❎
TutorialsDojo Wrong Answers
  • Points to remember for the exam
  • Jon Bonso (TutorialsDojo) Test Scores
  • Test 1 (70%)
    • Tracking Policies
    • Run an ECS Task When a File is Uploaded to an S3 Bucket using CloudWatch Events
    • Choosing the right Partition Key
    • Choosing the right EBS volume type
    • Throttle API requests for better throughput
    • Optimizing high availability with CloudFront origin failover
    • Storage Gateway vs FSx
    • RDS Read Replicas vs Multi-AZ Deployments
    • RDS Enhanced Monitoring & CloudWatch
    • Lifecycle Policies
    • Redshift enhanced VPC routing
    • Querying external data using Amazon Redshift Spectrum
    • How to Connect Your On-Premises Active Directory to AWS Using AD Connector
    • NAT Gateways
    • EC2 Auto Scaling
    • IAM database authentication for MySQL and PostgreSQL
    • SUMMARY
  • Test 2 (69%)
    • Synchronous & Asynchronous Lambda
    • S3 Static Website Hosting & CloudFront
    • Shard Iterator Expires Unexpectedly
    • Bastion Host Architecture
    • CodeDeploy deployment types
    • Route 53 Geolocation vs Route 53 Geopriximity vs CloudFront geo-restriction
    • VPC IP Addresses
    • SQS Message Retention
    • Routing traffic to a website that is hosted in a S3 bucket
    • Choosing the right EBS volume type
    • EBS Volumes Facts
    • Auto Scaling Group Cooldown Period
    • Monitoring memory and disk metrics for EC2 instances
    • Geoproximity vs Geolocation
    • VPC Endpoints
    • Edge to edge routing
    • Temporary security credentials in IAM
    • Configuring instances in different subnets to communicate to each other
    • SUMMARY
  • Test 3 (66%)
    • S3 Consistency
    • Selling in the Reserved Instance Marketplace
    • DDoS Mitigation
    • Managing Throughput Capacity Automatically with DynamoDB Auto Scaling
    • Kinesis Data Streams
    • S3 Single PUT Limit
    • CloudFormation Resource Attributes
    • Redshift
    • S3 Glacier Provisioned Capcity
    • Launch Configurations
    • Active-active and active-passive failover
    • File Gateway vs Volume Gateway
    • EC2 Instance Store Lifetime
    • RDS Backups for over 35 days
    • Simple Workflow Service (SWF)
    • EC2 Service Limits
    • Restricting Access to S3 Content by using an Origin Access Identity (OAI)
    • NACL Rules
    • Cross-account access to objects that are stored in S3 buckets
    • S3 Encryption
    • SUMMARY
  • Test 4 (82%)
    • Importing an SSL/TLS Certificate
    • S3 Network Costs
    • Step Functions vs SWF
    • EBS Performance vs S3
    • Global Accelerator
    • Provisioned IOPS SSD Volumes
    • SWF
    • RAID 0 vs RAID 1
    • RDS Enhanced Monitoring
    • AWS X-Ray
    • VPC Security Groups
    • Federating users by creating a custom identity broker application
    • SUMMARY
  • Test 5 (72%)
    • AWS Storage Gateway Hardware Appliance
    • General Purpose SSD volumes (gp2)
    • SQS short and long polling
    • EFA vs ENA vs ENI vs ParallelCluster
    • Auto Scaling lifecycle hooks
    • High availability for Aurora
    • Redshift vs Aurora
    • CloudFormation Outputs
    • Setting Up Route 53 Zone Apex Support with a Load Balancer
    • What is encrypted in EBS?
    • Systems Manager Run Command
    • Establish a connection to your EC2 instance
    • IAM
    • Amazon WorkSpaces
    • Usability of EBS Volumes while Snapshots are being created
    • Access logs for your ELBs
    • API Gateway HTTPS Endpoint
    • "Server refused our key" error
    • SUMMARY
  • Test 6 (78%)
    • Managing how long content stays in the cache (expiration)
    • Troubleshooting instance launch issues
    • Enhanced networking on Linux Instances
    • Best practices for working with MySQL storage engines
    • Replication with Aurora
    • Using Lambda with Kinesis
    • Inter-Region VPC Peering
    • Multi-AZ Cost Optimization
    • RDS Multi-AZ Deployments
    • RDS encryption in-transit (SSL)
    • Require that objects grant the bucket owner full control
    • Identity Federation
    • Enabling internet access in a VPC
    • Endpoint groups for standard accelerators in Global Accelerator
    • SUMMARY
  • Final Test
    • SQS FIFO + SWF
    • Bastion Host Login
    • Redshift Cross-Region Snapshots
    • Default VPC vs Non-default VPC DNS
    • Customer Gateway
    • Bucket owner granting cross-account bucket permissions
Powered by GitBook
On this page

Was this helpful?

  1. Test 3 (66%)

Restricting Access to S3 Content by using an Origin Access Identity (OAI)

  • Create a special CloudFront user called an origin access identity (OAI) and associate it with your distribution.

  • Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there.

  • After you take these steps, users can only access your files through CloudFront, not directly from the S3 bucket.

PreviousEC2 Service LimitsNextNACL Rules

Last updated 4 years ago

Was this helpful?