AWS Certified SAP on AWS – Specialty (PAS-C01) — Question 12

A company’s SAP basis team is responsible for database backups in Amazon S3. The company frequently needs to restore the last 3 months of backups into the pre-production SAP system to perform tests and analyze performance. Previously, an employee accidentally deleted backup files from the S3 bucket. The SAP basis team wants to prevent accidental deletion of backup files in the future.
Which solution will meet these requirements?

Answer options

• A. Create a new resource-based policy that prevents deletion of the S3 bucket.
• B. Enable versioning and multi-factor authentication (MFA) on the S3 bucket.
• C. Create signed cookies for the backup files in the S3 bucket. Provide the signed cookies to authorized users only.
• D. Apply an S3 Lifecycle policy to move the backup files immediately to S3 Glacier.

Correct answer: B

Explanation

The correct answer is B because enabling versioning allows for the preservation of previous versions of files, and MFA adds an additional layer of security, making accidental deletion much less likely. Option A would prevent deletion of the bucket itself but not the files within it. Option C does not address file deletion protection, and Option D is focused on archiving rather than preventing deletion.