Amazon Exam SAP-C01 Topic 13 Question 15 Discussion

Actual exam question for Amazon's SAP-C01 exam

Question #: 15
Topic #: 13

A company has deployed its corporate website in a VPC on two Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances are deployed in private subnets. The ALB is in a public subnet. A route to an internet gateway exists in the public subnet route table. The company has deployed an Amazon CloudFront distribution with the ALB as the origin.

The company's security team recently identified that malicious traffic is accessing the ALB directly. The company must deploy security controls to prevent common attack techniques, including cross-site scripting, and to protect against volumetric denials of service.

Which strategy should a solutions architect recommend to meet these requirements?

AMigrate the ALB to a private subnet. Associate an AWS WAF web ACL with the ALB. Update inbound rules on the ALB security group to allow traffic on port 443 only from CloudFront IP addresses.

BAssociate an AWS WAF web ACL with the CloudFront distribution. Configure an origin access identity (OAI) on the ALB to drop access attempts that do not originate from CloudFront.

CAssociate an AWS WAF web ACL with the CloudFront distribution. Configure CloudFront to add a custom header to the requests that are sent to the ALB. Configure advanced routing on the ALB to only forward requests that include the custom header that is set by CloudFront.

DAssociate an AWS WAF web ACL with the CloudFront distribution. Configure AWS WAF to add a custom header to the requests that are sent to the ALB. Configure advanced routing on the ALB to only forward requests that include the custom header that is set by CloudFront.

Show Suggested Answer

Suggested Answer: D

by Jaclyn at May 04, 2022, 11:03 AM

Limited Time Offer

25%

Off

Get Premium SAP-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!