Answer - C.
This is mentioned in the AWS Documentation.
Option A is invalid since it is used to specify the origins you want to allow cross-domain requests.
Option B is invalid since this is used to specify which headers are allowed in a preflight request through the Access-Control-Request-Headers header.
Option D is invalid since it is used to specify the time in seconds that your browser can cache the response for a preflight request identified by the resource, the HTTP method, and the origin.
For more information on CORS, please refer to the below URL-
https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html
The answer is (C) AllowedMethod Element.
Cross-Origin Resource Sharing (CORS) is a security feature implemented by web browsers that restricts web pages from making requests to a different domain than the one that served the web page. CORS is a way for servers to inform browsers about which domains are allowed to access its resources.
In S3, CORS configuration is done using an XML file that specifies rules for cross-origin access to resources in the bucket. The CORS configuration XML file can be uploaded to the S3 bucket via the AWS Management Console, CLI, or SDKs.
The CORS configuration file includes the following elements:
AllowedOrigin: Specifies the domain names that are allowed to make cross-origin requests to the S3 bucket.
AllowedHeader: Specifies which headers are allowed to be included in cross-origin requests.
AllowedMethod: Specifies which HTTP methods (e.g., GET, POST, PUT) are allowed for cross-origin requests. This is the element that needs to be modified in this scenario to allow only GET requests.
MaxAgeSeconds: Specifies the time period, in seconds, that the browser can cache the CORS response.
In the given scenario, the requirement is to allow external domain sites to issue only GET requests against the S3 bucket. Therefore, the AllowedMethod element needs to be modified to include only the GET HTTP method.
So, the correct answer is (C) AllowedMethod Element.
