SAA-C03 Question #111: Real Exam Question with Answer & Explanation

Question

A company wants to publish a private website for its on-premises employees. The website consists of several HTML pages and image files. The website must be available only through HTTPS and must be available only to on-premises employees. A solutions architect plans to store the website files in an Amazon S3 bucket. Which solution will meet these requirements?

Options

• ACreate an S3 bucket policy to deny access when the source IP address is not the public IP
• BCreate an S3 access point to provide website access. Attach an access point policy to deny
• CCreate an Amazon CloudFront distribution that includes an origin access control (OAC) that is
• DCreate an Amazon CloudFront distribution that includes an origin access control (OAC) that is

Explanation

This solution usesCloudFrontto serve the website securely over HTTPS using AWS Certificate Manager (ACM) for SSL certificates.Origin Access Control (OAC)ensures that only CloudFront can access the S3 bucket directly. AWS WAF with an IP set rule restricts access to the website, allowing only the on-premises IP address. Route 53 is used to create an alias record pointing to the CloudFront distribution. This setup ensures secure, private access to the website with low administrative overhead. Option A and B: S3 bucket policies and access points do not provide HTTPS support, nor do they offer the same level of security as CloudFront with WAF. Option D: Signed URLs are more suitable for temporary, expiring access rather than a permanent solution for on-premises employees.

No community discussion yet for this question.