What should a solutions architect do to protect against data loss?
(Choose two.)
Enable versioning on the S3 bucket.
Enable access logging on the S3 bucket.
Enable server-side encryption on the S3 bucket.
Configure an S3 lifecycle rule to transition objects to Amazon S3 Glacier.
Use MFA Delete to require multi-factor authentication to delete an object.
Explanations:
Enabling versioning on the S3 bucket allows multiple versions of an object to be stored. This means if an object is deleted or overwritten, previous versions can be restored, providing protection against accidental data loss.
While enabling access logging can help track access requests and identify unauthorized access, it does not directly protect against data loss. It is primarily a security and auditing feature.
Server-side encryption protects data at rest but does not prevent data loss. It ensures that data is encrypted before it is stored in S3 and decrypted when accessed, but does not provide a mechanism to recover lost or deleted objects.
Configuring an S3 lifecycle rule to transition objects to Amazon S3 Glacier is useful for cost savings and archiving, but it does not inherently protect against data loss. Objects moved to Glacier are not immediately accessible, and if they are deleted, they cannot be recovered without retrieval processes.
Using MFA Delete requires multi-factor authentication to delete objects, adding an extra layer of protection against accidental or malicious deletions. This feature helps ensure that even privileged users cannot delete objects without the required MFA token.