Question : You are building a system to distribute confidential training videos to employees. Using CloudFront, what method would be used to serve content that is stored in S3, but not publicly accessible from S3 directly?
1. Create an Origin Access Identify (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI. 2. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM user. 3. Access Mostly Uused Products by 50000+ Subscribers
Explanation: Typically, if you're using an Amazon S3 bucket as the origin for a CloudFront distribution, you grant everyone permission to read the objects in your bucket. This allows anyone to access your objects using either the CloudFront URL or the Amazon S3 URL. CloudFront doesn't expose Amazon S3 URLs, but your users may have those URLs if your application serves any objects directly from Amazon S3 or if anyone gives out direct links to specific objects in Amazon S3.
If you want to use CloudFront signed URLs to provide access to objects in your Amazon S3 bucket, you probably also want to prevent users from accessing your Amazon S3 objects using Amazon S3 URLs. If users access your objects directly in Amazon S3, they bypass the controls provided by CloudFront signed URLs, including control over when a URL expires and control over which IP addresses can be used to access the objects. In addition, if users access objects using both CloudFront URLs and Amazon S3 URLs, CloudFront access logs are less useful because they're incomplete.
You restrict access to Amazon S3 content by creating an origin access identity, which is a special CloudFront user. You change Amazon S3 permissions to give the origin access identity permission to access your objects, and to remove permissions from everyone else. When your users access your Amazon S3 objects using CloudFront URLs, the CloudFront origin access identity gets the objects on your users' behalf. If your users try to access objects using Amazon S3 URLs, they're denied access. The origin access identity has permission to access objects in your Amazon S3 bucket, but users don't.
Question : Which of the following will occur when an EC2 instance in a VPC (Virtual Private Cloud) with an associated Elastic IP is stopped and started?
Explanation: Versioning allows you to preserve, retrieve, and restore every version of every file in an Amazon S3 bucket. Once you enable Versioning for a bucket, Amazon S3 preserves existing files anytime you overwrite or delete them.
1. Use cost allocation reports and AWS Opsworks to deploy and manage your infrastructure. 2. Use AWS CloudWatch metrics and alerts along with resource tagging to deploy and manage your infrastructure. 3. Access Mostly Uused Products by 50000+ Subscribers 4. Use AWS CloudFormation and a version control system like GIT to deploy and manage your infrastructure.