A company has an Amazon S3 bucket that contains critical data. The company must protect the data from accidental deletion.
Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
A company has an Amazon S3 bucket that contains critical data. The company must protect the data from accidental deletion.
Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
To protect critical data in an Amazon S3 bucket from accidental deletion, a solutions architect should enable versioning and multifactor authentication (MFA) delete. Enabling versioning ensures that multiple versions of an object are stored in the bucket. Hence, even if an object is deleted by mistake, its previous versions are retained, allowing for recovery. Enabling MFA Delete adds an additional layer of protection by requiring MFA authentication when attempting to delete objects, ensuring that any deletion is deliberate and not accidental. Implementing these steps helps mitigate the risk of accidental deletions effectively.
The correct solution is AB, as you can see here: https://aws.amazon.com/it/premiumsupport/knowledge-center/s3-audit-deleted-missing-objects/ It states the following: To prevent or mitigate future accidental deletions, consider the following features: Enable versioning to keep historical versions of an object. Enable Cross-Region Replication of objects. Enable MFA delete to require multi-factor authentication (MFA) when deleting an object version.
but it could be C you could use 's3:deleteobject" permission without specific conditions or restricts only to authorized users. B does the same thing tho but B is mainly used to restrict unauthroized access not deletion. does anyone agree. I think it is A and C or A & B
Enabling versioning on S3 ensures multiple versions of object are stored in bucket. When object is updated or deleted, new version is created, preserving previous version. Enabling MFA Delete adds additional layer of protection by requiring MFA device to be present when attempting to delete objects. This helps prevent accidental or unauthorized deletions by requiring extra level of authentication. C. Creating a bucket policy on S3 is more focused on defining access control and permissions for bucket and its objects, rather than protecting against accidental deletion. D. Enabling default encryption on S3 ensures that any new objects uploaded to bucket are automatically encrypted. While encryption is important for data security, it does not directly address accidental deletion. E. Creating lifecycle policy for objects in S3 allows for automated management of objects based on predefined rules. While this can help with data retention and storage cost optimization, it does not directly protect against accidental deletion.
but it could be C you could use 's3:deleteobject" permission without specific conditions or restricts only to authorized users. B does the same thing tho but B is mainly used to restrict unauthroized access not deletion. does anyone agree. I think it is A and C or A & B
AB will be the correct answer.
I am getting so confused about what answers I should study. The answers don't match here or in ChatGPT. Can anyone who just took the exam, and passed, point me in the right direction? TIA!
chatgpt will help you only if you gave correct prompt.
yea chatgpt said A and C it does make sense. Cause B is mainly used for unauthroized access not deletion. idk this website and certlibrary give some interesting answers makes it hard to know but some questions are difficult
Agree, s3 encryption does not prevent deletion
To protect data from accidental deletion, the correct answers are B and D. Versioning does not prevent accidental deletion; it only allows for recovery after the fact. Multi-Factor Authentication (MFA) helps prevent accidental deletion by requiring an additional confirmation step before deletion, making it deliberate rather than accidental. Option D, which involves encryption, ensures that only individuals with the encryption keys can read or manipulate the data, thus preventing unauthorized access and manipulation, including deletion.
you do realised B and D are only to stop unauthroized people from deleting it and if they did delete it would be on purpose to cause issues for a business. it says accidental id say A and C. idk the questions worded poorly dont trust half the answers on here
but it could be C you could use 's3:deleteobject" permission without specific conditions or restricts only to authorized users. B does the same thing tho but B is mainly used to restrict unauthroized access not deletion. does anyone agree. I think it is A and C or A & B. A allows multiple versions of objects to be stored in the bucket. Even if an object is deleted, its previous versions remain intact and accessible. idk the questions weird i could see how it could be all of them except D & E
BD. For D, When you encrypt data, an unauthorized user (without the encryption key) cannot manipulate the data (ie. decryption, modifying, deletion).
This could be done if we enable MFA delete on the bucket but in order to enable this bucket versioning must be done. Hence A and B would be the answer.
but it could be C you could use 's3:deleteobject" permission without specific conditions or restricts only to authorized users. B does the same thing tho but B is mainly used to restrict unauthroized access not deletion. does anyone agree. I think it is A and C or A & B
B: MFA to put an extra step to verify deletion and stop from accidental deletion A: Versioning for recovery of objects that were deleted accidentally even with MFA Remember, the solution is not required to STOP from deletion. It just wants to STOP ACCIDENTAL deletion. CDE offer nothing related to accidental deletion
Not sure why Answer is BD. I am trying to rationalize it. What I guess could be to address keyword "critical data" where set default encryption is just enhance the security of stored data but does not prevent from deletion. This will be have 2 options A, B for that. B is make sense to ensure user know what to delete on second layer. For option A, it just help you to audit and recovered what was accidentally deleted but does not "prevent" accidentally delete.
Yeah so.. encryption is enabled by default on S3, sooooo why is the answer D. --------- Starting today, Amazon Simple Storage Service (Amazon S3) encrypts all new objects by default. Now, S3 automatically applies server-side encryption (SSE-S3) for each new object, unless you specify a different encryption option.
What's the correct answers?
I would say A & C
Prevent accidental deletion - MFA, Versioning
MFA will add extra security of deleting item from s3 Versioning will make the data recovering
A) https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite. For example, if you delete an object, Amazon S3 inserts a delete marker instead of removing the object permanently. The delete marker becomes the current object version. If you overwrite an object, it results in a new object version in the bucket. You can always restore the previous version B) https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html
A - object must be versioned, so multiple uploads won't cause data loss C - even though objects are version you have to specify deny policy for delete actions on bucket level to ensure they can't be deleted B - MFA helps with authentication, doesn't protect if user has permission to delete
You're asked to prevent ACCIDENTAL deletion, not deletion.
but B is literally just meant for unauthorized action think about it you said ACCIDENTAL. unauthorized people would purposely delete it
thought the same thing i think the questions is pre hard especially answers i went with AC
https://aws.amazon.com/it/premiumsupport/knowledge-center/s3-audit-deleted-missing-objects/