SAA-C03 · Question #483
SAA-C03 Question #483: Real Exam Question with Answer & Explanation
The correct answer is B: Configure geographic restrictions in CloudFront.. CloudFront geographic restrictions (also known as geo-blocking) allow you to allow or deny content delivery to specific countries with minimal configuration. "You can use geo restriction, also known as geoblocking, to prevent users in specific geographic locations from accessing
Question
A company uses an Amazon CloudFront distribution to serve thousands of media files to users. The CloudFront distribution uses a private Amazon S3 bucket as an origin. A solutions architect must prevent users in specific countries from accessing the company's files. Which solution will meet these requirements in the MOST operationally-efficient way?
Options
- ARequire users to access the files by using CloudFront signed URLs.
- BConfigure geographic restrictions in CloudFront.
- CRequire users to access the files by using CloudFront signed cookies.
- DConfigure an origin access control (OAC) between CloudFront and the S3 bucket.
Explanation
CloudFront geographic restrictions (also known as geo-blocking) allow you to allow or deny content delivery to specific countries with minimal configuration. "You can use geo restriction, also known as geoblocking, to prevent users in specific geographic locations from accessing content that you're distributing through a CloudFront web distribution." This is the most operationally efficient approach - no code, no signed URL logic. Incorrect Options: A/C: Signed URLs/cookies are for individual access control, not geo-blocking. D: OAC controls access between CloudFront and S3, not to block specific countries.
Community Discussion
No community discussion yet for this question.