AWS Certified Solutions Architect - Associate

Explanation

Correct Answers: B and D

B. Enable versioning on the bucket - This ensures that all versions of documents are preserved. When versioning is enabled, S3 stores multiple versions of an object, allowing you to recover from accidental deletions or overwrites.

D. Enable MFA Delete on the bucket - This prevents accidental deletion of documents by requiring multi-factor authentication for delete operations. MFA Delete adds an extra layer of security for bucket versioning operations.

Why other options are incorrect:

A. Enable a read-only bucket ACL - This would prevent users from uploading or modifying documents, which contradicts the requirement that users must be able to download, modify, and upload documents.

C. Attach an IAM policy to the bucket - While IAM policies are important for access control, they don't specifically address the requirements of preventing accidental deletion or preserving document versions. Bucket policies would be more appropriate for bucket-level permissions.

E. Encrypt the bucket using AWS KMS - While encryption is important for security, it doesn't address the specific requirements of preventing accidental deletion or preserving document versions. Encryption protects data at rest but doesn't prevent deletion.

Key AWS Concepts:

• S3 Versioning: Maintains multiple versions of objects, allowing recovery from accidental deletions or overwrites
• MFA Delete: Requires multi-factor authentication for delete operations, preventing accidental or unauthorized deletions
• Combined Solution: Versioning preserves document history, while MFA Delete prevents accidental permanent deletion of objects or versions