Which combination of actions should be taken to meet these requirements?
(Choose two.)
Enable a read-only bucket ACL.
Enable versioning on the bucket.
Attach an IAM policy to the bucket.
Enable MFA Delete on the bucket.
Encrypt the bucket using AWS KMS.
Explanations:
Enabling a read-only bucket ACL would prevent users from uploading or modifying documents, which contradicts the requirement for users to download, modify, and upload documents.
Enabling versioning on the bucket allows all versions of documents to be stored. This meets the requirement of ensuring that all versions of the documents are available, allowing users to retrieve previous versions if needed.
Attaching an IAM policy to the bucket does not directly prevent accidental deletions or ensure versioning; it controls access permissions but does not inherently protect against document deletion.
Enabling MFA Delete on the bucket adds an additional layer of protection against accidental deletions. It requires multi-factor authentication to delete objects or change the versioning state of the bucket, thus meeting the requirement to prevent accidental deletion.
Encrypting the bucket using AWS KMS is important for data security but does not prevent accidental deletion or ensure versioning. It does not address the specific requirements stated in the scenario.
I organize that the answer is:
Enable versioning on the bucket.