In response to the past DDoS attack experiences, a Security Engineer has set up an Amazon CloudFront distribution for an Amazon S3 bucket. There is concern that some users may bypass the CloudFront distribution and access the S3 bucket directly. What must be done to prevent users from accessing the S3 objects directly by using URLs?
A) Change the S3 bucket/object permission so that only the bucket owner has access.
B) Set up a CloudFront origin access identity (OAI) , and change the S3 bucket/object permission so that only the OAI has access.
C) Create IAM roles for CloudFront, and change the S3 bucket/object permission so that only the IAM role has access.
D) Redirect S3 bucket access to the corresponding CloudFront distribution.
Correct Answer:
Verified
Q52: An organization is using AWS CloudTrail, Amazon
Q53: A Security Architect is evaluating managed solutions
Q54: A company has a forensic logging use
Q55: A company has two AWS accounts, each
Q56: A Security Engineer must add additional protection
Q58: During a security event, it is discovered
Q59: A company plans to move most of
Q60: A Security Engineer must design a system
Q61: A Security Engineer for a large company
Q62: A company had one of its Amazon
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents