ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 74 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 74
Topic #: 1
[All AWS Certified Security - Specialty Questions]

In response to the past DDoS attack experiences, a Security Engineer has set up an Amazon CloudFront distribution for an Amazon S3 bucket. There is concern that some users may bypass the CloudFront distribution and access the S3 bucket directly.
What must be done to prevent users from accessing the S3 objects directly by using URLs?

  • A. Change the S3 bucket/object permission so that only the bucket owner has access.
  • B. Set up a CloudFront origin access identity (OAI), and change the S3 bucket/object permission so that only the OAI has access.
  • C. Create IAM roles for CloudFront, and change the S3 bucket/object permission so that only the IAM role has access.
  • D. Redirect S3 bucket access to the corresponding CloudFront distribution.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by BillyC at Aug. 27, 2019, 12:50 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
josellama2000
Highly Voted 3 years, 7 months ago
Agreed, B is correct https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
upvoted 25 times
...
ITGURU51
Most Recent 1 year, 11 months ago
To prevent users from accessing the S3 objects directly by using URLs, you can set up a CloudFront origin access identity (OAI), and change the S3 bucket/object permission so that only the OAI has access. This way, when your users access your Amazon S3 objects using CloudFront URLs, the CloudFront origin access identity gets the objects on your users’ behalf. If your users try to access objects using Amazon S3 URLs, they’re denied access. B
upvoted 2 times
...
TerrenceC
2 years, 5 months ago
An another input is that AWS no longer proposes OAI, Origin Access Control (OAC) instead. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#migrate-from-oai-to-oac
upvoted 2 times
...
skillz2investor
2 years, 5 months ago
Selected Answer: B
B - OAI is the correct
upvoted 1 times
...
dcasabona
2 years, 9 months ago
Selected Answer: B
Option B.
upvoted 1 times
...
Appsec977
2 years, 11 months ago
Selected Answer: B
OIA Origin access Identity will protect other users from accessing direct bucket URLs.
upvoted 1 times
...
2147
2 years, 12 months ago
Cloudfront OIA strictly restrict the access via S3 bucket endpoint.
upvoted 1 times
...
RaySmith
3 years, 2 months ago
B is correct
upvoted 1 times
...
Radhaghosh
3 years, 3 months ago
Agreed, B is correct
upvoted 1 times
...
sanjaym
3 years, 6 months ago
Ans: B 100%
upvoted 4 times
...
devjava
3 years, 6 months ago
Ans > B
upvoted 4 times
...
AfricanCloudGuru
3 years, 6 months ago
Ans (B) Restrict access using Origin Access Identity to s3 bucket. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
upvoted 2 times
...
gfhbox0083
3 years, 6 months ago
B, for sure.
upvoted 1 times
...
Ahmaad
3 years, 6 months ago
B is right.
upvoted 1 times
...
RaySmith
3 years, 6 months ago
B is orrect
upvoted 1 times
...
RakeshTaninki
3 years, 7 months ago
B is correct
upvoted 1 times
...
Osemk
3 years, 7 months ago
B is d answer
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago