Q21 — AWS DVA-C02 Ch.2

Question 21 of 100 | ← Chapter 2

A company needs to distribute firmware updates to its global customers. Which service will allow the company to control access to downloads in the most cost-effective, scalable, and secure manner?

Correct Answer: A. Use Amazon CloudFront with Amazon S3 signed URLs.

Explanation

Option A recommends using Amazon CloudFront with Amazon S3 signed URLs. Signed URLs enable fine-grained, secure access control to resources in Amazon S3, allowing time-limited and permission-restricted downloads. This approach provides low-cost, globally distributed delivery while ensuring only authorized users can download firmware. Option B introduces unnecessary complexity and cost by requiring a separate CloudFront distribution per customer. Option C, while Lambda@Edge extends CloudFront functionality, is overkill here—signed URLs are simpler and more direct. Option D is viable but adds operational overhead compared to the native, lightweight signed URL mechanism.