Amazon Exam BDS-C00 Topic 2 Question 86 Discussion

Actual exam question for Amazon's BDS-C00 exam

Question #: 86
Topic #: 2

A systems engineer for a company proposes digitalization and backup of large archives for customers. The systems engineer needs to provide users with a secure storage that makes sure that data will never be tempered with once it has been uploaded. How should this be accomplished?

ACreate an Amazon Glacier Vault. Specify a ''Deny'' Vault lock policy on this vault to block
''glacier:DeleteArchive''.

BCreate an Amazon S3 bucker. Specify a ''Deny'' bucket policy on this bucket to block
''s3:DeleteObject''.

CCreate an Amazon Glacier Vault. Specify a ''Deny'' vault access policy on this Vault to block
''glacier:DeleteArchive''.

DCreate a secondary AWS containing an Amazon S3 bucket. Grant ''s3:PutObject'' to the primary account.

Show Suggested Answer

Suggested Answer: A, B, D

by Kerry at Feb 11, 2024, 01:41 PM

Limited Time Offer

25%

Off

Get Premium BDS-C00 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Vallie

8 days ago

Creating a secondary AWS account just to grant PutObject permissions? That's a bit overkill, don't you think?

upvoted 0 times

...

Winfred

11 days ago

Hmm, the S3 bucket option sounds simpler, but a Deny bucket policy might not be as foolproof as the Glacier Vault.

upvoted 0 times

...

Tien

18 days ago

A Glacier Vault with a Deny Vault lock policy is the way to go. That'll make sure those archives are locked down tight!

upvoted 0 times

Pearly

5 days ago

A) Create an Amazon Glacier Vault. Specify a ''Deny'' Vault lock policy on this vault to block ''glacier:DeleteArchive''.

upvoted 0 times

...

Lynda

22 days ago

I see your point, but I still think option A is better because Glacier Vaults are specifically designed for long-term archival storage.

upvoted 0 times

...

Laurene

23 days ago

I disagree, I believe option B is more secure. By using an S3 bucket with a 'Deny' bucket policy, we can block deletion of objects.

upvoted 0 times

...

Lynda

28 days ago

I think option A is the best choice because using a Glacier Vault with a 'Deny' Vault lock policy will prevent deletion of archives.

upvoted 0 times

...