Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 44 discussion

The correct solution is AB, as you can see here: https://aws.amazon.com/it/premiumsupport/knowledge-center/s3-audit-deleted-missing-objects/ It states the following: To prevent or mitigate future accidental deletions, consider the following features: Enable versioning to keep historical versions of an object. Enable Cross-Region Replication of objects. Enable MFA delete to require multi-factor authentication (MFA) when deleting an object version.

Enabling versioning on S3 ensures multiple versions of object are stored in bucket. When object is updated or deleted, new version is created, preserving previous version. Enabling MFA Delete adds additional layer of protection by requiring MFA device to be present when attempting to delete objects. This helps prevent accidental or unauthorized deletions by requiring extra level of authentication. C. Creating a bucket policy on S3 is more focused on defining access control and permissions for bucket and its objects, rather than protecting against accidental deletion. D. Enabling default encryption on S3 ensures that any new objects uploaded to bucket are automatically encrypted. While encryption is important for data security, it does not directly address accidental deletion. E. Creating lifecycle policy for objects in S3 allows for automated management of objects based on predefined rules. While this can help with data retention and storage cost optimization, it does not directly protect against accidental deletion.

c: won't be able to delete anyhting d: doesn't change anything e: baseless

AB is the correct solution here as we need MFA delete for making the deletion process inevitable and also we need S3 bucket versioning for MFA delete.

To protect critical data in an S3 bucket from accidental deletion, these two features provide robust safeguards: A. Enable versioning on the S3 bucket: Versioning allows the bucket to maintain multiple versions of an object. Even if an object is accidentally deleted, the previous version can be restored, ensuring data recovery. B. Enable MFA Delete on the S3 bucket: MFA Delete adds an additional layer of security by requiring multi-factor authentication for deletion operations. This prevents accidental or unauthorized deletions.

To protect critical data in an Amazon S3 bucket from accidental deletion, a solutions architect should take the following steps: Enable versioning on the S3 bucket: This allows you to recover objects that are accidentally deleted or overwritten by keeping multiple versions of an object. Enable MFA Delete on the S3 bucket: This adds an extra layer of security by requiring multi-factor authentication (MFA) for delete operations, which helps prevent accidental or unauthorized deletions

Ans A,B - as per 'kwabsAA' 2 months ago "To protect data from accidental deletion, the correct answers are B and D. Versioning does not prevent accidental deletion; it only allows for recovery after the fact. Multi-Factor Authentication (MFA) helps prevent accidental deletion by requiring an additional confirmation step before deletion, making it deliberate rather than accidental. Option D, which involves encryption, ensures that only individuals with the encryption keys can read or manipulate the data, thus preventing unauthorized access and manipulation, including deletion."

encryption will not prevent accidental deletions

To protect data from accidental deletion, the correct answers are B and D. Versioning does not prevent accidental deletion; it only allows for recovery after the fact. Multi-Factor Authentication (MFA) helps prevent accidental deletion by requiring an additional confirmation step before deletion, making it deliberate rather than accidental. Option D, which involves encryption, ensures that only individuals with the encryption keys can read or manipulate the data, thus preventing unauthorized access and manipulation, including deletion.

BD. For D, When you encrypt data, an unauthorized user (without the encryption key) cannot manipulate the data (ie. decryption, modifying, deletion).

AB will be the correct answer.

This could be done if we enable MFA delete on the bucket but in order to enable this bucket versioning must be done. Hence A and B would be the answer.

I am getting so confused about what answers I should study. The answers don't match here or in ChatGPT. Can anyone who just took the exam, and passed, point me in the right direction? TIA!

B: MFA to put an extra step to verify deletion and stop from accidental deletion A: Versioning for recovery of objects that were deleted accidentally even with MFA Remember, the solution is not required to STOP from deletion. It just wants to STOP ACCIDENTAL deletion. CDE offer nothing related to accidental deletion

Not sure why Answer is BD. I am trying to rationalize it. What I guess could be to address keyword "critical data" where set default encryption is just enhance the security of stored data but does not prevent from deletion. This will be have 2 options A, B for that. B is make sense to ensure user know what to delete on second layer. For option A, it just help you to audit and recovered what was accidentally deleted but does not "prevent" accidentally delete.

Agree, s3 encryption does not prevent deletion

Yeah so.. encryption is enabled by default on S3, sooooo why is the answer D. --------- Starting today, Amazon Simple Storage Service (Amazon S3) encrypts all new objects by default. Now, S3 automatically applies server-side encryption (SSE-S3) for each new object, unless you specify a different encryption option.