ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 18 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 18
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Security Administrator has a website hosted in Amazon S3. The Administrator has been given the following requirements:
✑ Users may access the website by using an Amazon CloudFront distribution.
✑ Users may not access the website directly by using an Amazon S3 URL.
Which configurations will support these requirements? (Choose two.)

  • A. Associate an origin access identity with the CloudFront distribution.
  • B. Implement a ג€Principalג€: ג€cloudfront.amazonaws.comג€ condition in the S3 bucket policy.
  • C. Modify the S3 bucket permissions so that only the origin access identity can access the bucket contents.
  • D. Implement security groups so that the S3 bucket can be accessed only by using the intended CloudFront distribution.
  • E. Configure the S3 bucket policy so that it is accessible only through VPC endpoints, and place the CloudFront distribution into the specified VPC.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by BillyC at Aug. 25, 2019, 5:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BillyC
Highly Voted 3 years, 11 months ago
A and C
upvoted 19 times
...
donathon
Highly Voted 3 years, 10 months ago
AC B: This does not restrict it just say this policy applies to cloudfront. Too little information to say if this is the answer ot not. D: S3 does not use security groups. E: No way to put Cloudfront into VPC.
upvoted 12 times
...
Benah
Most Recent 1 year, 11 months ago
A and C
upvoted 2 times
...
G4Exams
2 years, 3 months ago
Selected Answer: AC
Create OAI and bucket policy that won't allow access from anywhere else. So A and C.
upvoted 1 times
...
Mr__
2 years, 11 months ago
Selected Answer: AC
A and C
upvoted 1 times
...
jj22222
3 years, 7 months ago
A and C look right
upvoted 1 times
...
ff12
3 years, 9 months ago
ANS --> A and C
upvoted 2 times
...
sanjaym
3 years, 9 months ago
Ans: AC 100%
upvoted 2 times
...
devjava
3 years, 9 months ago
Ans > A,C
upvoted 2 times
...
AfricanCloudGuru
3 years, 9 months ago
Ans (A & C) https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
upvoted 2 times
...
enthuguys
3 years, 9 months ago
A & C is correct
upvoted 1 times
...
rdy4u
3 years, 10 months ago
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
upvoted 3 times
...
gfhbox0083
3 years, 10 months ago
A, C for sure
upvoted 1 times
...
RaySmith
3 years, 10 months ago
AC is correct
upvoted 1 times
...
exams
3 years, 10 months ago
A and C make sense
upvoted 2 times
...
INASR
3 years, 10 months ago
A & C is correct
upvoted 1 times
...
ugreenhost
3 years, 10 months ago
A & C is correct
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel