A media company uses Amazon CloudFront to deliver publicly available streaming video stored in Amazon S3. The company wants to control who can access the S3-hosted video. Some users use a custom HTTP client that does not support cookies. Some users cannot change hardcoded URLs they use to access the content. Which services or methods meet these requirements with the LEAST impact to users? (Choose two.)
Choose an answer
Tap an option to check your answer.
Correct answer: Signed cookies, Signed URLs.
Why this is the answer
Signed cookies and signed URLs are the correct choices because they allow controlled access to CloudFront content. Signed URLs are ideal for users with hardcoded URLs or custom HTTP clients that don't support cookies, as the signature is part of the URL itself. Signed cookies are suitable for users whose clients support cookies and who access multiple restricted files. Both methods provide time-limited access and can restrict access based on IP address. AWS AppSync is a managed service for building scalable GraphQL APIs, not for content access control. JSON Web Tokens (JWTs) are for securely transmitting information between parties as a JSON object, but CloudFront doesn't natively support them for direct access control to S3 content. AWS Secrets Manager is for managing secrets like database credentials, not for controlling access to CloudFront content.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed