Q28 — AWS DVA-C02 Ch.1
Question 28 of 100 | ← Chapter 1
A developer is building a web application that must share confidential documents with end users. These documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents upon request, and access must expire after no more than 15 minutes.
- A. Copy the documents to a separate S3 bucket with a lifecycle policy that deletes objects after 15 minutes.
- B. Use the AWS SDK to generate a presigned S3 URL with an expiration time of 15 minutes. ✓
- C. Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download documents over HTTPS.
- D. Modify the S3 bucket policy to allow downloads only by specific users, then revert the change after 15 minutes.
Correct Answer: B. Use the AWS SDK to generate a presigned S3 URL with an expiration time of 15 minutes.
Explanation
Presigned S3 URLs provide secure, time-limited access to private S3 objects without exposing credentials or requiring policy modifications. Setting the expiration to 15 minutes satisfies the requirement for temporary, authenticated access. Other options either fail to enforce time-bound access (A, C), are technically infeasible (D), or introduce unnecessary complexity.