A web application gives users the ability to log in, verify their membership’s validity, and browse artifacts that are stored in an Amazon S3 bucket. When a user attempts to download an object, the application must verify the permission to access the object and allow the user to download the object from a custom domain name such as example.com.
What is the MOST secure way for a security engineer to implement this functionality?

A. Configure read-only access to the object by using a bucket ACL. Remove the access after a set time has elapsed.

B. Implement an IAM policy to give the user read access to the S3 bucket.

C. Create an S3 presigned URL. Provide the S3 presigned URL to the user through the application.

D. Create an Amazon CloudFront signed URL. Provide the CloudFront signed URL to the user through the application.








 

Suggested Answer: A

Community Answer: D




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.