What combination of the following options will protect S3 objects from both accidental deletion and accidental
overwriting?
Choose 2 answers
A.
Enable S3 versioning on the bucket.
B.
Access S3 data using only signed URLs.
C.
Disable S3 delete using an IAM bucket policy.
D.
Enable S3 Reduced Redundancy Storage.
E.
Enable multi-factor authentication (MFA) protected access.
The correct answer is: A and E !!
A and E
For me it is just A, not sure why it asks for 2 answers as there is only a valid one
Answer is A and E
A. Versioning helps restore the deleted version.
B. I think we cannot delete the S3 object using Signed-URL. Correct me if I am wrong.
C. If we disable delete access, then how to perform planned (non-accidental) deletes.
D. RRS can be used only we can easily reproduce the original version of the object.
E. MFA gives additional level of security to prevent accidental delete.
D is not correct.
MFA has nothing with the delete option. It does not prevent it.
I would suggest
A and C
A and E. The critical word here is ‘combination’. Versioning allows you to restore objects that have been deleted or overwritten and essentially accomplished both of these tasks. MFA makes you think twice before deleting something… MFA delete protection with S3 is a thing: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html
A is correct. D is not correct. The second answer is E, but rewording is needed.
https://aws.amazon.com/whitepapers/overview-of-security-processes/
For added protection against users accidently deleting media files, you can use the Versioning feature in Amazon S3 to preserve, retrieve, and restore every version of every object
stored in an Amazon S3 bucket. You can further protect versions using Amazon S3 Versioning’s MFA Delete feature.