ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 97 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 97
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an
S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access.
Which of the following would be the LEAST complicated implementation?

  • A. Use an Amazon CloudFront distribution with an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design a Lambda function to remove data that is older than 14 days.
  • B. Use an S3 bucket and provide direct access to the file. Design the application to track purchases in a DynamoDB table. Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB.
  • C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL.
  • D. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 60 minutes for the URL and recreate the URL as necessary.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by josebormo at Aug. 10, 2020, 9:14 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
josebormo
Highly Voted 3 years, 9 months ago
I agree it's C
upvoted 30 times
aguy9
3 years, 8 months ago
I agree, answer is C
upvoted 5 times
...
robertomartinez
3 years, 8 months ago
pre signed url are valid for a maximum of 7 days so you'd have to track it and create 2 urls, also i would consider bad practice to leave paid service url access valid for so long (easy to share with someone else). 60 min makes sense and you would allow pre signed url creation depending if it's been 14 days or less, I would go with D for this reason
upvoted 2 times
robertomartinez
3 years, 8 months ago
actually I think I'm wrong because cloudfront signed url are not subject to this 7 days maximum , see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html#private-content-check-expiration. So I'd agree to go with C in the end :)
upvoted 14 times
PhilMultiCloud
3 years, 8 months ago
Great pointer!!!
upvoted 2 times
...
...
...
...
Paitan
Highly Voted 3 years, 9 months ago
There is no need to remove the data. Just expire the pre-signed url. So answer should be between C and D. However the max expiry time for pre-signed url is 7 days. So option D is the right answer
upvoted 11 times
Paitan
3 years, 9 months ago
It seems the restriction on max expiry time is only valid for normal S3 pre-signed URLs. For Cloudfront signed URLs there is no restriction. So changing answer to C.
upvoted 37 times
pr
3 years, 8 months ago
Thanks for sharing this info.
upvoted 1 times
...
...
...
Uzbekistan
Most Recent 1 year, 3 months ago
Selected Answer: C
C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL. This option leverages CloudFront's ability to provide access to S3 content through signed URLs with a specific expiration time. By setting the expiration time to 14 days, the application can ensure that users have access to the content for the specified duration without the need for additional cleanup or management tasks. This approach is straightforward and does not require the application to track purchases or manage DynamoDB tables for content expiration.
upvoted 1 times
...
Karthikeyan_nick
3 years, 2 months ago
Option C: There is no maximum expiration time for CloudFront signed URLs...
upvoted 1 times
...
dhakad05
3 years, 8 months ago
Their is a policy statement which controls the access that a signed URL grants to a user. It includes the URL of the file, an expiration date and time, an optional date and time that the URL becomes valid, and an optional IP address or range of IP addresses that are allowed to access the file. It means their is no fixed expiration period for Cloudfront signed URLs. Hence answer is C
upvoted 2 times
...
Kenisworld666
3 years, 8 months ago
CCCCCCCCCC
upvoted 2 times
...
woke
3 years, 8 months ago
Ans is C
upvoted 3 times
...
tinyshare
3 years, 8 months ago
CloudFront signed URL can have very long expiration date: "You can also distribute private content using a signed URL that is valid for a longer time, possibly for years. " https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html#private-content-overview-choosing-duration So C
upvoted 6 times
...
elrmel
3 years, 8 months ago
I agree with C strongly!
upvoted 2 times
...
syu31svc
3 years, 8 months ago
C for correct
upvoted 2 times
...
KK_uniq
3 years, 8 months ago
C for sure
upvoted 2 times
...
mryala
3 years, 8 months ago
it's C
upvoted 2 times
...
Ankitrathi85
3 years, 8 months ago
C right
upvoted 1 times
...
Elias23
3 years, 8 months ago
CCCCCCCC
upvoted 1 times
...
arunchu
3 years, 8 months ago
C sounds OK
upvoted 1 times
...
anpt
3 years, 8 months ago
CCCCCCCCCCCCCCCCCCCC
upvoted 3 times
...
MFDOOM
3 years, 8 months ago
C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to sot an expiration of 14 days for the URL.
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel