Amazon Exam SOA-C02 Topic 12 Question 70 Discussion

Actual exam question for Amazon's SOA-C02 exam

Question #: 70
Topic #: 12

A company's web application is available through an Amazon CloudFront distribution and directly through an internet-facing Application Load Balancer (ALB) A SysOps administrator must make the application accessible only through the CloudFront distribution and not directly through the ALB. The SysOps administrator must make this change without changing the application code

Which solution will meet these requirements?

AModify the ALB type to internal Set the distribution's origin to the internal ALB domain name

BCreate a Lambda@Edge function Configure the function to compare a custom header value in the request with a stored password and to forward the request to the origin in case of a match Associate the function with the distribution.

CReplace the ALB with a new internal ALB Set the distribution's origin to the internal ALB domain name Add a custom HTTP header to the origin settings for the distribution In the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403.

DAdd a custom HTTP header to the origin settings for the distribution in the ALB listener add a rule to forward requests that contain the matching custom header and the header's value Add a default rule to return a fixed response code of 403.

Show Suggested Answer

Suggested Answer: A

by Raylene at Mar 02, 2023, 06:14 PM

Limited Time Offer

25%

Off

Get Premium SOA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Mammie

1 months ago

Option B with the Lambda@Edge function is my pick. It's like using a secret password to access the application - very James Bond-esque!

upvoted 0 times

...

Maxima

1 months ago

Option A? Really? Modifying the ALB type to internal and using the internal domain name as the origin? That sounds like a recipe for disaster. I'd steer clear of that one.

upvoted 0 times

Celestine

5 days ago

Let's explore other options before considering Option A.

upvoted 0 times

...

Rebbecca

7 days ago

I agree, modifying the ALB type doesn't seem like the best solution.

upvoted 0 times

...

Noah

17 days ago

Option A? No way, that sounds risky.

upvoted 0 times

...

Launa

1 months ago

I'd go with Option D. It's a simpler solution that doesn't require setting up a Lambda@Edge function or replacing the ALB. Adding the custom header rule in the ALB listener should do the trick.

upvoted 0 times

Glenna

5 days ago

Exactly, it's a simple solution that gets the job done.

upvoted 0 times

...

Ellsworth

9 days ago

That sounds easy. No need to mess with the application code.

upvoted 0 times

...

Jamal

24 days ago

Option D is a good choice. Just add a custom header rule in the ALB listener.

upvoted 0 times

...

Joana

2 months ago

Option C is a bit more complicated, but it does provide a good level of control over the access to the application. Replacing the ALB with an internal one and adding custom header rules is a robust approach.

upvoted 0 times

Nichelle

2 days ago

Definitely, security should always be a top priority when setting up access to applications.

upvoted 0 times

...

Selma

7 days ago

I agree, it's important to have that level of control to ensure security.

upvoted 0 times

...

Bette

8 days ago

Replacing the ALB with an internal one and adding custom header rules is a robust approach.

upvoted 0 times

...

Talia

12 days ago

Option C is a bit more complicated, but it does provide a good level of control over the access to the application.

upvoted 0 times

...

Lenny

17 days ago

Let's implement option C to restrict access to the application through the CloudFront distribution and enhance security measures.

upvoted 0 times

...

Cordelia

1 months ago

I think we should go with option C to maintain security and control over access to the application.

upvoted 0 times

...

Theodora

1 months ago

I agree, option C seems like the best solution to ensure the application is only accessible through the CloudFront distribution.

upvoted 0 times

...

Luisa

1 months ago

upvoted 0 times

...

Jesusa

2 months ago

Option B seems like the best solution. Using a Lambda@Edge function to validate the request before forwarding it to the origin is a neat way to enforce the requirement without changing the application code.

upvoted 0 times

...

Stevie

2 months ago

That's a good point, option D does seem more straightforward and doesn't require creating a Lambda@Edge function.

upvoted 0 times

...

Benton

2 months ago

I disagree, I believe option D is better as it adds a custom HTTP header to the origin settings and has a rule to forward requests with the matching header.

upvoted 0 times

...

Stevie

2 months ago

I think option C could work because it involves replacing the ALB with a new internal one and adding a custom HTTP header.

upvoted 0 times

...