Multiple Choice
In response to the past DDoS attack experiences, a Security Engineer has set up an Amazon CloudFront distribution for an Amazon S3 bucket. There is concern that some users may bypass the CloudFront distribution and access the S3 bucket directly. What must be done to prevent users from accessing the S3 objects directly by using URLs?
A) Change the S3 bucket/object permission so that only the bucket owner has access.
B) Set up a CloudFront origin access identity (OAI) , and change the S3 bucket/object permission so that only the OAI has access.
C) Create IAM roles for CloudFront, and change the S3 bucket/object permission so that only the IAM role has access.
D) Redirect S3 bucket access to the corresponding CloudFront distribution.
Correct Answer:
Verified
Correct Answer:
Verified
Q181: An Application Developer is using an AWS
Q182: Example.com hosts its internal document repository on
Q183: Unapproved changes were previously made to a
Q184: An employee accidentally exposed an AWS access
Q185: A company's security policy requires that VPC
Q187: A developer reported that AWS CloudTrail was
Q188: A Security Engineer for a large company
Q189: A company uses multiple AWS accounts managed
Q190: A company recently performed an annual security
Q191: An organization has tens of applications deployed