AWS Certified Developer – Associate (DVA-C02) — Question 14

A company hosts a client-side web application for one of its subsidiaries on Amazon S3. The web application can be accessed through Amazon CloudFront from https://www.example.com. After a successful rollout, the company wants to host three more client-side web applications for its remaining subsidiaries on three separate S3 buckets.
To achieve this goal, a developer moves all the common JavaScript files and web fonts to a central S3 bucket that serves the web applications. However, during testing, the developer notices that the browser blocks the JavaScript files and web fonts.
What should the developer do to prevent the browser from blocking the JavaScript files and web fonts?

Answer options

• A. Create four access points that allow access to the central S3 bucket. Assign an access point to each web application bucket.
• B. Create a bucket policy that allows access to the central S3 bucket. Attach the bucket policy to the central S3 bucket
• C. Create a cross-origin resource sharing (CORS) configuration that allows access to the central S3 bucket. Add the CORS configuration to the central S3 bucket.
• D. Create a Content-MD5 header that provides a message integrity check for the central S3 bucket. Insert the Content-MD5 header for each web application request.

Correct answer: C

Explanation

The correct answer is C because a CORS configuration allows the browser to access resources from a different origin, which is necessary in this scenario since the web applications are trying to access shared resources in a central bucket. Options A and B do not address cross-origin issues, and option D, while related to integrity checks, does not prevent resource blocking by the browser.