AWS Certified Solutions Architect – Associate (SAA-C03) — Question 640

A company wants to back up its on-premises virtual machines (VMs) to AWS. The company's backup solution exports on-premises backups to an Amazon S3 bucket as objects. The S3 backups must be retained for 30 days and must be automatically deleted after 30 days.

Which combination of steps will meet these requirements? (Choose three.)

Answer options

• A. Create an S3 bucket that has S3 Object Lock enabled.
• B. Create an S3 bucket that has object versioning enabled.
• C. Configure a default retention period of 30 days for the objects.
• D. Configure an S3 Lifecycle policy to protect the objects for 30 days.
• E. Configure an S3 Lifecycle policy to expire the objects after 30 days.
• F. Configure the backup solution to tag the objects with a 30-day retention period

Correct answer: A, C, E

Explanation

Enabling S3 Object Lock (A) along with a default retention period of 30 days (C) ensures that the backup objects cannot be deleted or overwritten by any user during the 30-day compliance window. An S3 Lifecycle policy configured to expire objects after 30 days (E) is the correct mechanism to automatically delete the objects once the retention period ends. S3 Lifecycle policies cannot natively 'protect' objects (D), object versioning alone (B) does not prevent deletion, and object tags (F) do not enforce retention locks.