Home › AWS Security › cloudcomputing › scsdatagov › Which Amazon S3 feature enforces WORM (write-onc…
Which Amazon S3 feature enforces WORM (write-once-read-many) data retention to protect logs/backups from deletion — even by an admin — for a configurable retention period?
APublic S3 bucket policy
BS3 Object Lock (Governance + Compliance retention modes)
CDisabling S3 versioning
DAmazon Route 53
Answer & Solution
Correct answer: B. S3 Object Lock (Governance + Compliance retention modes)
S3 Object Lock provides WORM retention (per SCS-C02 §5.2, §5.3). Disabling versioning weakens; public policy exposes data; Route 53 is DNS.
Related questions
Which AWS service helps a security engineer collect evidence for compliance audits — assesWhich AWS service provides a turnkey multi-account landing-zone with guardrails, account fWhich AWS Organization feature lets a security engineer enforce 'deny all use of root userWhich AWS service centrally manages multiple AWS accounts with consolidated billing, SCPs,Which AWS service automatically discovers and classifies sensitive data (PII, financial daWhich AWS feature lets a security engineer enforce 'no S3 bucket can be made public' acrosWhich AWS service lightweight-stores parameters + SecureString secrets, integrated with KMWhich AWS service centrally stores application secrets (DB passwords, API keys, OAuth toke