Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SAP-C02 Topic 1 Question 35 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 35
Topic #: 1
[All SAP-C02 Questions]

A medical company is running a REST API on a set of Amazon EC2 instances The EC2 instances run in an Auto Scaling group behind an Application Load Balancer (ALB) The ALB runs in three public subnets, and the EC2 instances run in three private subnets The company has deployed an Amazon CloudFront distribution that has the ALB as the only origin

Which solution should a solutions architect recommend to enhance the origin security?

Show Suggested Answer Hide Answer
Suggested Answer: A

Store Secret in AWS Secrets Manager:

Create a random string in AWS Secrets Manager to be used as a custom HTTP header value.

Set Up Automatic Rotation:

Implement a Lambda function to handle automatic rotation of the secret in AWS Secrets Manager, ensuring the header value remains secure.

Configure CloudFront Custom Header:

In the CloudFront distribution settings, configure an origin custom header with the name and value from AWS Secrets Manager. This header will be included in requests forwarded to the ALB.

Create AWS WAF Web ACL:

Create a Web ACL in AWS WAF with a string match rule to allow requests that include the custom header with the correct value.

Associate the Web ACL with the ALB to filter incoming traffic based on the custom header.

By using this method, you can ensure that only requests coming through CloudFront (which injects the custom header) can reach the ALB, enhancing the origin security


by Antonette at Jul 06, 2024, 05:30 AM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Marg
5 months ago
A all the way, baby! Rotating those random strings is like a security version of the Hokey Pokey - put your secret in, put your secret out, and shake it all about!
upvoted 0 times
...
Linette
5 months ago
D? Nope, not feeling it. AWS Shield Advanced? More like AWS Shield from reality, amirite?
upvoted 0 times
Chana
3 months ago
C) Store a random string in AWS Systems Manager Parameter Store Configure Parameter Store automatic rotation for the string Configure CloudFront to inject the random string as a custom HTTP header for the origin request Inspect the value of the custom HTTP header, and block access in the ALB
upvoted 0 times
...
Portia
4 months ago
B) Create an AWS WAF web ACL rule with an IP match condition of the CloudFront service IP address ranges Associate the web ACL with the ALB Move the ALB into the three private subnets
upvoted 0 times
...
Verlene
4 months ago
A) Store a random string in AWS Secrets Manager Create an AWS Lambda function for automatic secret rotation Configure CloudFront to inject the random string as a custom HTTP header for the origin request Create an AWS WAF web ACL rule with a string match rule for the custom header Associate the web ACL with the ALB
upvoted 0 times
...
Shakira
4 months ago
C) Store a random string in AWS Systems Manager Parameter Store Configure Parameter Store automatic rotation for the string Configure CloudFront to inject the random string as a custom HTTP header for the origin request Inspect the value of the custom HTTP header, and block access in the ALB
upvoted 0 times
...
Cyndy
4 months ago
B) Create an AWS WAF web ACL rule with an IP match condition of the CloudFront service IP address ranges Associate the web ACL with the ALB Move the ALB into the three private subnets
upvoted 0 times
...
Tenesha
4 months ago
A) Store a random string in AWS Secrets Manager Create an AWS Lambda function for automatic secret rotation Configure CloudFront to inject the random string as a custom HTTP header for the origin request Create an AWS WAF web ACL rule with a string match rule for the custom header Associate the web ACL with the ALB
upvoted 0 times
...
...
Elfrieda
5 months ago
I'm not sure about option A. I think option D with AWS Shield Advanced could also be a good choice for enhancing security.
upvoted 0 times
...
Lenora
5 months ago
C? Nah, I'm not feeling it. Mixing Parameter Store with CloudFront headers? Sounds like a recipe for a security-themed magic show.
upvoted 0 times
...
Dion
5 months ago
I agree with Lynelle. Option A seems to provide a strong security measure with AWS WAF.
upvoted 0 times
...
Alishia
5 months ago
B? Really? Moving the ALB behind private subnets? That's like locking the front door and leaving the back window wide open.
upvoted 0 times
Yuki
4 months ago
D) Configure AWS Shield Advanced. Create a security group policy to allow connections from CloudFront service IP address ranges. Add the policy to AWS Shield Advanced, and attach the policy to the ALB
upvoted 0 times
...
Youlanda
4 months ago
A) Store a random string in AWS Secrets Manager Create an AWS Lambda function for automatic secret rotation Configure CloudFront to inject the random string as a custom HTTP header for the origin request Create an AWS WAF web ACL rule with a string match rule for the custom header Associate the web ACL with the ALB
upvoted 0 times
...
...
Lynelle
5 months ago
I think option A sounds like a good solution. It involves rotating a random string for security.
upvoted 0 times
...
Shawnda
5 months ago
Hmm, I think A is the way to go. Rotating those random strings is like a security dance - keep 'em guessing!
upvoted 0 times
Bobbye
4 months ago
Rotating random strings with AWS Secrets Manager is a good practice.
upvoted 0 times
...
Tammi
4 months ago
I think A is a solid choice for enhancing origin security.
upvoted 0 times
...
Candra
4 months ago
Definitely, it's like a security dance to keep the origin secure.
upvoted 0 times
...
Ira
5 months ago
I agree, rotating those random strings adds an extra layer of security.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77