Your company is planning to store documents in an S3 bucket. The documents are sensitive, and employees should use Multi-Factor authentication when trying to access documents. Which of the following must be done to fulfill this requirement?

Answer options:

A.Ensure that Encryption is enabled the bucket AWS server-side encryption.
B.Ensure that Encryption is enabled the bucket using KMS keys.
C.Ensure that the a bucket policy is in place with a condition of "aws:MultiFactorAuthPresent":"false" with a Deny policy.
D.Ensure that the a bucket policy is in place with a condition of "aws:MultiFactorAuthPresent":"true" with a Deny policy.

Answer – C
The AWS Documentation gives an example of adding a bucket policy. It ensures that only if users are MFA authenticated, they will have access to the bucket.
Options A and B are incorrect since the question talks about MFA and not encryption.
Option D is incorrect since aws:MultiFactorAuthPresent should be checked against the false value for a Deny policy.
For more information on this use case scenario, please refer to the below URL-
https://aws.amazon.com/premiumsupport/knowledge-center/enforce-mfa-other-account-access-bucket/