Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 679 discussion

This is a good example for a completely non-sense AWS exam question. In order to delete the object like requested in the question you need (E). This is required in either versioned or non-versioned buckets. Basically the task is done here. But let's assume we want to make it extra secure and retain the files for 30 days. Then we need object lock (A). You cannot have object lock without versioning (B). You also need to set a retention period then (C). So you either have A,B,C,E or you have E. Choosing exactly 3 options is completely nonsense here. But what do i know.

"Object Lock works only in buckets that have S3 Versioning enabled" However, we can't have 2 options (A and B) telling to create the bucket. So, A is only possible if versioning is already enabled. We need retention period (C), since this is not a case for legal holds: "Object Lock provides two ways to manage object retention: retention periods and legal holds." E - obvious reasons. Ref. https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html

this is shit

1- The S3 backups must be retained for 30 days --> For that you must enable S3 Object Lock (versioning must be enabled) in Compliance Mode and set Retention Period to 30 days. Thus, to achieve this you need 3 options <A, B and C> 2- The S3 backups must be automatically deleted after 30 days. --> For that you must Create Lifecycle Rule with action Expire current versions of objects (versioning must be enabled) and set Expiration Period to 30 days. Thus to achieve this you need 2 options <B and E> <B> is a must here as both locking the objects and deleting them can't be achieved without it. But, when choosing "A.Create an S3 bucket that has S3 Object Lock enabled." this explicitly indicated that versioning is enabled in your bucket.

B: No versioning is required D: Lifecycle is for transitioning or expiring. There is no protection lifecycle policy F: No such tag Enable object lock, retain for 30 days (https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-retention-date.html) and expire after 30 days.

In theory, E alone would be enough because the objects are "retained for 30 days" without any configuration as long as no one deletes them. But let's assume that they want us to prevent deletion. A: Yes, required to prevent deletion. Object Lock requires Versioning, so if we 'create an S3 bucket that has S3 Object Lock enabled' that this also has object versioning enabled, otherwise we would not be able to create it. B: No. We need versioning, but we cannot "create" the bucket twice. If we create it "with object lock enabled" then versioning is enabled too, but NOT the other way round (creating it with versioning enabled will not automatically enable object lock).

ABE -> https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html A. Create an S3 bucket that has S3 Object Lock enabled. -> You set a Retention period of 30 days with this feature. B. Create an S3 bucket that has object versioning enabled -> Object Lock works only in buckets that have S3 Versioning enabled E. Configure an S3 Lifecycle policy to expire the objects after 30 days. -> It is valid using the lifecicle policy.

ACE is the correct ans.

ADE should be correct

Correct Answer is A C E

A. Create an S3 bucket that has S3 Object Lock enabled. S3 Object Lock provides the ability to enforce retention periods on objects, preventing deletion or modification for a specified duration. D. Configure an S3 Lifecycle policy to protect the objects for 30 days. By configuring a lifecycle policy, you can define a transition action to move objects to the S3 Glacier storage class (or any other storage class) after 30 days. E. Configure an S3 Lifecycle policy to expire the objects after 30 days.