New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAA-C03 Exam - Topic 11 Question 23 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 23
Topic #: 11
[All SAA-C03 Questions]

A company wants to use an AWS CloudFormatlon stack for its application in a test environment. The company stores the CloudFormation template in an Amazon S3 bucket that blocks public access. The company wants to grant CloudFormation access to the template in the S3 bucket based on specific user requests to create the test environment The solution must follow security best practices.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

it allows CloudFormation to access the template in the S3 bucket without granting public access or creating additional resources. A presigned URL is a URL that is signed with the access key of an IAM user or role that has permission to access the object. The presigned URL can be used by anyone who receives it, but it expires after a specified time. By creating a presigned URL for the template object and configuring the CloudFormation stack to use it, the company can grant CloudFormation access to the template based on specific user requests and follow security best practices. Reference:

Using Amazon S3 Presigned URLs

Using Amazon S3 Buckets


by Hermila at Oct 06, 2023, 06:00 PM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lenna
3 months ago
C sounds interesting, but is a presigned URL really secure enough?
upvoted 0 times
...
Richelle
3 months ago
Wait, why would anyone choose D? That sounds risky!
upvoted 0 times
...
Chun
4 months ago
Not sure about B, API Gateway adds unnecessary complexity.
upvoted 0 times
...
Shawna
4 months ago
I agree, A is the best choice for security best practices!
upvoted 0 times
...
Derrick
4 months ago
Option A seems solid, using a gateway VPC endpoint is secure.
upvoted 0 times
...
Lou
4 months ago
I’m not confident about option B; using an API Gateway seems overly complicated just to access a CloudFormation template.
upvoted 0 times
...
Talia
4 months ago
I feel like we practiced a similar question about VPC endpoints before, so option A might be the right choice since it keeps everything secure.
upvoted 0 times
...
Carolann
5 months ago
I think using a presigned URL in option C could be a good way to grant temporary access, but I'm not entirely sure how secure that is in the long run.
upvoted 0 times
...
Felix
5 months ago
I remember discussing the importance of keeping S3 buckets private, so option D seems really risky.
upvoted 0 times
...
Isabelle
5 months ago
I'm feeling pretty confident about this question. Option B with the API Gateway seems like the most secure and flexible solution that meets the requirements.
upvoted 0 times
...
Mozell
5 months ago
I'm not sure about this one. I'll need to double-check the details on how to properly configure the API Gateway and CloudFormation stack to work together securely.
upvoted 0 times
...
Pok
5 months ago
Okay, I think I've got this. The key is to grant access to the CloudFormation stack without exposing the S3 bucket publicly. Option C with the presigned URL seems like the way to go.
upvoted 0 times
...
Trina
5 months ago
Hmm, I'm a bit confused by the different options. I'll need to review the security implications of each approach before deciding.
upvoted 0 times
...
Elfrieda
5 months ago
This looks like a tricky security question. I'll need to think through the options carefully to find the best solution that follows best practices.
upvoted 0 times
...
Albina
5 months ago
I remember learning about this in class, but I'm drawing a blank right now. I'll just take my best guess and hope for the best.
upvoted 0 times
...
Yolande
5 months ago
I'm a little confused by the wording of these options. I'll need to think carefully about the precise requirements for a CMDB and how they map to the choices provided. Hopefully I can eliminate a couple of the options and then make an educated guess.
upvoted 0 times
...
Edelmira
5 months ago
I'm feeling confident about this one. I think I can quickly identify the two expressions that evaluate to True.
upvoted 0 times
...
Janella
5 months ago
I'd eliminate option D immediately - contacting past employers about job hunting would be super unprofessional. That helps narrow it down.
upvoted 0 times
...
Ivan Quevedo
2 years ago
Minimum privilegies
upvoted 1 times
...

Save Cancel