Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SCS-C01 Topic 7 Question 66 Discussion

Actual exam question for Amazon's SCS-C01 exam
Question #: 66
Topic #: 7
[All SCS-C01 Questions]

A Security Administrator is restricting the capabilities of company root user accounts. The company uses IAM Organizations and has enabled it for all feature sets, including consolidated billing. The top-level account is used for billing and administrative purposes, not for operational IAM resource purposes.

How can the Administrator restrict usage of member root user accounts across the organization?

Show Suggested Answer Hide Answer
Suggested Answer: D

For this scenario you would need to set up static website hosting because a custom domain name is listed as a requirement. 'Amazon S3 website endpoints do not support HTTPS or access points. If you want to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3.' This is not secure. https://docs.aws.amazon.com/AmazonS3/latest/userguide/website-hosting-custom-domain-walkthrough.html CloudFront signed URLs allow much more fine-grained control as well as HTTPS access with custom domain names: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html


by Latia at Jul 13, 2024, 03:47 AM

Limited Time Offer

25%

Off

Get Premium SCS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cammy
9 months ago
Option B is a big no-no. Giving users direct access to the S3 bucket is a security nightmare waiting to happen.
upvoted 0 times
...
Reena
9 months ago
Haha, option D sounds like a lot of extra work. Why bother with CloudFront when you can just use the simple presigned URL approach?
upvoted 0 times
Shawnda
7 months ago
That's true, but using a presigned URL still provides a secure way to grant temporary access without the extra setup of CloudFront.
upvoted 0 times
...
Carmela
8 months ago
But what about option A? Removing access after a set time seems like a good security measure.
upvoted 0 times
...
Kathryn
8 months ago
I agree, using a presigned URL is a simple and secure solution for granting access to S3 objects.
upvoted 0 times
...
Hester
8 months ago
Yeah, I think using a presigned URL is definitely the way to go in this situation.
upvoted 0 times
...
Louvenia
8 months ago
I agree, option C seems like the easiest and most secure way to handle this.
upvoted 0 times
...
Melissa
8 months ago
Option C is definitely the easiest way to go. No need to overcomplicate things with CloudFront.
upvoted 0 times
...
...
Jamal
9 months ago
I think configuring read-only access with a bucket ACL and removing access after a set time is a good security measure too.
upvoted 0 times
...
Phuong
9 months ago
I believe creating an S3 presigned URL is also secure, as it limits the access to a specific time period.
upvoted 0 times
...
Eve
9 months ago
I agree with Quinn. Using CloudFront signed URL adds an extra layer of security.
upvoted 0 times
...
Christiane
9 months ago
I agree, C is the best option. Presigned URLs provide a secure way to grant temporary access without managing IAM policies.
upvoted 0 times
...
Kerrie
10 months ago
Option C seems like the most secure choice. Generating a presigned URL allows you to give temporary access without exposing the S3 bucket directly.
upvoted 0 times
Wayne
8 months ago
D) Create an Amazon CloudFront signed URL. Provide the CloudFront signed URL to the user through the application.
upvoted 0 times
...
Blondell
8 months ago
A) Configure read-only access to the object by using a bucket ACL. Remove the access after a set time has elapsed.
upvoted 0 times
...
Kelvin
8 months ago
C) Create an S3 presigned URL Provide the S3 presigned URL to the user through the application.
upvoted 0 times
...
Zita
8 months ago
D) Create an Amazon CloudFront signed URL. Provide the CloudFront signed URL to the user through the application.
upvoted 0 times
...
Virgilio
8 months ago
A) Configure read-only access to the object by using a bucket ACL. Remove the access after a set time has elapsed.
upvoted 0 times
...
Leonardo
9 months ago
C) Create an S3 presigned URL Provide the S3 presigned URL to the user through the application.
upvoted 0 times
...
...
Quinn
10 months ago
I think the most secure way is to create an Amazon CloudFront signed URL.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77