SAA-C03 Design Secure Architectures • Set 14
SAA-C03 Design Secure Architectures Practice Test 14 — 15 questions with explanations. Free, no signup.
Based on the exhibit, users must access private PDF reports only through CloudFront. Direct requests to the S3 object URL must fail, and the bucket should not be publicly readable. Which solution is the best fit?
Current S3 bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::reports-private/*"
}
]
}
CloudFront distribution:
- Origin: s3://reports-private
- Viewer protocol policy: Redirect HTTP to HTTPS
- No origin access identity or origin access control configured
Security requirement:
- Clients must use CloudFront signed URLs or signed cookies
- S3 object URLs must not be directly accessible