Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A Solutions Architect must create a secure storage solution for confidential client documents at a law firm. The design needs to enforce strict permissions and ensure documents are only retained as long as legally necessary before being removed from storage. Which configuration would best meet the firm's operational and legal requirements?

  • Configure S3 Object Lock to enforce a strict WORM (Write Once Read Many) model until documents are manually purged post-retention.

  • Utilize a Glacier Vault with Lock policies, scheduling vault lock-in to meet the retention timeline and manually manage deletions.

  • Deploy an S3 bucket with appropriate Bucket Policies and IAM roles, setting lifecycle policies to remove documents after the predetermined retention duration.

  • Implement key management service policies to expire encryption on objects, effectively rendering them inaccessible post-retention.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:

Check or uncheck an objective to set which questions you will receive.