Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SCS-C01 Topic 1 Question 64 Discussion

Actual exam question for Amazon's SCS-C01 exam
Question #: 64
Topic #: 1
[All SCS-C01 Questions]

A web application gives users the ability to log in verify their membership's validity and browse artifacts that are stored in an Amazon S3 bucket. When a user attempts to download an object, the application must verify the permission to access the object and allow the user to download the object from a custom domain name such as example com.

What is the MOST secure way for a security engineer to implement this functionality?

Show Suggested Answer Hide Answer
Suggested Answer: D

For this scenario you would need to set up static website hosting because a custom domain name is listed as a requirement. 'Amazon S3 website endpoints do not support HTTPS or access points. If you want to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3.' This is not secure. https://docs.aws.amazon.com/AmazonS3/latest/userguide/website-hosting-custom-domain-walkthrough.html CloudFront signed URLs allow much more fine-grained control as well as HTTPS access with custom domain names: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html


by Joanna at Jul 05, 2024, 04:23 AM

Limited Time Offer

25%

Off

Get Premium SCS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Adelle
11 months ago
Haha, I bet the security engineer is really gonna enjoy this one. Gotta love those AWS security features!
upvoted 0 times
Willetta
9 months ago
C: Definitely, it adds an extra layer of security to the process.
upvoted 0 times
...
Jacki
10 months ago
C: Definitely, it adds an extra layer of security to the process.
upvoted 0 times
...
Lavina
10 months ago
B: Yeah, that way the user can access the object through a secure URL provided by CloudFront.
upvoted 0 times
...
Izetta
10 months ago
B: Yeah, that way the user can access the object securely through the application.
upvoted 0 times
...
Lisbeth
10 months ago
A: I think the most secure way would be to create an Amazon CloudFront signed URL.
upvoted 0 times
...
Tanesha
10 months ago
A: I think the best way is to create an S3 presigned URL and provide it to the user.
upvoted 0 times
...
...
Sabine
11 months ago
I think configuring read-only access with a bucket ACL and removing access after a set time is the most secure option.
upvoted 0 times
...
Isaiah
11 months ago
I believe creating an S3 presigned URL is also secure as it provides temporary access to the object.
upvoted 0 times
...
Melita
11 months ago
I agree with Karon. Using CloudFront signed URL adds an extra layer of security.
upvoted 0 times
...
Moira
11 months ago
I agree with Rosamond. Presigned URLs are the best solution here. It allows you to control the access and expiration of the download link.
upvoted 0 times
Lorrie
11 months ago
Yeah, it's a good way to ensure only authorized users can download the object.
upvoted 0 times
...
Lucy
11 months ago
Using a presigned URL definitely adds an extra layer of security.
upvoted 0 times
...
Val
11 months ago
I agree, it's the most secure option for controlling access.
upvoted 0 times
...
Lakeesha
11 months ago
I think creating an S3 presigned URL is the way to go.
upvoted 0 times
...
...
Rosamond
12 months ago
Option C is the way to go! Presigned URLs are the most secure way to grant temporary access to S3 objects.
upvoted 0 times
Lynette
11 months ago
I agree, presigned URLs provide temporary secure access.
upvoted 0 times
...
Meghan
11 months ago
I think option C is the best choice.
upvoted 0 times
...
...
Karon
12 months ago
I think the most secure way is to create an Amazon CloudFront signed URL.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77