Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 44 discussion

The correct solution is AB, as you can see here: https://aws.amazon.com/it/premiumsupport/knowledge-center/s3-audit-deleted-missing-objects/ It states the following: To prevent or mitigate future accidental deletions, consider the following features: Enable versioning to keep historical versions of an object. Enable Cross-Region Replication of objects. Enable MFA delete to require multi-factor authentication (MFA) when deleting an object version.

Enabling versioning on S3 ensures multiple versions of object are stored in bucket. When object is updated or deleted, new version is created, preserving previous version. Enabling MFA Delete adds additional layer of protection by requiring MFA device to be present when attempting to delete objects. This helps prevent accidental or unauthorized deletions by requiring extra level of authentication. C. Creating a bucket policy on S3 is more focused on defining access control and permissions for bucket and its objects, rather than protecting against accidental deletion. D. Enabling default encryption on S3 ensures that any new objects uploaded to bucket are automatically encrypted. While encryption is important for data security, it does not directly address accidental deletion. E. Creating lifecycle policy for objects in S3 allows for automated management of objects based on predefined rules. While this can help with data retention and storage cost optimization, it does not directly protect against accidental deletion.

Ans A,B - as per 'kwabsAA' 2 months ago "To protect data from accidental deletion, the correct answers are B and D. Versioning does not prevent accidental deletion; it only allows for recovery after the fact. Multi-Factor Authentication (MFA) helps prevent accidental deletion by requiring an additional confirmation step before deletion, making it deliberate rather than accidental. Option D, which involves encryption, ensures that only individuals with the encryption keys can read or manipulate the data, thus preventing unauthorized access and manipulation, including deletion."

encryption will not prevent accidental deletions

To protect data from accidental deletion, the correct answers are B and D. Versioning does not prevent accidental deletion; it only allows for recovery after the fact. Multi-Factor Authentication (MFA) helps prevent accidental deletion by requiring an additional confirmation step before deletion, making it deliberate rather than accidental. Option D, which involves encryption, ensures that only individuals with the encryption keys can read or manipulate the data, thus preventing unauthorized access and manipulation, including deletion.

BD. For D, When you encrypt data, an unauthorized user (without the encryption key) cannot manipulate the data (ie. decryption, modifying, deletion).

AB will be the correct answer.

This could be done if we enable MFA delete on the bucket but in order to enable this bucket versioning must be done. Hence A and B would be the answer.

I am getting so confused about what answers I should study. The answers don't match here or in ChatGPT. Can anyone who just took the exam, and passed, point me in the right direction? TIA!

B: MFA to put an extra step to verify deletion and stop from accidental deletion A: Versioning for recovery of objects that were deleted accidentally even with MFA Remember, the solution is not required to STOP from deletion. It just wants to STOP ACCIDENTAL deletion. CDE offer nothing related to accidental deletion

Not sure why Answer is BD. I am trying to rationalize it. What I guess could be to address keyword "critical data" where set default encryption is just enhance the security of stored data but does not prevent from deletion. This will be have 2 options A, B for that. B is make sense to ensure user know what to delete on second layer. For option A, it just help you to audit and recovered what was accidentally deleted but does not "prevent" accidentally delete.

Agree, s3 encryption does not prevent deletion

Yeah so.. encryption is enabled by default on S3, sooooo why is the answer D. --------- Starting today, Amazon Simple Storage Service (Amazon S3) encrypts all new objects by default. Now, S3 automatically applies server-side encryption (SSE-S3) for each new object, unless you specify a different encryption option.

What's the correct answers？

Prevent accidental deletion - MFA, Versioning

MFA will add extra security of deleting item from s3 Versioning will make the data recovering

A) https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite. For example, if you delete an object, Amazon S3 inserts a delete marker instead of removing the object permanently. The delete marker becomes the current object version. If you overwrite an object, it results in a new object version in the bucket. You can always restore the previous version B) https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html