CloudTrail log file integrity validation for the bucket.
Archive the logs as encrypted EBS snapshots protected by AWS Backup with a seven-year retention policy.
Amazon S3 Object Lock in compliance mode stores objects in a write-once-read-many (WORM) state. No user, including the root account, can delete or overwrite a locked object until its retention period expires, satisfying the immutability requirement. After the seven-year retention window, an S3 Lifecycle expiration rule can automatically delete the objects, controlling costs without manual intervention. CloudWatch Logs retention settings do not guarantee immutability, CloudTrail integrity validation only detects changes, and EBS snapshots do not provide WORM protection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon S3 Object Lock in compliance mode?
Open an interactive chat with Bash
How do S3 Lifecycle rules help manage storage costs?
Open an interactive chat with Bash
Why do other options not meet the tamper-proof requirement?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .