ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 731 discussion

Exam question from Amazon's AWS-SysOps
Question #: 731
Topic #: 1
[All AWS-SysOps Questions]

A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.
What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?

  • A. Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.
  • B. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
  • C. Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.
  • D. Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
by suba1234 at May 26, 2020, 1:41 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MrKhan
Highly Voted 2 years, 7 months ago
B is the correct answer, as in A only MFA delete but still bucket can be deleted.
upvoted 10 times
AWSum1
2 years, 7 months ago
I agree. MFA delete is just another obstacle in deleting the bucket, but would still allow for deletion if the MFA details are in possession. Correct answer is B
upvoted 1 times
...
...
albert_kuo
Most Recent 9 months, 3 weeks ago
Selected Answer: B
Service control policies (SCPs) are a feature of AWS Organizations that allow you to set fine-grained permissions and restrictions across multiple AWS accounts. By creating an SCP and attaching it to the production accounts, you can deny the specific action of deleting S3 buckets (s3:DeleteBucket). This prevents any user or role within the production accounts from deleting S3 buckets, ensuring the buckets remain intact.
upvoted 1 times
...
RicardoD
2 years, 6 months ago
B is the answer Service control policy is the way to deny any possibility for a bucket to be deleted
upvoted 1 times
...
abhishek_m_86
2 years, 6 months ago
B. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
upvoted 1 times
...
jackdryan
2 years, 6 months ago
I'll go with B
upvoted 1 times
...
MFDOOM
2 years, 6 months ago
B. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
upvoted 1 times
...
tifoz
2 years, 6 months ago
Question #141
upvoted 1 times
...
KhatriRocks
2 years, 6 months ago
B: Simplest: https://docs.aws.amazon.com/appstream2/latest/developerguide/s3-iam-policy.html
upvoted 2 times
...
allsitesmember
2 years, 6 months ago
repeated
upvoted 2 times
...
jpt2353
2 years, 7 months ago
Answer is B. MFA Delete only prevents accidental deletion, but you can still delete it. In the question, it asks that NOONE should be allowed to to delete the S3 bucket.
upvoted 4 times
...
Jichu
2 years, 7 months ago
MFA Delete only protects the object within the bucket from deletion, not the bucket itself. So B should be the answer
upvoted 1 times
...
Bad_Mat
2 years, 7 months ago
Answer B it says, buckets can't be deleted in production account only, not any buckets
upvoted 2 times
...
gretch
2 years, 7 months ago
A https://d0.awsstatic.com/whitepapers/protecting-s3-against-object-deletion.pdf
upvoted 1 times
...
suba1234
2 years, 7 months ago
Answer should be A
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago