Answer-first summary for fast verification
Answer: Update the S3 bucket policy to restrict access to a CloudFront origin access control (OAC)., Add a CloudFront geo restriction deny list of countries where the company lacks a license.
Option A is correct because updating the S3 bucket policy to restrict access to a CloudFront origin access control (OAC) ensures that the objects in the S3 bucket can only be accessed through CloudFront, preventing direct access to the bucket from unauthorized regions. Option C is correct because adding a CloudFront geo restriction deny list of countries where the company lacks a license will block access to the images from those countries, effectively limiting distribution as intended. The combination of these two measures will reinforce security and ensure compliance with licensing restrictions.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company utilizes an Amazon S3 bucket to store images for their website, which are served to end users through Amazon CloudFront. Recently, the company identified that these images are being accessed from countries without a distribution license. To address this security concern and restrict access to authorized regions, what two measures should the company implement?
A
Update the S3 bucket policy to restrict access to a CloudFront origin access control (OAC).
B
Update the website DNS record to use an Amazon Route 53 geolocation record deny list of countries where the company lacks a license.
C
Add a CloudFront geo restriction deny list of countries where the company lacks a license.
D
Update the S3 bucket policy with a deny list of countries where the company lacks a license.
E
Enable the Restrict Viewer Access option in CloudFront to create a deny list of countries where the company lacks a license.
No comments yet.