A company uses Amazon S3 to store confidential audit documents. The S3 bucket uses bucket policies that restrict access to the audit team IAM user credentials according to least privilege. Managers worry about accidental deletion of documents and want a more secure solution. What should a solutions architect do to secure the audit documents?
Choose an answer
Tap an option to check your answer.
Correct answer: Enable the versioning and MFA Delete features on the S3 bucket..
Why this is the answer
Enabling versioning on the S3 bucket protects against accidental deletion or overwrites by keeping multiple versions of an object. If an object is deleted, previous versions can be restored. MFA Delete adds an extra layer of security by requiring multi-factor authentication for permanent object deletion or suspension of versioning. This prevents unauthorized or accidental permanent data loss, addressing the managers' concern about accidental deletion. Enabling MFA on IAM user credentials (option 2) enhances login security but doesn't prevent a logged-in user from accidentally deleting objects. An S3 Lifecycle policy (option 3) is for managing object transitions or expirations, not for denying specific actions based on dates for individual users. Restricting access to a KMS key (option 4) would prevent the audit team from accessing the encrypted documents, which is counterproductive.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed