🔥 3-day streak
AWS Certified Security - Specialty5 / 157
Question 5 of 157
A media company serves static video assets from an S3 bucket through a CloudFront distribution. The security team discovers that users can bypass CloudFront and download objects directly using the S3 bucket's website endpoint URLs, avoiding WAF rules and geo-restrictions applied at the edge. The team wants to ensure all access to the S3 objects is only possible through CloudFront, using the most current AWS-recommended mechanism. What should they implement?
Reviewed for accuracy · Report an issueNext question