Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SOA-C02 Topic 10 Question 86 Discussion

Actual exam question for Amazon's SOA-C02 exam
Question #: 86
Topic #: 10
[All SOA-C02 Questions]

A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

To meet the requirements of the workload, a company should store the data in an Amazon S3 Glacier vault and configure a vault lock policy for write-once, read-many (WORM) access. This will ensure that the data is stored securely and cannot be edited in the future. The other solutions (storing the data in an Amazon Elastic Block Store (Amazon EBS) volume and configuring AWS Key Management Service (AWS KMS) encryption, storing the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA) and configuring server-side encryption, or storing the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA) and configuring multi-factor authentication (MFA)) will not meet the requirements, as they do not provide a way to protect the audit logs from future edits.

https://docs.aws.amazon.com/zh_tw/AmazonS3/latest/userguide/object-lock.html


Contribute your Thoughts:

Florinda
6 months ago
But wouldn't option A still allow for edits to be made on the data? I think the WORM feature in option B is more suited for this requirement.
upvoted 0 times
...
Doug
6 months ago
I'm leaning towards option A, using AWS KMS encryption on EBS volume seems secure too.
upvoted 0 times
...
Nilsa
6 months ago
I agree with Florinda, option B provides the necessary protection for the audit logs.
upvoted 0 times
...
Florinda
6 months ago
I think option B is the best choice because the vault lock policy ensures the logs cannot be edited.
upvoted 0 times
...
Felton
6 months ago
I think option D is also a good choice. Using multi-factor authentication adds an extra layer of security to prevent unauthorized changes to the logs.
upvoted 0 times
...
Cherry
6 months ago
I agree with user Eleni. Option B seems like the best choice because it specifically mentions write-once, read-many access which ensures the logs cannot be altered.
upvoted 0 times
...
Major
7 months ago
But what about option A? Storing data in an Amazon EBS volume with AWS KMS encryption could also be a good solution, right?
upvoted 0 times
...
Eleni
7 months ago
I think the answer is B. Storing data in Amazon S3 Glacier with WORM access seems like a secure way to protect the logs from edits.
upvoted 0 times
...
Paris
8 months ago
But wait, what about the cost? Glacier is a cheaper storage option, but the retrieval costs might add up if we need to access the logs frequently. Maybe S3 Standard-IA with server-side encryption would be a more cost-effective solution?
upvoted 0 times
...
Arlette
8 months ago
You know, I was thinking the same thing. Glacier with a WORM policy seems like the way to go. That way, the logs can't be tampered with, even by accident.
upvoted 0 times
Beckie
7 months ago
Yes, the WORM policy provides an extra layer of security to prevent any unauthorized changes to the audit logs.
upvoted 0 times
...
Peggie
8 months ago
It's great that there's a clear option to ensure the logs are archived safely for the required period.
upvoted 0 times
...
Nickie
8 months ago
The Glacier vault with a WORM policy is definitely the best solution for long-term and secure storage of the logs.
upvoted 0 times
...
Dominga
8 months ago
Absolutely, it's crucial to maintain the integrity of the audit logs.
upvoted 0 times
...
Alpha
8 months ago
I agree, the WORM policy will ensure the logs are protected from any edits.
upvoted 0 times
...
Isidra
8 months ago
B) Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for write-once, read-many (WORM) access.
upvoted 0 times
...
...
Tayna
8 months ago
Okay, so we're looking for a solution that provides long-term storage and data protection. I'm leaning towards option B, since Glacier's WORM policy sounds perfect for this use case.
upvoted 0 times
...
Shantay
8 months ago
Hmm, this is a tricky one. We need to ensure the logs are protected for 10 years and can't be edited. Let me think this through...
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77