AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company is building a mobile app on AWS. The company wants to expand its reach to millions of users. The company needs to build a platform so that authorized users can watch the company's content on their mobile devices.

What should a solutions architect recommend to meet these requirements?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Publish content to a public Amazon S3 bucket. Use AWS Key Management Service (AWS KMS) keys to stream content.

Set up IPsec VPN between the mobile app and the AWS environment to stream content.

Use Amazon CloudFront. Provide signed URLs to stream content.

Set up AWS Client VPN between the mobile app and the AWS environment to stream content.

Explanation:

Explanation

Correct Answer: C - Use Amazon CloudFront. Provide signed URLs to stream content.

Why this is the correct solution:

Scalability: Amazon CloudFront is a global content delivery network (CDN) that can handle millions of users efficiently by caching content at edge locations worldwide, reducing latency and improving performance for mobile users.
Security: Signed URLs provide a secure way to control access to content. They allow authorized users to access content for a limited time, preventing unauthorized distribution.
Mobile Optimization: CloudFront is designed to deliver content to mobile devices efficiently, with features like HTTP/2, TLS encryption, and adaptive bitrate streaming support.
Cost-effectiveness: CloudFront's pay-as-you-go pricing model is ideal for scaling to millions of users without upfront infrastructure costs.

Why the other options are incorrect:

A. Publish content to a public Amazon S3 bucket. Use AWS KMS keys to stream content.

Public S3 buckets expose content to anyone on the internet, which doesn't meet the "authorized users" requirement.
AWS KMS is for encryption key management, not for streaming content or access control.

B. Set up IPsec VPN between the mobile app and the AWS environment to stream content.

VPNs are not scalable to millions of mobile users.
VPNs add unnecessary complexity and latency for content streaming.
Mobile devices frequently change networks, making VPN connections unreliable.

D. Set up AWS Client VPN between the mobile app and the AWS environment to stream content.

Similar to option B, AWS Client VPN is not designed for scaling to millions of mobile users.
It's meant for secure access to AWS resources, not for content delivery to end-users.
Would create significant overhead and cost for content streaming scenarios.

Best Practice Architecture:

The recommended architecture would be:

Store content in Amazon S3
Use Amazon CloudFront as the CDN
Generate signed URLs with CloudFront for secure, time-limited access
Use AWS Lambda or application backend to generate signed URLs for authorized users
Optionally use AWS WAF for additional security and AWS Shield for DDoS protection

Powered ByGPT-5.2

Comments

Loading comments...