ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 321 discussion

Exam question from Amazon's AWS-SysOps
Question #: 321
Topic #: 1
[All AWS-SysOps Questions]

You have private video content in S3 that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon
RDS database.
Which configuration will allow you to securely serve private content to your users?

  • A. Generate pre-signed URLs for each user as they request access to protected S3 content
  • B. Create an IAM user for each subscribed user and assign the GetObject permission to each IAM user
  • C. Create an S3 bucket policy that limits access to your private content to only your subscribed users' credentials
  • D. Create a CloudFront Origin Identity user for your subscribed users and assign the GetObject permission to this user
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
ג€You can optionally secure the content in your Amazon S3 bucket so users can access it through CloudFront but cannot access it directly by using Amazon S3
URLs. This prevents anyone from bypassing CloudFront and using the Amazon S3 URL to get content that you want to restrict access to. This step isn't required to use signed URLs, but we recommend it.ג€
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
by karmaah at Nov. 24, 2019, 1:44 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TechX
8 months, 3 weeks ago
I would go with A. But I don't understand why C is not a good option here
upvoted 1 times
...
waterzhong
10 months, 3 weeks ago
A. Many companies that distribute content over the internet want to restrict access to documents, business data, media streams, or content that is intended for selected users, for example, users who have paid a fee. To securely serve this private content by using CloudFront, you can do the following: Require that your users access your private content by using special CloudFront signed URLs or signed cookies. Require that your users access your content by using CloudFront URLs, not URLs that access content directly on the origin server (for example, Amazon S3 or a private HTTP server). Requiring CloudFront URLs isn't necessary, but we recommend it to prevent users from bypassing the restrictions that you specify in signed URLs or signed cookies.
upvoted 1 times
...
xxxdolorxxx
1 year, 6 months ago
A is the correct answer.
upvoted 1 times
...
TroyMcLure
1 year, 6 months ago
Correct Answer: A
upvoted 1 times
...
awscertified
1 year, 6 months ago
A. Generate pre-signed URLs for each user as they request access to protected S3 content
upvoted 1 times
...
karmaah
1 year, 7 months ago
Ans : A The maximum expiration time for presigned url is one week from time of creation. But there is a way that you can make it for longer period of time,possibly for years. Also credentials are stored on Database. So application can easily get the credentials from db. In general, if you're using an Amazon S3 bucket as the origin for a CloudFront distribution, you can either allow everyone to have access to the files there, or you can restrict access. If you select answer D, everyone can access. Becoz D is never mentioned that CloudFront Origin Identity used along with Signed URl or signed cookie.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago