AWS Certified SysOps Administrator Practice Exam

What is the recommended way to store conversation archives with protection from tampering?

• A. Store archives in standard S3
• B. Keep archives in AWS Backup
• C. Store archives in Glacier with a vault lock policy
• D. Use EBS for archival storage

The correct answer is: Store archives in Glacier with a vault lock policy

Storing conversation archives with protection from tampering is crucial for maintaining the integrity and confidentiality of sensitive data. The most recommended way to achieve this is by using Glacier with a vault lock policy. Amazon S3 Glacier is designed for long-term data archiving and is cost-effective for storing large amounts of data that are infrequently accessed. When combined with a vault lock policy, it provides an added layer of security, ensuring that the retrieval and deletion policies for the data cannot be altered, even by administrators. This lock prevents any unauthorized changes, thereby protecting the integrity of the archived data against tampering or accidental deletion. In contrast, standard S3 storage does not have the same level of tamper protection as Glacier with a vault lock. While S3 does offer data coding and access controls, it lacks the immutable feature that Glacier provides, which is essential for ensuring data integrity for regulatory compliance or security needs. Using AWS Backup, while useful for managing backup services across other AWS resources, does not specifically cater to archival storage with tamper-proofing features in the same way that Glacier does. Using EBS for archival storage is generally not advisable because EBS volumes are primarily for block storage with a focus on performance for running instances, not intended for long-term