Amazon DVA-C02 Exam - Topic 1 Question 3 Discussion

Actual exam question for Amazon's DVA-C02 exam

Question #: 3
Topic #: 1

A developer is testing a new file storage application that uses an Amazon CloudFront distribution to serve content from an Amazon S3 bucket. The distribution accesses the S3 bucket by using an origin access identity (OAI). The S3 bucket's permissions explicitly deny access to all other users.

The application prompts users to authenticate on a login page and then uses signed cookies to allow users to access their personal storage directories. The developer has configured the distribution to use its default cache behavior with restricted viewer access and has set the origin to point to the S3 bucket. However, when the developer tries to navigate to the login page, the developer receives a 403 Forbidden error.

The developer needs to implement a solution to allow unauthenticated access to the login page. The solution also must keep all private content secure.

Which solution will meet these requirements?

AAdd a second cache behavior to the distribution with the same origin as the default cache behavior. Set the path pattern for the second cache behavior to the path of the login page, and make viewer access unrestricted. Keep the default cache behavior's settings unchanged.

BAdd a second cache behavior to the distribution with the same origin as the default cache behavior. Set the path pattern for the second cache behavior to *, and make viewer access restricted. Change the default cache behavior's path pattern to the path of the login page, and make viewer access unrestricted.

CAdd a second origin as a failover origin to the default cache behavior. Point the failover origin to the S3 bucket. Set the path pattern for the primary origin to *, and make viewer access restricted. Set the path pattern for the failover origin to the path of the login page, and make viewer access unrestricted.

DAdd a bucket policy to the S3 bucket to allow read access. Set the resource on the policy to the Amazon Resource Name (ARN) of the login page object in the S3 bucket. Add a CloudFront function to the default cache behavior to redirect unauthorized requests to the login page's S3 URL.

Show Suggested Answer

Suggested Answer: A

by Solange at Mar 19, 2023, 12:13 PM

Limited Time Offer

25%

Off

Get Premium DVA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Alishia

4 months ago

Not sure about C, adding a failover origin feels unnecessary.

upvoted 0 times

...

Lezlie

4 months ago

A is definitely the way to go, simple and effective!

upvoted 0 times

...

Fletcher

4 months ago

Surprised that D is even an option, seems risky with bucket policies!

upvoted 0 times

...

Taryn

4 months ago

I disagree, B might be better since it keeps everything secure.

upvoted 0 times

...

Antione

4 months ago

Option A seems like the best choice for unrestricted access to the login page.

upvoted 0 times

...

Shalon

5 months ago

I feel like adding a bucket policy could be risky since it might expose more than just the login page. But I do remember that we need to keep private content secure, so it’s tricky.

upvoted 0 times

...

Susy

5 months ago

I’m a bit confused about the failover origin option. I thought failover was mainly for redundancy, not for access control. Is that even a valid approach here?

upvoted 0 times

...

Margery

5 months ago

This question feels similar to one we practiced where we had to manage access to different paths. I think option A makes sense because it keeps the default settings intact.

upvoted 0 times

...

Lisandra

5 months ago

I remember we discussed cache behaviors in class, and I think adding a second cache behavior for the login page could work. But I'm not sure if it should be unrestricted or not.

upvoted 0 times

...

Tegan

5 months ago

I feel like adding a bucket policy could be risky since it might expose more than just the login page. But I do remember that we need to keep private content secure, so it’s tricky.

upvoted 0 times

...

Jaclyn

5 months ago

I’m a bit confused about the failover origin option. I thought failover was mainly for redundancy, not for access control. Is that even a valid approach here?

upvoted 0 times

...

Jess

5 months ago

This question feels similar to one we practiced where we had to manage access to different paths. I think option A makes sense because it keeps the default settings intact.

upvoted 0 times

...

Apolonia

5 months ago

I remember we discussed cache behaviors in class, and I think adding a second cache behavior for the login page could work. But I'm not sure if it should be unrestricted or not.

upvoted 0 times

...

Melissa

5 months ago

For this type of BGP question, I always try to visualize the decision process and think about which attribute takes precedence. In this case, the higher local preference of 500 should be sent to the eBGP peers, so I'm going with C.

upvoted 0 times

...

Pearlie

5 months ago

This seems like a pretty straightforward question about language development. I'm pretty confident I can figure this out.

upvoted 0 times

...

Rosenda

5 months ago

I remember studying that DLP can be configured in outgoing mail policies, but I'm not sure if that's the only one.

upvoted 0 times

...