AWS Certified Solutions Architect – Associate (SAA-C03) — Question 525

A global video streaming company uses Amazon CloudFront as a content distribution network (CDN). The company wants to roll out content in a phased manner across multiple countries. The company needs to ensure that viewers who are outside the countries to which the company rolls out content are not able to view the content.

Which solution will meet these requirements?

Answer options

• A. Add geographic restrictions to the content in CloudFront by using an allow list. Set up a custom error message.
• B. Set up a new URL tor restricted content. Authorize access by using a signed URL and cookies. Set up a custom error message.
• C. Encrypt the data for the content that the company distributes. Set up a custom error message.
• D. Create a new URL for restricted content. Set up a time-restricted access policy for signed URLs.

Correct answer: A

Explanation

Amazon CloudFront's geographic restriction feature allows you to restrict access to your content based on the viewer's country using an allow list, making Option A the most direct and native solution. Options B and D, which involve signed URLs or cookies, are designed for private content access control rather than country-based blocking. Option C focuses on data encryption, which secures content in transit or at rest but does not inherently prevent access based on geographical location.