Object versioning and retention policies sound similar, get used in similar contexts, and are often confused on Associate Cloud Engineer exam questions. They are not the same. This article covers what each one does, what each one prevents, the rule that they cannot coexist, and the exam patterns that test the distinction.
It does not cover IAM controls, signed URLs, or other access mechanisms. This is purely about how Cloud Storage protects data over time.
Object versioning preserves a history of every overwrite and delete in a bucket. When versioning is enabled and you replace an object with a new one of the same name, the old one is not destroyed. It becomes a noncurrent version, still in the bucket, just not the active version. When you delete an object, a delete marker is created, and the prior version becomes noncurrent.
Either of those operations is recoverable. You can restore a noncurrent version and bring it back to current. You can remove a delete marker and the object reappears.
You enable versioning with gsutil:
gsutil versioning set on gs://my-bucketThe point of versioning is recovery from accidental overwrites or deletes. It does not stop you from making the mistake. It just gives you a way back.
A retention policy is a different thing. It sets a duration during which objects in a bucket cannot be deleted or replaced at all. If you try to delete an object that has not yet reached the end of its retention period, the operation fails. The policy applies to all existing objects and all new objects added to the bucket.
The point of retention policies is compliance. Financial records that have to be kept for seven years. Legal documents that cannot be altered until a case closes. Audit logs that regulators require for some duration. The bucket enforces the rule, which means even an admin acting in error or in malice cannot delete the data early.
Retention policies can also be locked. Once locked, the policy itself cannot be removed or shortened. It can be extended, but never reduced. This is the strongest form of the protection.
You cannot use object versioning and a retention policy on the same bucket at the same time. The Cloud Storage system requires you to pick one. The Associate Cloud Engineer exam tests this directly. If a question describes a bucket that uses both, that is a wrong answer or a setup that is not allowed.
The reason these conflict is that they have different purposes that get in each other's way. Versioning preserves history of every change. Retention prevents changes for a period. The bookkeeping required to track noncurrent versions inside a retention window does not work cleanly, so Google requires you to pick one model.
If the question describes a need to recover from accidental overwrites or deletes, that is versioning. The phrase that often appears is the ability to restore previous versions or recover deleted objects.
If the question describes a regulatory or compliance requirement to retain data for a fixed period and prevent early deletion, that is a retention policy. The phrase is usually compliance or regulatory or some specific duration that has to be enforced.
If the question describes a need to make data tamper-proof, like for legal hold or financial audit, that is a locked retention policy.
The most common pattern is a question that describes a compliance scenario. A team needs to keep records for seven years and prevent any deletion during that time. The answer is a retention policy, locked. Object versioning is a wrong answer here because it does not prevent deletion. It just preserves history.
The second most common pattern describes accidental data loss. A team accidentally deleted an important object and wants protection going forward. The answer is object versioning. Retention policies would have prevented the deletion entirely, but versioning is the answer because retention policies are typically tied to compliance scenarios in exam questions, while accidental-deletion scenarios point to versioning.
If you see both as answer choices, read carefully for whether the question is about recovery (versioning) or prevention (retention).
Versioning preserves history. Retention prevents deletion. Versioning is for recovering from mistakes. Retention is for compliance. They cannot be used together on the same bucket. The Associate Cloud Engineer exam tests this distinction with scenarios that point to one or the other depending on whether the focus is recovery or prevention.
My Associate Cloud Engineer course covers object versioning, retention policies, and bucket lock in the Cloud Storage section the ACE exam tests.
