ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 343 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 343
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A solutions architect wants to make sure that only AWS users or roles with suitable permissions can access a new Amazon API Gateway endpoint. The solutions architect wants an end-to-end view of each request to analyze the latency of the request and create service maps.

How can the solutions architect design the API Gateway access control and perform request inspections?

  • A. For the API Gateway method, set the authorization to AWS_IAM. Then, give the IAM user or role execute-api:Invoke permission on the REST API resource. Enable the API caller to sign requests with AWS Signature when accessing the endpoint. Use AWS X-Ray to trace and analyze user requests to API Gateway.
  • B. For the API Gateway resource, set CORS to enabled and only return the company's domain in Access-Control-Allow-Origin headers. Then, give the IAM user or role execute-api:Invoke permission on the REST API resource. Use Amazon CloudWatch to trace and analyze user requests to API Gateway.
  • C. Create an AWS Lambda function as the custom authorizer, ask the API client to pass the key and secret when making the call, and then use Lambda to validate the key/secret pair against the IAM system. Use AWS X-Ray to trace and analyze user requests to API Gateway.
  • D. Create a client certificate for API Gateway. Distribute the certificate to the AWS users and roles that need to access the endpoint. Enable the API caller to pass the client certificate when accessing the endpoint. Use Amazon CloudWatch to trace and analyze user requests to API Gateway.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Totoroha at Nov. 23, 2023, 11:44 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
vibzr2023
Highly Voted 1 year, 3 months ago
Answer: A Keyword "X-ray" AWS X-Ray is used to trace and analyze user requests to API Gateway, providing an end-to-end view of each request and helping analyze latency. This meets the requirement for creating service maps and analyzing request latency.
upvoted 5 times
...
AzureDP900
Most Recent 5 months, 2 weeks ago
A is right By setting the authorization to AWS_IAM for the API Gateway method, only users or roles with suitable permissions can access the endpoint. Using execute-api:Invoke permission ensures that only intended resources are accessible. Enabling API callers to sign requests with AWS Signature adds an additional layer of security, ensuring that only authorized parties have access to the resource. Using AWS X-Ray for tracing and analyzing user requests provides end-to-end visibility into each request, allowing the solutions architect to analyze latency, create service maps, and identify potential issues or bottlenecks in the system. This approach helps maintain a secure, efficient, and manageable API Gateway endpoint.
upvoted 1 times
...
sarlos
11 months, 3 weeks ago
Why not C ?
upvoted 1 times
JoeTromundo
6 months, 3 weeks ago
Because a Lambda custom authorizer can validate tokens or credentials but is more complex than necessary when AWS_IAM authorization is already suitable. AWS_IAM can directly control access based on IAM roles and policies, making it simpler and more secure for restricting access. The question specifies using IAM permissions for access control, making AWS_IAM a better fit, so the correct answer is A.
upvoted 2 times
...
...
TonytheTiger
1 year, 1 month ago
Selected Answer: A
Option A - https://aws.amazon.com/blogs/aws/apigateway-xray/
upvoted 1 times
...
Maygam
1 year, 3 months ago
Selected Answer: A
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-xray.html
upvoted 3 times
...
ayadmawla
1 year, 4 months ago
Selected Answer: A
A - See: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html#api-gateway-who-can-invoke-an-api-method-using-iam-policies
upvoted 2 times
...
nublit
1 year, 5 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
Russs99
1 year, 5 months ago
A is correct, use Ian and role for authentication and x-ray for tracing and analyzing
upvoted 1 times
...
salazar35
1 year, 5 months ago
Selected Answer: A
A - Use X-ray
upvoted 3 times
...
Totoroha
1 year, 5 months ago
Answer is A
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago