Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAP-C02 Topic 9 Question 46 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 46
Topic #: 9
[All SAP-C02 Questions]

A company needs to improve the security of its web-based application on AWS. The application uses Amazon CloudFront with two custom origins. The first custom origin routes requests to an Amazon API Gateway HTTP API. The second custom origin routes traffic to an Application Load Balancer (ALB) The application integrates with an OpenlD Connect (OIDC) identity provider (IdP) for user management.

A security audit shows that a JSON Web Token (JWT) authorizer provides access to the API The security audit also shows that the ALB accepts requests from unauthenticated users

A solutions architect must design a solution to ensure that all backend services respond to only authenticated users

Which solution will meet this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: A

Integrate ALB with OIDC IdP:

In the AWS Management Console, navigate to the Application Load Balancer (ALB) settings.

Configure the ALB to use the OpenID Connect (OIDC) IdP for authentication. This ensures that all requests routed through the ALB are authenticated using the IdP.

Set Up Authentication Rules:

Create a listener rule on the ALB that requires authentication. This rule will forward requests to the IdP for user authentication before allowing access to the backend services.

Restrict Unauthenticated Access:

Ensure the ALB only forwards requests to backend services if the user is authenticated. Unauthenticated requests should be blocked or redirected to the IdP for authentication.

Update CloudFront Configuration:

Modify the CloudFront distribution to forward authenticated requests to the ALB. Ensure that the ALB and API Gateway accept only requests coming through the CloudFront distribution to enforce consistent authentication and security.

By enforcing authentication at the ALB level, you ensure that all backend services are accessed only by authenticated users, enhancing the overall security of the web application


Contribute your Thoughts:

Armando
5 days ago
I'm not sure about option C. Creating a web ACL to filter out unauthenticated requests seems like a good idea too.
upvoted 0 times
...
Dong
6 days ago
I agree with Arthur. Option A ensures that only authenticated users can access the backend services.
upvoted 0 times
...
Victor
9 days ago
I'm not sure about Option B. Allowing any request to access the backend services doesn't seem very secure, even with signed URLs.
upvoted 0 times
Nguyet
4 days ago
A: Option A seems like the best choice. Integrating the ALB with the IdP will ensure only authenticated users can access the backend services.
upvoted 0 times
...
...
Arthur
13 days ago
I think option A is the best solution. It integrates the ALB with the IdP to enforce authentication.
upvoted 0 times
...
Brandon
20 days ago
Option A seems like the way to go. Integrating the ALB with the IdP to enforce authentication is the most straightforward solution.
upvoted 0 times
...

Save Cancel