Q23 — AWS SAA-C03 Ch.1

Question 23 of 65 | ← Chapter 1

Q23. A solution architect must design a solution that uses Amazon CloudFront with an Amazon S3 to store a static website.The company security policy requires that all websites traffic be inspected by AWS WAF.How should the solution architect company with these requirements?

Correct Answer: D. Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket. Enable AWS WAF on the distribution.

Explanation

Use OAI to restrict direct access to S3 by exposing the content only at the CloudFront layer. Use WAF in front of CloudFront to intercept requests beforehand