ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 323 discussion

Exam question from Amazon's ANS-C00
Question #: 323
Topic #: 1
[All ANS-C00 Questions]

You need to ensure the files served by your CloudFront distribution are only accessible to authorized users. You hope to serve thousands of users. What two steps should you take? (Choose two.)

  • A. Configure signed cookies.
  • B. Configure a WAF.
  • C. Configure a bucket policy restricting the bucket to only CloudFront OAI.
  • D. Configure an SSL on the distribution.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
A WAF can block users from accessing the site and CloudFront, but that's not the best option since you have so many users. An SSL will encrypt, but not prevent a user from viewing the content.
by Rsht at Nov. 22, 2020, 2:36 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Rsht
Highly Voted 3 years, 8 months ago
A and C are the right answers.
upvoted 8 times
...
kirrim
Most Recent 3 years, 7 months ago
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html " To restrict access to content that you serve from Amazon S3 buckets, follow these steps: 1. Create a special CloudFront user called an origin access identity (OAI) and associate it with your distribution. 2. Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there. After you take these steps, users can only access your files through CloudFront, not directly from the S3 bucket. In general, if you’re using an Amazon S3 bucket as the origin for a CloudFront distribution, you can either allow everyone to have access to the files there, or you can restrict access. If you restrict access by using, for example, CloudFront signed URLs or signed cookies, you also won’t want people to be able to view files by simply using the direct Amazon S3 URL for the file. Instead, you want them to only access the files by using the CloudFront URL, so your protections work. "
upvoted 2 times
...
ChauPhan
3 years, 7 months ago
A. Configure signed cookies. C. Configure a bucket policy restricting the bucket to only CloudFront OAI.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel