diff --git a/src/main/java/life/mosu/mosuserver/global/filter/Whitelist.java b/src/main/java/life/mosu/mosuserver/global/filter/Whitelist.java
index df4ac672..5f70c3b5 100644
--- a/src/main/java/life/mosu/mosuserver/global/filter/Whitelist.java
+++ b/src/main/java/life/mosu/mosuserver/global/filter/Whitelist.java
@@ -21,6 +21,7 @@ public enum Whitelist {
     SWAGGER_UI("/api/v1/swagger-ui", WhitelistMethod.ALL),
     VIRTUAL_ACCOUNT("/api/v1/virtual-account", WhitelistMethod.ALL),
     ADMISSION_TICKET("/api/v1/admission-ticket", WhitelistMethod.ALL),
+    FILE("/api/v1/s3", WhitelistMethod.ALL),
 
     // 정적 리소스
     CSS("/api/v1/css", WhitelistMethod.GET),
@@ -39,6 +40,16 @@ public enum Whitelist {
     EVENT("/api/v1/event", WhitelistMethod.GET),
     FAQ("/api/v1/faq", WhitelistMethod.GET),
     NOTICE("/api/v1/notice", WhitelistMethod.GET),
+    USER_ID_CHECK("/api/v1/user/check-id", WhitelistMethod.GET),
+    CUSTOMER_KEY_CHECK("/api/v1/user/customer-key", WhitelistMethod.GET),
+    EXAM("/api/v1/exam", WhitelistMethod.GET),
+    EXAM_AREAS("/api/v1/exam/areas", WhitelistMethod.GET),
+    EXAM_ALL("/api/v1/exam/all", WhitelistMethod.GET),
+
+    //USER find-id
+    USER_FIND_ID("/api/v1/user/me/find-id", WhitelistMethod.POST),
+    //USER find-password
+    USER_FIND_PASSWORD("/api/v1/user/me/find-password", WhitelistMethod.POST),
 
     APPLICATION_GUEST("/api/v1/applications/guest", WhitelistMethod.ALL);
     private final String path;
diff --git a/src/main/java/life/mosu/mosuserver/presentation/exam/ExamController.java b/src/main/java/life/mosu/mosuserver/presentation/exam/ExamController.java
index 25469fe1..5ff384c2 100644
--- a/src/main/java/life/mosu/mosuserver/presentation/exam/ExamController.java
+++ b/src/main/java/life/mosu/mosuserver/presentation/exam/ExamController.java
@@ -37,7 +37,6 @@ public ResponseEntity<ApiResponseWrapper<Void>> register(
     }
 
     @GetMapping("/all")
-    @PreAuthorize("isAuthenticated() and hasRole('ADMIN')")
     public ResponseEntity<ApiResponseWrapper<List<ExamResponse>>> getExams() {
         List<ExamResponse> response = examService.getExams();
         return ResponseEntity.ok(
@@ -45,7 +44,6 @@ public ResponseEntity<ApiResponseWrapper<List<ExamResponse>>> getExams() {
     }
 
     @GetMapping
-    @PreAuthorize("isAuthenticated() and hasRole('USER')")
     public ResponseEntity<ApiResponseWrapper<List<ExamResponse>>> getByArea(
             @RequestParam String areaName
     ) {
@@ -55,7 +53,6 @@ public ResponseEntity<ApiResponseWrapper<List<ExamResponse>>> getByArea(
     }
 
     @GetMapping("/areas")
-    @PreAuthorize("isAuthenticated() and hasRole('USER')")
     public ResponseEntity<ApiResponseWrapper<List<String>>> getDistinctAreas() {
         List<String> response = examService.getDistinctAreas();
         return ResponseEntity.ok(