ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 293 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 293
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company is building a web application on AWS. The company is using Amazon CloudFront with a domain name of www.example.com. All traffic to CloudFront must be encrypted in transit. The company already has provisioned an SSL certificate for www.example.com in AWS Certificate Manager (ACM).

Which combination of steps should a SysOps administrator take to encrypt the traffic in transit? (Choose two.)

  • A. For each cache behavior in the CloudFront distribution, modify the Viewer Protocol Policy setting to redirect HTTP to HTTPS.
  • B. For each cache behavior in the CloudFront distribution, modify the Viewer Protocol Policy setting to allow HTTP and HTTPS.
  • C. Enter the alternate domain name (CNAME) of www.example.com for the CloudFront distribution. Select the custom SSL certificate.
  • D. Configure an AWS WAF web ACL for the CloudFront distribution.
  • E. Configure CloudFront Origin Shield for the CloudFront origin.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by Zotarix at July 24, 2023, 2:17 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AWSdeveloper08
8 months, 2 weeks ago
Selected Answer: AC
To encrypt the traffic in transit for a web application using Amazon CloudFront with an SSL certificate from AWS Certificate Manager (ACM), you should take the following steps: C. Enter the alternate domain name (CNAME) of www.example.com for the CloudFront distribution. Select the custom SSL certificate: This step ensures that CloudFront is configured to use the custom SSL certificate from ACM for encrypting the traffic between the viewer (client) and CloudFront. A. For each cache behavior in the CloudFront distribution, modify the Viewer Protocol Policy setting to redirect HTTP to HTTPS: This step enforces the use of HTTPS by redirecting any HTTP requests to HTTPS. This is an important security practice to ensure that all traffic is encrypted in transit.
upvoted 3 times
...
Zotarix
9 months, 3 weeks ago
AC is correct. On the settings when you create a new CF distribution the second parameter is Alternate domain name (CNAME) - optional here you can add the domain name you will use to access to the CF distribution. And in the bahavior config you need to check "Redirect HTTP to HTTPS" option in the viewer protocol policy.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago