Q9 — AWS DVA-C02 Ch.2
Question 9 of 100 | ← Chapter 2
A company is hosting a workshop for external users and wants to share participation documents with them for a duration of 7 days. The company stores the participation documents in an Amazon S3 bucket owned by the company. What is the most secure method to share these documents with external users?
- A. Use S3 pre-signed URLs to share the documents with external users. Set the expiration time to 7 days. ✓
- B. Move the documents to an Amazon WorkDocs folder. Share the WorkDocs folder link with external users.
- C. Create a temporary IAM user with read-only access to the S3 bucket. Share the access keys with external users and expire the credentials after 7 days.
- D. Create an IAM role with read-only access to the S3 bucket. Share the role’s Amazon Resource Name (ARN) with external users.
Correct Answer: A. Use S3 pre-signed URLs to share the documents with external users. Set the expiration time to 7 days.
Explanation
Using S3 pre-signed URLs is the most secure and effective way to share documents stored in an Amazon S3 bucket with external users. S3 pre-signed URLs allow generating time-limited URLs for specific resources, enabling external users to access those resources without exposing AWS credentials. By setting the URL expiration to 7 days, access is automatically revoked after the specified period, limiting external users’ document access. Other options (B, C, D) are less secure and less effective than using S3 pre-signed URLs for sharing documents. 【Lantern Certification provided by: swufelp1999】