ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 438 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 438
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A SysOps administrator has an Amazon S3 website and wants to restrict access to a single Amazon CloudFront distribution. Visitors to the website should not be able to circumvent CloudFront or view the S3 website directly from the bucket.

Which AWS service or feature will meet these requirements?

  • A. S3 bucket ACL
  • B. AWS Firewall Manager
  • C. Amazon Route 53 private hosted zone
  • D. Origin access identity (OAI)
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by tgv at April 16, 2024, 8:24 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Albanki
7 months, 1 week ago
A little deceiving. I believe the solution is a combination of A & D. also, it seems that OAI is considered legacy, and is replaced by OAC: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#private-content-restricting-access-to-s3-oai
upvoted 1 times
...
acnaz
10 months, 4 weeks ago
D A. S3 bucket ACL: Controls access permissions for individual Amazon S3 buckets and the objects within them. B. AWS Firewall Manager: Centrally manages firewall rules across multiple AWS accounts and resources. C. Amazon Route 53 private hosted zone: Provides a DNS service for routing traffic within a private Amazon VPC. D. Origin access identity (OAI): Restricts access to S3 bucket content so that only CloudFront can access it.
upvoted 1 times
...
tgv
1 year, 2 months ago
Selected Answer: D
You can restrict access to a S3 bucket from a single CloudFront distribution by using a origin access identity (OAI). This way, the bucket and its object can only be accessed through that OAI.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel