AWS Certified SysOps Administrator SOA-C01 – Question709

An Amazon S3 bucket in a SysOps Administrator’s account can be accesses by users in other SWS accounts.
How can the Administrator ensure that the bucket is only accessible to members of the Administrator’s AWS account?

A.
Move the S3 bucket from a public subnet to a private subnet in the Amazon VPC.
B. Change the bucket access control list (ACL) to restrict access to the bucket owner.
C. Enable server-side encryption for all objects in the bucket.
D. Use only Amazon S3 presigned URLs for accessing objects in the bucket.