New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAP-C02 Exam - Topic 1 Question 35 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 35
Topic #: 1
[All SAP-C02 Questions]

A medical company is running a REST API on a set of Amazon EC2 instances The EC2 instances run in an Auto Scaling group behind an Application Load Balancer (ALB) The ALB runs in three public subnets, and the EC2 instances run in three private subnets The company has deployed an Amazon CloudFront distribution that has the ALB as the only origin

Which solution should a solutions architect recommend to enhance the origin security?

Show Suggested Answer Hide Answer
Suggested Answer: A

Store Secret in AWS Secrets Manager:

Create a random string in AWS Secrets Manager to be used as a custom HTTP header value.

Set Up Automatic Rotation:

Implement a Lambda function to handle automatic rotation of the secret in AWS Secrets Manager, ensuring the header value remains secure.

Configure CloudFront Custom Header:

In the CloudFront distribution settings, configure an origin custom header with the name and value from AWS Secrets Manager. This header will be included in requests forwarded to the ALB.

Create AWS WAF Web ACL:

Create a Web ACL in AWS WAF with a string match rule to allow requests that include the custom header with the correct value.

Associate the Web ACL with the ALB to filter incoming traffic based on the custom header.

By using this method, you can ensure that only requests coming through CloudFront (which injects the custom header) can reach the ALB, enhancing the origin security


by Antonette at Jul 06, 2024, 05:30 AM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cassandra
3 months ago
Wait, can you really use a random string for security like that? Sounds risky!
upvoted 0 times
...
Jesusita
3 months ago
D is interesting, but does AWS Shield really add that much security?
upvoted 0 times
...
Laticia
3 months ago
C seems a bit complicated, not sure if it's worth the effort.
upvoted 0 times
...
Melissa
4 months ago
I think B is better, moving the ALB to private subnets adds more security.
upvoted 0 times
...
Tesha
4 months ago
Option A sounds solid with the secret rotation and WAF integration.
upvoted 0 times
...
Pearlene
4 months ago
I vaguely remember that using AWS Secrets Manager is a common practice for securing sensitive data, so option A could be the right answer, but I need to think it through more.
upvoted 0 times
...
Skye
4 months ago
I feel like option B might be a good choice since it mentions moving the ALB to private subnets, but I wonder if that would complicate things.
upvoted 0 times
...
Lawrence
4 months ago
I think option A sounds familiar because we practiced using custom headers with CloudFront, but I can't recall if that's the most secure approach.
upvoted 0 times
...
Carlee
5 months ago
I remember discussing the importance of using AWS WAF for securing APIs, but I'm not sure which option best enhances origin security here.
upvoted 0 times
...
Lovetta
5 months ago
Option A seems like a good approach - using a custom header with CloudFront and WAF to add an extra layer of security. I'll make sure to review the details on how to implement that properly.
upvoted 0 times
...
Oretha
5 months ago
Hmm, I'm a bit confused by all the different AWS services mentioned. I'll need to make sure I understand how they work together before I can decide on the best solution.
upvoted 0 times
...
Marshall
5 months ago
This looks like a tricky security question. I'll need to carefully review the options and think through the different approaches.
upvoted 0 times
...
Brock
5 months ago
I'm leaning towards Option D. Configuring AWS Shield Advanced and a security group policy to allow only CloudFront traffic sounds like a straightforward way to enhance the origin security.
upvoted 0 times
...
Carma
5 months ago
This is a tricky one. I'll need to carefully review the information on atherosclerosis progression and regression to determine the best answer.
upvoted 0 times
...
Quentin
5 months ago
This question seems straightforward, I think I can handle it.
upvoted 0 times
...
Truman
5 months ago
Hmm, I'm a bit unsure about this one. The wording is a little confusing, and I'm not entirely sure what "loss assets" refers to in this context. I'll need to think it through carefully before selecting an answer.
upvoted 0 times
...
Marg
2 years ago
A all the way, baby! Rotating those random strings is like a security version of the Hokey Pokey - put your secret in, put your secret out, and shake it all about!
upvoted 0 times
...
Linette
2 years ago
D? Nope, not feeling it. AWS Shield Advanced? More like AWS Shield from reality, amirite?
upvoted 0 times
Chana
2 years ago
C) Store a random string in AWS Systems Manager Parameter Store Configure Parameter Store automatic rotation for the string Configure CloudFront to inject the random string as a custom HTTP header for the origin request Inspect the value of the custom HTTP header, and block access in the ALB
upvoted 0 times
...
Portia
2 years ago
B) Create an AWS WAF web ACL rule with an IP match condition of the CloudFront service IP address ranges Associate the web ACL with the ALB Move the ALB into the three private subnets
upvoted 0 times
...
Verlene
2 years ago
A) Store a random string in AWS Secrets Manager Create an AWS Lambda function for automatic secret rotation Configure CloudFront to inject the random string as a custom HTTP header for the origin request Create an AWS WAF web ACL rule with a string match rule for the custom header Associate the web ACL with the ALB
upvoted 0 times
...
Shakira
2 years ago
C) Store a random string in AWS Systems Manager Parameter Store Configure Parameter Store automatic rotation for the string Configure CloudFront to inject the random string as a custom HTTP header for the origin request Inspect the value of the custom HTTP header, and block access in the ALB
upvoted 0 times
...
Cyndy
2 years ago
B) Create an AWS WAF web ACL rule with an IP match condition of the CloudFront service IP address ranges Associate the web ACL with the ALB Move the ALB into the three private subnets
upvoted 0 times
...
Tenesha
2 years ago
A) Store a random string in AWS Secrets Manager Create an AWS Lambda function for automatic secret rotation Configure CloudFront to inject the random string as a custom HTTP header for the origin request Create an AWS WAF web ACL rule with a string match rule for the custom header Associate the web ACL with the ALB
upvoted 0 times
...
...
Elfrieda
2 years ago
I'm not sure about option A. I think option D with AWS Shield Advanced could also be a good choice for enhancing security.
upvoted 0 times
...
Lenora
2 years ago
C? Nah, I'm not feeling it. Mixing Parameter Store with CloudFront headers? Sounds like a recipe for a security-themed magic show.
upvoted 0 times
...
Dion
2 years ago
I agree with Lynelle. Option A seems to provide a strong security measure with AWS WAF.
upvoted 0 times
...
Alishia
2 years ago
B? Really? Moving the ALB behind private subnets? That's like locking the front door and leaving the back window wide open.
upvoted 0 times
Yuki
2 years ago
D) Configure AWS Shield Advanced. Create a security group policy to allow connections from CloudFront service IP address ranges. Add the policy to AWS Shield Advanced, and attach the policy to the ALB
upvoted 0 times
...
Youlanda
2 years ago
A) Store a random string in AWS Secrets Manager Create an AWS Lambda function for automatic secret rotation Configure CloudFront to inject the random string as a custom HTTP header for the origin request Create an AWS WAF web ACL rule with a string match rule for the custom header Associate the web ACL with the ALB
upvoted 0 times
...
...
Lynelle
2 years ago
I think option A sounds like a good solution. It involves rotating a random string for security.
upvoted 0 times
...
Shawnda
2 years ago
Hmm, I think A is the way to go. Rotating those random strings is like a security dance - keep 'em guessing!
upvoted 0 times
Bobbye
2 years ago
Rotating random strings with AWS Secrets Manager is a good practice.
upvoted 0 times
...
Tammi
2 years ago
I think A is a solid choice for enhancing origin security.
upvoted 0 times
...
Candra
2 years ago
Definitely, it's like a security dance to keep the origin secure.
upvoted 0 times
...
Ira
2 years ago
I agree, rotating those random strings adds an extra layer of security.
upvoted 0 times
...
...

Save Cancel