A web application gives users the ability to log in, verify their membership’s validity, and browse artifacts that are stored in an Amazon S3 bucket. When a user attempts to download an object, the application must verify the permission to access the object and allow the user to download the object from a custom domain name such as example.com. What is the MOST secure way for a security engineer to implement this functionality?

Topic #: - All AWS Certified Security - Specialty Questions

A. Configure read-only access to the object by using a bucket ACL. Remove the access after a set time has elapsed.
B. Implement an IAM policy to give the user read access to the S3 bucket.
C. Create an S3 presigned URL. Provide the S3 presigned URL to the user through the application.
D. Create an Amazon CloudFront signed URL. Provide the CloudFront signed URL to the user through the application. Most Voted

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion