Answer - A.
The AWS Documentation gives an example on the same.
Option B is incorrect since the condition needs to be put in the Bucket policy.
Option C is incorrect since this is only used for MFA Delete for accidental deletion of objects.
Option D is incorrect since CORS is only used for cross-domain access.