ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 71 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 71
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Security Engineer must add additional protection to a legacy web application by adding the following HTTP security headers:
-Content Security-Policy
-X-Frame-Options
-X-XSS-Protection
The Engineer does not have access to the source code of the legacy web application.
Which of the following approaches would meet this requirement?

  • A. Configure an Amazon Route 53 routing policy to send all web traffic that does not include the required headers to a black hole.
  • B. Implement an AWS Lambda@Edge origin response function that inserts the required headers.
  • C. Migrate the legacy application to an Amazon S3 static website and front it with an Amazon CloudFront distribution.
  • D. Construct an AWS WAF rule to replace existing HTTP headers with the required security headers by using regular expressions.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by BillyC at Aug. 28, 2019, 12:17 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
polo
Highly Voted 3 years, 9 months ago
B is correct https://aws.amazon.com/blogs/networking-and-content-delivery/adding-http-security-headers-using-lambdaedge-and-amazon-cloudfront/
upvoted 31 times
ITGURU51
2 years, 1 month ago
Constructing an AWS WAF rule to replace existing HTTP headers would require changing the source code.
upvoted 1 times
...
...
josellama2000
Highly Voted 3 years, 9 months ago
Agreed , correct is B2 Lambda@Edge can inspect headers and insert a header to control access to your content before CloudFront forwards the request to your origin https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-the-edge.html
upvoted 16 times
...
virtual
Most Recent 1 year, 3 months ago
Selected Answer: B
I vote B because Lambda@Edge is the only way to modify headers. Though the question doesn't mention CloudFront, it didn't say you can't use it ...
upvoted 1 times
...
OCHT
2 years ago
Selected Answer: B
only lambda@edge
upvoted 1 times
...
ITGURU51
2 years, 1 month ago
B makes more sense because WAF's aren't typically used to insert headers.
upvoted 1 times
...
teknivor
2 years, 5 months ago
There is no CloudFront distribution so Lambda@Edge is not an option... Agree with Joe: https://aws.amazon.com/blogs/security/customize-requests-and-responses-with-aws-waf/
upvoted 3 times
...
cesar2000
2 years, 8 months ago
Selected Answer: B
Only B is possible. With WAF you don't have enough freedom with how to set headers to accomplish this (and even if you did, it's not the intended usecase of the product).
upvoted 1 times
...
ude
2 years, 11 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
Joe108_888
3 years, 2 months ago
https://aws.amazon.com/blogs/security/customize-requests-and-responses-with-aws-waf/
upvoted 1 times
...
skipbaylessfor3
3 years, 8 months ago
Oooh scuzzy2010 brought up a good point. B is assuming we're using Cloudfront. The question doesn't mention it though?
upvoted 1 times
skipbaylessfor3
3 years, 8 months ago
So according to this link (https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-incoming-request.html), WAF can only insert or add headers, it can't replace existing ones. D uses the word replace, which I think is incorrect, so yeah D is probably wrong
upvoted 3 times
...
...
scuzzy2010
3 years, 8 months ago
D could correct. B only applies if using Cloudfront. "AWS WAF now supports inserting HTTP headers to the user request when WAF allows the request to reach your application. You can use the Request Header Insertion feature to help validate that requests made to your application were evaluated by WAF and configure your application to only allow requests that contain the custom header values that you specify" https://aws.amazon.com/about-aws/whats-new/2021/03/aws-waf-adds-support-request-header-insertion/
upvoted 4 times
...
sanjaym
3 years, 8 months ago
Ans: B 100%
upvoted 2 times
...
Larsson
3 years, 8 months ago
B. The information is available from many sources.
upvoted 2 times
...
Edgecrusher77
3 years, 8 months ago
D is wrong, WAF will not change headers of your webpages Correct ans is B
upvoted 2 times
...
devjava
3 years, 8 months ago
Ans > B https://docs.aws.amazon.com/lambda/latest/dg/lambda-edge.html
upvoted 1 times
...
AfricanCloudGuru
3 years, 9 months ago
Ans (B) https://aws.amazon.com/blogs/networking-and-content-delivery/adding-http-security-headers-using-lambdaedge-and-amazon-cloudfront/
upvoted 3 times
rip72
3 years, 8 months ago
Link says it all without even needing to click on it.
upvoted 3 times
...
...
hozefa
3 years, 9 months ago
I had this question on my exam today. Correct answer is B
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel