Comprehensive and Detailed Step-by-Step Explanation:
The requirement is toprevent data deletion by any user, including administrators, for 7 years while allowing automatic deletion afterward.
S3 Object Lock in Compliance Mode (Correct Choice - C)
Compliance mode ensures that even the root user cannot delete or modify the objects during the retention period.
After 7 years, the S3 Lifecycle policy automatically deletes the objects.
This meets bothimmutability and automatic deletionrequirements.
Governance Mode (Option B - Incorrect)
Governance mode prevents deletion,but administrators can override it.
The requirement explicitly states thateven administrators must not be able to delete the data.
S3 Bucket Policy (Option A - Incorrect)
An S3 bucket policy candeny deletes, but policies can be modified at any time by administrators.
It does not enforce strict retention like Object Lock.
S3 Batch Operations Job (Option D - Incorrect)
A legal hold does not have an automatic expiration.
Legal holds must be manually removed, which is not efficient.
Why Option C is Correct:
S3 Object Lock in Compliance Mode prevents deletion by all users, including administrators.
The S3 Lifecycle policy deletes the data automatically after 7 years, reducing operational overhead.
Submit