ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam
Go to Exam

Exam AWS Certified Developer Associate topic 1 question 171 discussion

Exam question from Amazon's AWS Certified Developer Associate
Question #: 171
Topic #: 1
[All AWS Certified Developer Associate Questions]

A developer is writing a web application that is deployed on Amazon EC2 instances behind an internet-facing Application Load Balancer (ALB). The developer must add an Amazon CloudFront distribution in front of the ALB. The developer also must ensure that customer data from outside the VPC is encrypted in transit.

Which combination of CloudFront configuration settings should the developer use to meet these requirements? (Choose two.)

  • A. Restrict viewer access by using signed URLs.
  • B. Set the Origin Protocol Policy setting to Match Viewer.
  • C. Enable field-level encryption.
  • D. Enable automatic object compression.
  • E. Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by dark_cherrymon at Nov. 21, 2022, 3:51 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
k1kavi1
Highly Voted 2 years, 8 months ago
Selected Answer: CE
Amazon CloudFront encryption in transit best options are HTTPS & field-level encryption https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html
upvoted 12 times
...
pranay_2406
Highly Voted 2 years, 3 months ago
Selected Answer: BE
E. Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS: This ensures that customer data is encrypted in transit by redirecting HTTP requests to HTTPS. B. Set the Origin Protocol Policy setting to Match Viewer: This ensures that the communication between CloudFront and the ALB uses the same protocol as the viewer (HTTPS in this case), providing end-to-end encryption. By combining these settings, the developer can ensure that customer data is encrypted both in transit from the viewer to CloudFront (using HTTPS) and in transit from CloudFront to the ALB (matching the viewer's protocol). This helps maintain the security and privacy of customer data throughout the request/response cycle.
upvoted 6 times
pranay_2406
2 years, 3 months ago
A. Restrict viewer access by using signed URLs: While signed URLs can be used to control access to content and provide additional security measures, they do not specifically address the requirement of encrypting customer data in transit. Signed URLs are more relevant for controlling access to specific resources rather than securing data in transit. C. Enable field-level encryption: Field-level encryption is a feature that allows specific fields within a response to be encrypted, but it does not directly address the requirement of encrypting customer data in transit. Field-level encryption focuses on protecting specific data fields at rest or during storage, not during transit. D. Enable automatic object compression: Automatic object compression is a feature that reduces the size of content transferred from CloudFront to viewers by compressing the objects. While it can improve performance and reduce bandwidth usage, it does not directly address the requirement of encrypting customer data in transit.
upvoted 5 times
...
...
Lucky4Life
Most Recent 1 year, 2 months ago
Selected Answer: BE
Field-level encryption primarily safeguards specific data fields while they are at rest or stored, rather than during transit.
upvoted 1 times
...
51b1f29
1 year, 5 months ago
B and E. Field-level encryption is an additional layer of security that is done at @Edge so C is not correct i believe.
upvoted 1 times
...
dostonbekabdullaev
1 year, 7 months ago
Selected Answer: CE
CE is correct
upvoted 1 times
...
NaghamAbdellatif
1 year, 10 months ago
Selected Answer: CE
CloudFront Configuration**
upvoted 1 times
...
1176
2 years ago
Selected Answer: BE
YES CORRECT
upvoted 1 times
...
MrTee
2 years, 3 months ago
B and E
upvoted 1 times
...
Krok
2 years, 4 months ago
Selected Answer: BE
B+E. These are used together. "Change the Origin Protocol Policy for the applicable origins in your distribution: - HTTPS Only – CloudFront uses only HTTPS to communicate with your custom origin. - Match Viewer – CloudFront communicates with your custom origin using HTTP or HTTPS, depending on the protocol of the viewer request. For example, if you choose Match Viewer for Origin Protocol Policy and the viewer uses HTTPS to request an object from CloudFront, CloudFront also uses HTTPS to forward the request to your origin. Choose Match Viewer only if you specify Redirect HTTP to HTTPS or HTTPS Only for Viewer Protocol Policy. CloudFront caches the object only once even if viewers make requests using both HTTP and HTTPS protocols." https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html
upvoted 2 times
...
capesignalfreer
2 years, 4 months ago
Selected Answer: BE
These are used together.
upvoted 2 times
...
mendelpeashooter
2 years, 5 months ago
Selected Answer: CE
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html
upvoted 3 times
...
m4r0ck
2 years, 6 months ago
Selected Answer: CE
C&E encrypt the data using a Lambda@Edge function and redirect http to https
upvoted 4 times
...
m4r0ck
2 years, 6 months ago
C&E encrypt the data using a Lambda@Edge function and redirect http to https
upvoted 1 times
...
Krt5894
2 years, 6 months ago
Selected Answer: BE
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html
upvoted 1 times
...
appuNBablu
2 years, 6 months ago
BE https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html
upvoted 1 times
...
Phinx
2 years, 7 months ago
Selected Answer: CE
C and E for me. It says combination of steps. Field level encryption is additional layer of security along with HTTPS
upvoted 1 times
...
sichilam
2 years, 7 months ago
C and E
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel