ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 111 - SCS-C02 discussion

Report
Export

A company is hosting a static website on Amazon S3 The company has configured an Amazon CloudFront distribution to serve the website contents The company has associated an IAM WAF web ACL with the CloudFront distribution. The web ACL ensures that requests originate from the United States to address compliance restrictions.

THE company is worried that the S3 URL might still be accessible directly and that requests can bypass the CloudFront distribution

Which combination of steps should the company take to remove direct access to the S3 URL? (Select TWO. )

A.
Select 'Restrict Bucket Access' in the origin settings of the CloudFront distribution
Answers
A.
Select 'Restrict Bucket Access' in the origin settings of the CloudFront distribution
B.
Create an origin access identity (OAI) for the S3 origin
Answers
B.
Create an origin access identity (OAI) for the S3 origin
C.
Update the S3 bucket policy to allow s3 GetObject with a condition that the IAM Referer key matches the secret value Deny all other requests
Answers
C.
Update the S3 bucket policy to allow s3 GetObject with a condition that the IAM Referer key matches the secret value Deny all other requests
D.
Configure the S3 bucket poky so that only the origin access identity (OAI) has read permission for objects in the bucket
Answers
D.
Configure the S3 bucket poky so that only the origin access identity (OAI) has read permission for objects in the bucket
E.
Add an origin custom header that has the name Referer to the CloudFront distribution Give the header a secret value.
Answers
E.
Add an origin custom header that has the name Referer to the CloudFront distribution Give the header a secret value.
Suggested answer: A, D
asked 16/09/2024
Swen Evers
39 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first