Examtopics

AWS Certified SysOps Administrator - Associate

106
108

Topic 1 Question 107
An Amazon CloudFront distribution has a single Amazon S3 bucket as its origin. A SysOps administrator must ensure that users can access the S3 bucket only through requests from the CloudFront endpoint. Which solution will meet these requirements?
- Configure S3 Block Public Access on the S3 bucket. Update the S3 bucket policy to allow the GetObject action from only the CloudFront distribution.
- Configure Origin Shield in the CloudFront distribution. Update the CloudFront origin to include a custom Origin_Shield header.
- Create an origin access identity (OAI). Assign the OAI to the CloudFront distribution. Update the S3 bucket policy to restrict access to the OAI.
- Create an origin access identity (OAI). Assign the OAI to the S3 bucket. Update the CloudFront origin to include a custom Origin header with the OAI value.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: C
  C is the correct answer https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
  
  👍 2
  kati2k22cz2022/09/05
- Answer C says, "..restrict access to OAI" I obviously didn't understand it. Why do we restrict access to OAI? Actually, I think we need to allow read-only access to OAI.
  
  👍 2
  elnurgu2022/10/10
- 正解だと思う選択肢: C
  C is the answer
  
  👍 2
  Surferbolt2022/10/17
シャッフルモード

106
108