SAA-C03 Question #217: Real Exam Question with Answer & Explanation

Question

A company is redesigning a static website. The company needs a solution to host the new website in the company's AWS account. The solution must be secure and scalable. Which combination of solutions will meet these requirements? (Select THREE.)

Options

• AConfigure an Amazon CloudFront distribution. Set the Amazon S3 bucket as the origin.
• BAssociate an AWS Certificate Manager (ACM) TLS certificate to the Amazon CloudFront
• CEnable static website hosting for the Amazon S3 bucket.
• DCreate an Amazon S3 bucket to store the static website content.
• EExport the website's SSL/TLS certificate from AWS Certificate Manager (ACM) to the root of the
• FTurn off Block Public Access for the Amazon S3 bucket.

Explanation

Host a new static website on AWS securely and scalably.

Common mistakes.

• C. Enabling static website hosting on the S3 bucket makes it publicly accessible via an S3 website endpoint, which is less secure than using CloudFront with an Origin Access Control (OAC) or Origin Access Identity (OAI) for private bucket access.
• E. AWS Certificate Manager (ACM) certificates cannot be exported from ACM; they are directly integrated with services like CloudFront.
• F. Turning off Block Public Access for the S3 bucket would make its content directly public, which is a security risk; it's best practice to keep Block Public Access enabled and use CloudFront's OAC/OAI to access the bucket privately.

Concept tested. Secure scalable static website hosting, S3, CloudFront, ACM

Reference. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/IntroductionS3Origin.html

No community discussion yet for this question.