Q57 — AWS SAA-C03 Ch.5
Question 57 of 65 | ← Chapter 5
Q357. A company uses AWS and sells access to copyrighted images. The company's global customer base needs to be able to access these images quickly. The company must deny access to users from specific countries.The company wants to minimize costs as much as possible.Which solution will meet these requirements?
- A. Use Amazon S3 to store the images. Turn on multi-factor authentication (MFA) and public bucket access. Provide customers with a link to the S3 bucket
- B. Use Amazon S3 to store the images. Create an IAM user for each customer. Add the users to a group that has permission to access the S3 bucket
- C. Use Amazon EC2 instances that are behind Application Load Balancers (ALBs) to store the images.Deploy the instances only in the countries the companyservices. Provide customers with links to the ALBs for their specific country's instances
- D. Use Amazon S3 to store the images. Use Amazon CloudFront to distribute the images with geographic restrictions. Provide a signed URL for each customer to access the data in CloudFront ✓
Correct Answer: D. Use Amazon S3 to store the images. Use Amazon CloudFront to distribute the images with geographic restrictions. Provide a signed URL for each customer to access the data in CloudFront
Explanation
Option D will meet the given requirements.D. Use Amazon S3 to store the images. Use Amazon CloudFront to distribute the images with geographic restrictions. Provide a signed URL for each customer to access the data in CloudFront:This solution uses Amazon S3 to store the copyrighted images and Amazon CloudFront to distribute them globally with geographic restrictions, thus ensuring that only customers from allowed countries can access the data. Using signed URLs enables the company to provide secure access to these images while minimizing costs by leveraging the global network of CloudFront edge locations. This solution also eliminates the need to create IAM users or deploy EC2 instances in specific countries, simplifying the architecture.Option A is not a recommended best practice as it involves unnecessarily enabling multi-factor authentication (MFA) and public bucket access, which could pose a security risk. Option B is not scalable as creating an IAM user for each customer can quickly become unmanageable. Option C requires the deployment of separate EC2 instances in each country, which can be expensive and difficult to manage.