Which features can be used to restrict access to data in S3? (Choose two.)
Set an S3 ACL on the bucket or the object.
Create a CloudFront distribution for the bucket.
Set an S3 bucket policy.
Enable IAM Identity Federation
Use S3 Virtual Hosting
Amazon S3 is secure by default. Only the bucket and object owners originally have access to Amazon S3
resources they create. Amazon S3 supports user authentication to control access to data. You can use access
control mechanisms such as bucket policies and Access Control Lists (ACLs) to selectively grant permissions
to users and groups of users. You can securely upload/download your data to Amazon S3 via SSL endpoints
using the HTTPS protocol. If you need extra security you can use the Server Side Encryption (SSE) option or
the Server Side Encryption with Customer-Provide Keys (SSE-C) option to encrypt data stored-at-rest. Amazon
S3 provides the encryption technology for both SSE and SSE-C. Alternatively you can use your own encryption
libraries to encrypt data before storing it in Amazon S3.