Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 89 discussion

Same as Question #44

A is the correct answer.

Accidental deletion is the key. Deletion is allowed but MFA deletion ensures that deletion requires an additional step. https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html

Enable the versioning to ensure restoration in case of accidental deletion and MFA Delete for double verification before deletion.

Versioning will keep multiple variants of an object in case one is accidentally or intentionally deleted - the previous versions can still be restored. MFA Delete requires additional authentication to permanently delete an object version. This prevents accidental deletion

B. Enabling MFA on the IAM user credentials adds an extra layer of security to the user authentication process. However, it does not specifically address the concern of accidental deletion of documents in the S3 bucket. C. Adding an S3 Lifecycle policy to deny the delete action during audit dates would prevent intentional deletions during specific time periods. However, it does not address accidental deletions that can occur at any time. D. Using KMS for encryption and restricting access to the KMS key provides additional security for the data stored in the S3 . However, it does not directly prevent accidental deletion of documents in the S3. Enabling versioning and MFA Delete on the S3 (option A) is the most appropriate solution for securing the audit documents. Versioning ensures that multiple versions of the documents are stored, allowing for easy recovery in case of accidental deletions. Enabling MFA Delete requires the use of multi-factor authentication to authorize deletion actions, adding an extra layer of protection against unintended deletions.

A is answer.

A is answer.

A is correct.

only accidental deletion should be avoided. IAM policy will completely remove their access.hence, MFA is the right choice.

what about : IAM policies are used to specify permissions for AWS resources, and they can be used to allow or deny specific actions on those resources. { "Version": "2012-10-17", "Statement": [ { "Sid": "DenyDeleteObject", "Effect": "Deny", "Action": "s3:DeleteObject", "Resource": [ "arn:aws:s3:::my-bucket/my-object", "arn:aws:s3:::my-bucket" ] } ] }

The solution architect should do Option A: Enable the versioning and MFA Delete features on the S3 bucket. This will secure the audit documents by providing an additional layer of protection against accidental deletion. With versioning enabled, any deleted or overwritten objects in the S3 bucket will be preserved as previous versions, allowing the company to recover them if needed. With MFA Delete enabled, any delete request made to the S3 bucket will require the use of an MFA code, which provides an additional layer of security.

A is the right answer

A is correct

Enable the versioning and MFA Delete features on the S3 bucket.