Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SAP-C02 Topic 9 Question 46 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 46
Topic #: 9
[All SAP-C02 Questions]

A company needs to improve the security of its web-based application on AWS. The application uses Amazon CloudFront with two custom origins. The first custom origin routes requests to an Amazon API Gateway HTTP API. The second custom origin routes traffic to an Application Load Balancer (ALB) The application integrates with an OpenlD Connect (OIDC) identity provider (IdP) for user management.

A security audit shows that a JSON Web Token (JWT) authorizer provides access to the API The security audit also shows that the ALB accepts requests from unauthenticated users

A solutions architect must design a solution to ensure that all backend services respond to only authenticated users

Which solution will meet this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: A

Integrate ALB with OIDC IdP:

In the AWS Management Console, navigate to the Application Load Balancer (ALB) settings.

Configure the ALB to use the OpenID Connect (OIDC) IdP for authentication. This ensures that all requests routed through the ALB are authenticated using the IdP.

Set Up Authentication Rules:

Create a listener rule on the ALB that requires authentication. This rule will forward requests to the IdP for user authentication before allowing access to the backend services.

Restrict Unauthenticated Access:

Ensure the ALB only forwards requests to backend services if the user is authenticated. Unauthenticated requests should be blocked or redirected to the IdP for authentication.

Update CloudFront Configuration:

Modify the CloudFront distribution to forward authenticated requests to the ALB. Ensure that the ALB and API Gateway accept only requests coming through the CloudFront distribution to enforce consistent authentication and security.

By enforcing authentication at the ALB level, you ensure that all backend services are accessed only by authenticated users, enhancing the overall security of the web application


by Reynalda at Nov 19, 2024, 02:35 AM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Levi
26 days ago
Option C is the way to go. AWS WAF is like a bouncer for your backend services - only let the cool kids in.
upvoted 0 times
Carissa
3 days ago
Exactly! Filtering out unauthenticated requests at the ALB level is crucial for security.
upvoted 0 times
...
Helga
5 days ago
Option C is the way to go. AWS WAF is like a bouncer for your backend services - only let the cool kids in.
upvoted 0 times
...
...
Fairy
27 days ago
Option A is the way to go. Integrating with the IdP is the security equivalent of turning it off and on again. Simple and effective!
upvoted 0 times
...
Pauline
1 months ago
Option D is a bit overkill. Analyzing CloudTrail logs and using a Lambda function to block unauthenticated users seems like a lot of work when there are simpler solutions.
upvoted 0 times
Jina
7 days ago
B: I agree, it's important to keep it simple and secure.
upvoted 0 times
...
Sharan
14 days ago
A: A sounds like the best option. Integrating the ALB with the IdP will ensure only authenticated users can access the backend services.
upvoted 0 times
...
...
Chantay
1 months ago
Option C looks promising. Using AWS WAF to filter out unauthenticated requests at the ALB level is a smart move.
upvoted 0 times
Ailene
5 days ago
Enabling AWS CloudTrail to log requests and using a Lambda function to block unauthenticated users could also be effective.
upvoted 0 times
...
Pearlene
8 days ago
Configuring the ALB to enforce authentication and authorization with the IdP seems like the best solution.
upvoted 0 times
...
Selma
21 days ago
I agree. It's important to only allow authenticated traffic to reach the backend services.
upvoted 0 times
...
Pa
29 days ago
Option C looks promising. Using AWS WAF to filter out unauthenticated requests at the ALB level is a smart move.
upvoted 0 times
...
...
Armando
1 months ago
I'm not sure about option C. Creating a web ACL to filter out unauthenticated requests seems like a good idea too.
upvoted 0 times
...
Dong
2 months ago
I agree with Arthur. Option A ensures that only authenticated users can access the backend services.
upvoted 0 times
...
Victor
2 months ago
I'm not sure about Option B. Allowing any request to access the backend services doesn't seem very secure, even with signed URLs.
upvoted 0 times
Kristine
21 days ago
C: Definitely, we can't risk allowing unauthenticated users to reach the backend services. Option A is the way to go.
upvoted 0 times
...
Keneth
26 days ago
B: I agree, Option A is the most secure option. We need to make sure only authenticated users have access.
upvoted 0 times
...
Nguyet
1 months ago
A: Option A seems like the best choice. Integrating the ALB with the IdP will ensure only authenticated users can access the backend services.
upvoted 0 times
...
...
Arthur
2 months ago
I think option A is the best solution. It integrates the ALB with the IdP to enforce authentication.
upvoted 0 times
...
Brandon
2 months ago
Option A seems like the way to go. Integrating the ALB with the IdP to enforce authentication is the most straightforward solution.
upvoted 0 times
Renato
22 days ago
Enabling AWS CloudTrail to log requests and using a Lambda function to block unauthenticated users seems like a more complex solution compared to option A.
upvoted 0 times
...
Isaac
25 days ago
Configuring the ALB to enforce authentication and authorization with the IdP is definitely the best approach.
upvoted 0 times
...
Nickolas
26 days ago
I agree, it's important to only allow authenticated users to access the backend services.
upvoted 0 times
...
Rhea
1 months ago
Option A seems like the way to go. Integrating the ALB with the IdP to enforce authentication is the most straightforward solution.
upvoted 0 times
...
...

Save Cancel