ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 408 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 408
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company wants to implement a content delivery network for an upcoming product launch. The origin for distribution is an object store outside of AWS and requires the Authorization header from the request to be passed to it.

How can a security engineer meet this requirement in the LEAST amount of time?

  • A. Migrate the objects to Amazon S3. Create a new AWS Global Accelerator accelerator that has a listener on port 443 and an endpoint group that points to the origin distribution.
  • B. Create a new Amazon CloudFront distribution. Create a new CloudFront custom header for X-Amz-Authorization. Attach the header to the distribution.
  • C. Create a new Amazon CloudFront distribution. Create a new CloudFront cache policy with a header whitelist for the Authorization header. Attach the policy to the distribution.
  • D. Migrate the objects to Amazon S3. Create a new Amazon CloudFront distribution. Create a new CloudFront cache policy with a header whitelist for the Authorization header. Attach the policy to the distribution.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by AdamWest at Nov. 23, 2022, 1:52 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
D2
Highly Voted 2 years, 5 months ago
Answer C. https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-authorization-header/
upvoted 5 times
...
samCarson
Most Recent 1 year, 10 months ago
Selected Answer: C
Creating a CloudFront cache policy with a header whitelist allows the engineer to define which headers should be forwarded to the origin, in this case, the object store outside of AWS. By specifying the Authorization header in the whitelist, CloudFront will pass it along with the requests to the origin, fulfilling the requirement.
upvoted 1 times
...
AzureDP900
2 years, 1 month ago
C is perfrect.
upvoted 2 times
...
milofficial
2 years, 2 months ago
Selected Answer: C
Answer is C A - Global Accelerator bogus B - X-amz is expired C - is correct D - not needed to migrate data to S3. Cloudfront can connect to other origins even outside of AWS.
upvoted 1 times
...
Smartphone
2 years, 2 months ago
This form of authentication using the x-amz-authorization header is no longer valid. This was part of a previous and now deprecated version of the AWS API (version 3). The new API (version 4) uses the 'authorization' header.
upvoted 1 times
...
awsec2
2 years, 3 months ago
B. Create a new Amazon CloudFront distribution. Create a new CloudFront custom header for X-Amz-Authorization. Attach the header to the distribution. To pass the Authorization header from the request to the origin for distribution, the security engineer can create a new CloudFront custom header for X-Amz-Authorization and attach it to the CloudFront distribution. This solution does not require the objects to be migrated to Amazon S3, which means it can be implemented in the least amount of time.
upvoted 1 times
TalaQ
2 years, 3 months ago
Note: You can't use an origin request policy to forward the Authorization header. The header must be a part of the cache key to prevent the cache from satisfying unauthorized requests. CloudFront returns an HTTP 400 error if you create an origin request policy that forwards the Authorization header
upvoted 1 times
...
...
AdamWest
2 years, 4 months ago
Selected Answer: C
C - Is the answer
upvoted 1 times
...
AdamWest
2 years, 5 months ago
C - create a cache policy for any auth header https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-authorization-header/
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago