AWS Certified Solutions Architect – Associate (SAA-C02) — Question 362

A company has an Amazon S3 bucket that contains mission-critical data. The company wants to ensure this data is protected from accidental deletion. The data should still be accessible, and a user should be able to delete the data intentionally.
Which combination of steps should a solutions architect take to accomplish this? (Choose two.)

Answer options

• A. Enable versioning on the S3 bucket.
• B. Enable MFA Delete on the S3 bucket.
• C. Create a bucket policy on the S3 bucket.
• D. Enable default encryption on the S3 bucket.
• E. Create a lifecycle policy for the objects in the S3 bucket.

Correct answer: A, B

Explanation

Enabling versioning on the S3 bucket ensures that older versions of objects are preserved when they are overwritten or deleted, protecting against accidental deletion. To add an extra layer of security for intentional deletions, enabling MFA Delete requires multi-factor authentication to permanently delete any object version or change the bucket's versioning state. Bucket policies, default encryption, and lifecycle policies do not natively provide this combined protection against accidental deletion while still allowing intentional MFA-authorized deletions.