Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SCS-C01 Topic 7 Question 66 Discussion

Actual exam question for Amazon's SCS-C01 exam
Question #: 66
Topic #: 7
[All SCS-C01 Questions]

A web application gives users the ability to log in verify their membership's validity and browse artifacts that are stored in an Amazon S3 bucket. When a user attempts to download an object, the application must verify the permission to access the object and allow the user to download the object from a custom domain name such as example com.

What is the MOST secure way for a security engineer to implement this functionality?

Show Suggested Answer Hide Answer

Contribute your Thoughts:

Cammy
9 days ago
Option B is a big no-no. Giving users direct access to the S3 bucket is a security nightmare waiting to happen.
upvoted 0 times
...
Reena
11 days ago
Haha, option D sounds like a lot of extra work. Why bother with CloudFront when you can just use the simple presigned URL approach?
upvoted 0 times
...
Jamal
27 days ago
I think configuring read-only access with a bucket ACL and removing access after a set time is a good security measure too.
upvoted 0 times
...
Phuong
1 months ago
I believe creating an S3 presigned URL is also secure, as it limits the access to a specific time period.
upvoted 0 times
...
Eve
1 months ago
I agree with Quinn. Using CloudFront signed URL adds an extra layer of security.
upvoted 0 times
...
Christiane
1 months ago
I agree, C is the best option. Presigned URLs provide a secure way to grant temporary access without managing IAM policies.
upvoted 0 times
...
Kerrie
1 months ago
Option C seems like the most secure choice. Generating a presigned URL allows you to give temporary access without exposing the S3 bucket directly.
upvoted 0 times
Virgilio
3 days ago
A) Configure read-only access to the object by using a bucket ACL. Remove the access after a set time has elapsed.
upvoted 0 times
...
Leonardo
16 days ago
C) Create an S3 presigned URL Provide the S3 presigned URL to the user through the application.
upvoted 0 times
...
...
Quinn
2 months ago
I think the most secure way is to create an Amazon CloudFront signed URL.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77