AWS Certified SysOps Administrator Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the AWS Certified SysOps Administrator Exam. Utilize flashcards, multiple-choice questions, tips, and in-depth explanations. Get exam-ready!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

How should MFA-Delete be enabled on an S3 bucket?

  1. Through the S3 Management Console

  2. Using the AWS CLI with IAM credentials

  3. Using the root account and the AWS CLI

  4. Via CloudFormation templates

The correct answer is: Using the root account and the AWS CLI

MFA-Delete is a feature designed to add an additional layer of security to S3 buckets by requiring multi-factor authentication when deleting objects or changing bucket versioning states. This feature can only be enabled through the AWS root account, as it requires access to sensitive operations that are restricted to the account owner. Using the AWS CLI to enable MFA-Delete ensures that there is a secure integration with the Multi-Factor Authentication device in use, as the command to enable this feature necessitates providing a temporary MFA code. This process verifies that the person enabling MFA-Delete is indeed the owner of the root account and has access to the MFA device associated with it. While options such as using the S3 Management Console or CloudFormation templates might seem feasible, they do not support the necessary authentication requirements for enabling MFA-Delete. The AWS Management Console does not provide an option to enable this feature directly, and while CloudFormation can manage resources, it cannot set MFA-Delete as a property since it’s specifically tied to the root account’s permissions. In summary, enabling MFA-Delete on an S3 bucket is restricted to actions performed via the root account using the AWS CLI, ensuring that only authorized users with the necessary access can make changes to critical bucket security settings

More Questions Like This