ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 57 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 57
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A solutions architect is implementing a document review application using an Amazon S3 bucket for storage. The solution must prevent an accidental deletion of the documents and ensure that all versions of the documents are available. Users must be able to download, modify, and upload documents.
Which combination of actions should be taken to meet these requirements? (Choose two.)

  • A. Enable a read-only bucket ACL.
  • B. Enable versioning on the bucket.
  • C. Attach an IAM policy to the bucket.
  • D. Enable MFA Delete on the bucket.
  • E. Encrypt the bucket using AWS KMS.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
Object Versioning -
[1]
(version 222222) in a single bucket. S3 Versioning protects you from the consequences of unintended overwrites and deletions. You can also use it to archive objects so that you have access to previous versions.
To customize your data retention approach and control storage costs, use object versioning with Object lifecycle management. For information about creating S3
Lifecycle policies using the AWS Management Console, see How Do I Create a Lifecycle Policy for an S3 Bucket? in the Amazon Simple Storage Service Console
User Guide.
If you have an object expiration lifecycle policy in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle policy will manage the deletes of the noncurrent object versions in the version-enabled bucket. (A version-enabled bucket maintains one current and zero or more noncurrent object versions.)
You must explicitly enable S3 Versioning on your bucket. By default, S3 Versioning is disabled. Regardless of whether you have enabled Versioning, each object in your bucket has a version ID. If you have not enabled Versioning, Amazon S3 sets the value of the version ID to null. If S3 Versioning is enabled, Amazon S3 assigns a version ID value for the object. This value distinguishes it from other versions of the same key.
Enabling and suspending versioning is done at the bucket level. When you enable versioning on an existing bucket, objects that are already stored in the bucket are unchanged. The version IDs (null), contents, and permissions remain the same. After you enable S3 Versioning for a bucket, each object that is added to the bucket gets a version ID, which distinguishes it from other versions of the same key.
Only Amazon S3 generates version IDs, and they can't be edited. Version IDs are Unicode, UTF-8 encoded, URL-ready, opaque strings that are no more than
1,024 bytes long. The following is an example: 3/L4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo.

Using MFA delete -
If a bucket's versioning configuration is MFA Deleteג€"enabled, the bucket owner must include the x-amz-mfa request header in requests to permanently delete an object version or change the versioning state of the bucket. Requests that include x-amz-mfa must use HTTPS. The header's value is the concatenation of your authentication device's serial number, a space, and the authentication code displayed on it. If you do not include this request header, the request fails.
Reference:
https://aws.amazon.com/s3/features/
https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectVersioning.html https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html
by frizzo at June 3, 2020, 1:14 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
frizzo
Highly Voted 3 years, 8 months ago
B & D are correct.
upvoted 64 times
aguy9
3 years, 7 months ago
Yes B and D are correct
upvoted 3 times
...
HelloItsMeSr
3 years, 8 months ago
To prevent or mitigate future accidental deletions, consider the following features: Enable versioning to keep historical versions of an object. Enable cross-region replication of objects. Enable MFA Delete to require multi-factor authentication (MFA) when deleting an object version.
upvoted 12 times
ARP007
3 years, 8 months ago
Agree, Using MFA-protected S3 buckets will enable an extra layer of protection to ensure that the S3 objects (files) cannot be accidentally or intentionally deleted by the AWS users that have access to the buckets. Note: Only the bucket owner that is logged in as AWS root account can enable MFA Delete feature and perform DELETE actions on S3 buckets.
upvoted 3 times
...
...
...
DK2
Highly Voted 3 years, 8 months ago
B and C for me.
upvoted 13 times
[Removed]
3 years, 8 months ago
Why not C for this question is that the documentation states explicitly that MFA Delete is to prevent accidental deletion which is a part of the question.
upvoted 1 times
MoNay
3 years, 7 months ago
I would say “accidental “ is the keyword here, if The question said “prevent deletion“ then a policy would be better than MFA delete.
upvoted 4 times
...
...
plaster
3 years, 7 months ago
correct Versioning for first part then https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/
upvoted 1 times
...
...
bishop7187
Most Recent 1 year, 8 months ago
Selected Answer: BD
- ensure all the versions of the document are available: Enable Versioning - prevent accidental deletion: Enable MFA Delete
upvoted 1 times
...
dblacksmith
2 years, 3 months ago
these requirements Permissions (modify, upload....) and accidental deletion (MFA ) C,D
upvoted 1 times
tinhngo
1 year, 7 months ago
C should be eliminated because we can't directly attach an IAM policy to an S3 bucket. IAM policy is not bucket policies.
upvoted 1 times
...
...
vincentfer
2 years, 6 months ago
Selected Answer: CD
C: about the permissions applied to the bucket.| D: Security applied to prevent accidental deletion.
upvoted 2 times
...
welcomeYM
2 years, 9 months ago
Selected Answer: BD
BDBDBD
upvoted 1 times
...
jyrajan69
2 years, 10 months ago
2 key items, first to prevent accidental deletion, for this it must be D. Then there is the requirement to upload, download and modify, which can be done with a policy, so C Therefore must be CD
upvoted 1 times
...
Sharan_25_v
3 years, 4 months ago
Both 220 and 221 are having same answeres with almost identical questions with just few twists in question
upvoted 2 times
...
herohiro
3 years, 7 months ago
Could be B, C & E?
upvoted 2 times
...
Vibes
3 years, 7 months ago
B & D are correct
upvoted 1 times
...
mynk29
3 years, 7 months ago
To all those saying D- what about "Users must be able to download, modify, and upload documents" requirement? It can only be fulfilled with IAM. Version will fulfil the requirement of accidental deletion of documents.
upvoted 1 times
...
Toks2021
3 years, 7 months ago
B&D are correct. Enable versioning to keep versions of objects. MFA will help prevent accidental delete. IAM policy can't be attached to bucket, rather, bucket policy does. But attaching bucket policy to prevent accidental deletion is not the best practice in this scenario.
upvoted 4 times
...
KK_uniq
3 years, 7 months ago
B and D for sure
upvoted 2 times
...
syu31svc
3 years, 7 months ago
versions are available -> Option B prevent deletion -> Option D
upvoted 1 times
...
mryala
3 years, 7 months ago
it's BD
upvoted 2 times
...
Ankitrathi85
3 years, 7 months ago
B and D
upvoted 2 times
...
Jinlee
3 years, 7 months ago
B&D for me.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel