Exam 312-39 Topic 7 Question 20 Discussion

Cloud storage best meets long-term log archival requirements when the priorities are scalability, encryption, durability, and accessibility. From a SOC and compliance standpoint, log volume growth is predictable and often spikes during incidents; cloud storage provides elastic scale without the operational overhead of continuously expanding on-prem capacity. Encryption at rest and in transit is typically standard in cloud storage services, supporting confidentiality requirements for regulated data. Cloud storage also supports lifecycle management (hot to cool/archive tiers), retention policies, and immutability options that help preserve evidentiary integrity for investigations and audits. Local storage is limited by physical capacity, increases risk of single-site failure, and becomes costly to scale and maintain for multi-year retention.
"Distributed" and "hybrid" can be viable architectures, but they are broader design patterns rather than a direct fit to the stated requirements; distributed systems still require significant operational management, and hybrid introduces complexity around governance and residency unless explicitly required. Given the need for scalable, encrypted, long-term archival that remains accessible for SOC analytics and audits, cloud storage is the most appropriate option in this question's context.