Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SCS-C01 Topic 7 Question 66 Discussion

Actual exam question for Amazon's SCS-C01 exam
Question #: 66
Topic #: 7
[All SCS-C01 Questions]

A web application gives users the ability to log in verify their membership's validity and browse artifacts that are stored in an Amazon S3 bucket. When a user attempts to download an object, the application must verify the permission to access the object and allow the user to download the object from a custom domain name such as example com.

What is the MOST secure way for a security engineer to implement this functionality?

Show Suggested Answer Hide Answer
Suggested Answer: D

For this scenario you would need to set up static website hosting because a custom domain name is listed as a requirement. 'Amazon S3 website endpoints do not support HTTPS or access points. If you want to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3.' This is not secure. https://docs.aws.amazon.com/AmazonS3/latest/userguide/website-hosting-custom-domain-walkthrough.html CloudFront signed URLs allow much more fine-grained control as well as HTTPS access with custom domain names: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html


by Latia at Jul 13, 2024, 03:47 AM

Limited Time Offer

25%

Off

Get Premium SCS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cammy
4 months ago
Option B is a big no-no. Giving users direct access to the S3 bucket is a security nightmare waiting to happen.
upvoted 0 times
...
Reena
4 months ago
Haha, option D sounds like a lot of extra work. Why bother with CloudFront when you can just use the simple presigned URL approach?
upvoted 0 times
Shawnda
2 months ago
That's true, but using a presigned URL still provides a secure way to grant temporary access without the extra setup of CloudFront.
upvoted 0 times
...
Carmela
3 months ago
But what about option A? Removing access after a set time seems like a good security measure.
upvoted 0 times
...
Kathryn
3 months ago
I agree, using a presigned URL is a simple and secure solution for granting access to S3 objects.
upvoted 0 times
...
Hester
3 months ago
Yeah, I think using a presigned URL is definitely the way to go in this situation.
upvoted 0 times
...
Louvenia
3 months ago
I agree, option C seems like the easiest and most secure way to handle this.
upvoted 0 times
...
Melissa
3 months ago
Option C is definitely the easiest way to go. No need to overcomplicate things with CloudFront.
upvoted 0 times
...
...
Jamal
4 months ago
I think configuring read-only access with a bucket ACL and removing access after a set time is a good security measure too.
upvoted 0 times
...
Phuong
4 months ago
I believe creating an S3 presigned URL is also secure, as it limits the access to a specific time period.
upvoted 0 times
...
Eve
4 months ago
I agree with Quinn. Using CloudFront signed URL adds an extra layer of security.
upvoted 0 times
...
Christiane
5 months ago
I agree, C is the best option. Presigned URLs provide a secure way to grant temporary access without managing IAM policies.
upvoted 0 times
...
Kerrie
5 months ago
Option C seems like the most secure choice. Generating a presigned URL allows you to give temporary access without exposing the S3 bucket directly.
upvoted 0 times
Wayne
3 months ago
D) Create an Amazon CloudFront signed URL. Provide the CloudFront signed URL to the user through the application.
upvoted 0 times
...
Blondell
3 months ago
A) Configure read-only access to the object by using a bucket ACL. Remove the access after a set time has elapsed.
upvoted 0 times
...
Kelvin
3 months ago
C) Create an S3 presigned URL Provide the S3 presigned URL to the user through the application.
upvoted 0 times
...
Zita
3 months ago
D) Create an Amazon CloudFront signed URL. Provide the CloudFront signed URL to the user through the application.
upvoted 0 times
...
Virgilio
4 months ago
A) Configure read-only access to the object by using a bucket ACL. Remove the access after a set time has elapsed.
upvoted 0 times
...
Leonardo
4 months ago
C) Create an S3 presigned URL Provide the S3 presigned URL to the user through the application.
upvoted 0 times
...
...
Quinn
5 months ago
I think the most secure way is to create an Amazon CloudFront signed URL.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77