🔥 3-day streak
AWS Certified Security - Specialty9 / 184
Question 9 of 184

A company serves static content from a private S3 bucket through a CloudFront distribution. Security review reveals that the S3 objects can still be downloaded directly using their public S3 URLs, bypassing CloudFront (and its attached WAF web ACL). The team must ensure content is only reachable through CloudFront while following current AWS best practices. What should they implement?

Reviewed for accuracy · Report an issueNext question