You are setting up a website for a small company. This website serves up images and is very resource intensive. You have decided to serve up the images using Cloudfront. There is a requirement though the content should be served up using a custom domain and should work with https.

Answer options:

A.You must provision and configure your own SSL certificate in Route 53 and associate it to your CloudFront distribution.
B.You must provision Server Name Indication (SNI) Custom SSL for your CloudFront Distribution.
C.You must provision and configure an ALIAS in Route 53 and associate it to your CloudFront distribution.
D.You must create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket where the images are stored.

Answer – B and C
Custom SSL certificate support lets you deliver content over HTTPS using your own domain name and your own SSL certificate. This gives visitors to your website the security benefits of CloudFront over an SSL connection that uses your own domain name in addition to lower latency and higher reliability.
Note: Please note that some older browsers do not support SNI and will not be able to establish a connection with CloudFront to load the HTTPS version of your content. 
https://aws.amazon.com/cloudfront/custom-ssl-domains/
Option C is correct. If we want to use our own domain name, we need to use Amazon Route 53 to create an alias record that points to our CloudFront distribution.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html
Option A is incorrect because a custom SSL certificate or third-party certificate can not be configured in Route53.
Option D is incorrect because Origin Access identity(OAI) does not deal with custom SSL. It is only used to ensure that the origin is accessible with CloudFront distribution only.
More information on Custom SSL Domains:
AWS Cloudfront can use IAM certificates.
Reference Link: 
https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-custom-certificate/
Also, there is a discussion forum on the same topic ""ssl certificate IAM" in the Amazon CloudFront Discussion Forum". 
It is helpful in understanding this topic further.
For more information on CloudFront custom SSL domains, please visit the below URL-
https://aws.amazon.com/cloudfront/custom-ssl-domains/