Your company is planning to store sensitive documents in an S3 bucket. They want to keep the documents private but serve content only to selected users based on a particular time frame. Which of the following can help you accomplish this?

Answer options:

A.Enable CORS for the S3 bucket
B.Use KMS and enable encryption for the files
C.Create pre-signed URL’s
D.Enable versioning for the S3 bucket

Answer – C
The AWS Documentation mentions the following.
A pre-signed URL gives you access to the object identified in the URL, provided that the creator of the pre-signed URL has permissions to access that object. That is, if you receive a pre-signed URL to upload an object, you can upload the object only if the creator of the pre-signed URL has the necessary permissions to upload that object.
All objects and buckets by default are private. The pre-signed URLs are useful if you want your user/customer to be able to upload a specific object to your bucket, but you don`t require them to have AWS security credentials or permissions. When you create a pre-signed URL, you must provide your security credentials and then specify a bucket name, an object key, an HTTP method (PUT for uploading objects), and an expiration date and time. The pre-signed URLs are valid only for the specified duration.
Option A is incorrect since this is used for Cross-origin access.
Option B is incorrect since this is used for encryption purposes.
Option D is incorrect since this is used for versioning.
For more information on pre-signed URL’s, please refer to the below URL-
https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html