A company is hosting a static website on Amazon S3 The company has configured an...

Amazon Web Services SCS-C02 Question Answer

A company is hosting a static website on Amazon S3 The company has configured an Amazon CloudFront distribution to serve the website contents The company has associated an IAM WAF web ACL with the CloudFront distribution. The web ACL ensures that requests originate from the United States to address compliance restrictions.

THE company is worried that the S3 URL might still be accessible directly and that requests can bypass the CloudFront distribution

Which combination of steps should the company take to remove direct access to the S3 URL? (Select TWO. )

Select "Restrict Bucket Access" in the origin settings of the CloudFront distribution

Create an origin access identity (OAI) for the S3 origin

Update the S3 bucket policy to allow s3 GetObject with a condition that the IAM Referer key matches the secret value Deny all other requests

Configure the S3 bucket poky so that only the origin access identity (OAI) has read permission for objects in the bucket

Add an origin custom header that has the name Referer to the CloudFront distribution Give the header a secret value.

Amazon Web Services SCS-C02 View All Questions

Amazon Web Services SCS-C02 Summary

Vendor: Amazon Web Services
Product: SCS-C02
Update on: Aug 2, 2025
Questions: 417

Price: $52.5 ~~$149.99~~

Buy Now SCS-C02 PDF + Testing Engine Pack

An Application team has requested a new IAM KMS master key for use with Amazon...

A company uses several AWS CloudFormation stacks to handle the deployment of a suite of...

Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

A company is hosting a static website on Amazon S3 The company has configured an...

The Answer Is:

Amazon Web Services SCS-C02 Summary

Payments We Accept

Contact Us