An engineering company needs to share project documents stored in the Amazon EC2 instance with global vendors. These Amazon EC2 instances are front-ended by Amazon CloudFront. The Security Team wants to restrict access to individual project documents so that only specific vendors can have access to individual documents.
Which setting can be done with Amazon CloudFront to restrict this access?

Answer options:

A.Use Field Level encryption.
B.Use OAI.
C.Use Signed URLs
D.Use Signed Cookies.

Correct Answer: C
Amazon CloudFront Signed URLs and Signed Cookies can be used to control access to data stored in Amazon EC2 instances. Signed URLs can be used in case of access needs to be restricted to individual files.
Option A is incorrect as this helps protect sensitive data; it won’t help to restrict access.
Option B is incorrect as OAI can be used to control access to data stored in the Amazon S3 bucket.
Option D is incorrect as Signed Cookies are useful if access is provided for multiple files.
For more information on the difference between Signed cookies and signed URLs, refer to the following URL,
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.html