Which action is a security best practice for access to sensitive data that is stored in an Amazon S3 bucket? A. Enable S3 Cross-Region Replication (CRR) on the S3 bucket. B. Use IAM roles for applications that require access to the S3 bucket. C. Configure AWS WAF to prevent unauthorized access to the S3 bucket. D. Configure Amazon GuardDuty to prevent unauthorized access to the S3 bucket.