AWS Certified Solutions Architect - Associate

Explanation

To protect S3 data from accidental deletion, the best combination is:

A. Enable versioning on the S3 bucket - This creates multiple versions of objects, so even if an object is deleted, previous versions remain and can be restored.

B. Enable MFA Delete on the S3 bucket - This requires multi-factor authentication to delete object versions, adding an extra layer of protection against accidental or unauthorized deletions.

Why other options are incorrect:

C. Create a bucket policy on the S3 bucket - While bucket policies control access permissions, they don't specifically protect against accidental deletion by authorized users.

D. Enable default encryption on the S3 bucket - This protects data at rest but doesn't prevent deletion.

E. Create a lifecycle policy for the objects in the S3 bucket - This manages object transitions and expiration, which could actually lead to deletion (if configured to expire objects), not prevent it.

Best Practices:

1. Versioning: Maintains object history and allows recovery
2. MFA Delete: Adds authentication requirement for deletions
3. Cross-Region Replication: For additional disaster recovery
4. Object Lock: For write-once-read-many (WORM) protection

These two features work together to provide comprehensive protection against accidental data loss in S3.