Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 679 discussion

This is a good example for a completely non-sense AWS exam question. In order to delete the object like requested in the question you need (E). This is required in either versioned or non-versioned buckets. Basically the task is done here. But let's assume we want to make it extra secure and retain the files for 30 days. Then we need object lock (A). You cannot have object lock without versioning (B). You also need to set a retention period then (C). So you either have A,B,C,E or you have E. Choosing exactly 3 options is completely nonsense here. But what do i know.

In theory, E alone would be enough because the objects are "retained for 30 days" without any configuration as long as no one deletes them. But let's assume that they want us to prevent deletion. A: Yes, required to prevent deletion. Object Lock requires Versioning, so if we 'create an S3 bucket that has S3 Object Lock enabled' that this also has object versioning enabled, otherwise we would not be able to create it. B: No. We need versioning, but we cannot "create" the bucket twice. If we create it "with object lock enabled" then versioning is enabled too, but NOT the other way round (creating it with versioning enabled will not automatically enable object lock).

To manage the lifecycle of your objects, create an S3 Lifecycle configuration for your bucket. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions: • Transition actions – These actions define when objects transition to another storage class. For example, you might choose to transition objects to the S3 Standard-IA storage class 30 days after creating them, or archive objects to the S3 Glacier Flexible Retrieval storage class one year after creating them. • • Expiration actions – These actions define when objects expire. Amazon S3 deletes expired objects on your behalf. For example, you might to choose to expire objects after they have been stored for a regulatory compliance period.

C is not right becasue A standard S3 object has no default retention period, meaning it can be deleted at any time unless you specifically configure a retention period using the "S3 Object Lock" feature, which allows you to set a custom retention period for individual objects or an entire bucket, with the minimum retention period being one day, B is right because you have to do it , it does not matter you have to do it to lock a object or do it yourself. D is a general description of action A.

For enabling S3 object lock we need to enable Bucket versioning.. SO and must be ABE

"Object Lock works only in buckets that have S3 Versioning enabled" However, we can't have 2 options (A and B) telling to create the bucket. So, A is only possible if versioning is already enabled. We need retention period (C), since this is not a case for legal holds: "Object Lock provides two ways to manage object retention: retention periods and legal holds." E - obvious reasons. Ref. https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html

this is shit

1- The S3 backups must be retained for 30 days --> For that you must enable S3 Object Lock (versioning must be enabled) in Compliance Mode and set Retention Period to 30 days. Thus, to achieve this you need 3 options <A, B and C> 2- The S3 backups must be automatically deleted after 30 days. --> For that you must Create Lifecycle Rule with action Expire current versions of objects (versioning must be enabled) and set Expiration Period to 30 days. Thus to achieve this you need 2 options <B and E> <B> is a must here as both locking the objects and deleting them can't be achieved without it. But, when choosing "A.Create an S3 bucket that has S3 Object Lock enabled." this explicitly indicated that versioning is enabled in your bucket.

B: No versioning is required D: Lifecycle is for transitioning or expiring. There is no protection lifecycle policy F: No such tag Enable object lock, retain for 30 days (https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-retention-date.html) and expire after 30 days.

ABE -> https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html A. Create an S3 bucket that has S3 Object Lock enabled. -> You set a Retention period of 30 days with this feature. B. Create an S3 bucket that has object versioning enabled -> Object Lock works only in buckets that have S3 Versioning enabled E. Configure an S3 Lifecycle policy to expire the objects after 30 days. -> It is valid using the lifecicle policy.

ACE is the correct ans.

ADE should be correct

Correct Answer is A C E

A. Create an S3 bucket that has S3 Object Lock enabled. S3 Object Lock provides the ability to enforce retention periods on objects, preventing deletion or modification for a specified duration. D. Configure an S3 Lifecycle policy to protect the objects for 30 days. By configuring a lifecycle policy, you can define a transition action to move objects to the S3 Glacier storage class (or any other storage class) after 30 days. E. Configure an S3 Lifecycle policy to expire the objects after 30 days.