ANS-C01 · Question #99
ANS-C01 Question #99: Real Exam Question with Answer & Explanation
Sign in or unlock ANS-C01 to reveal the answer and full explanation for question #99. The question stem and answer options stay visible for context.
Question
A Network Engineer is designing a new system on AWS that will take advantage of Amazon CloudFront for both content caching and for protecting the underlying origin. There is concern that an external agency might be able to access the IP addresses for the application's origin and then attack the origin despite it being served by CloudFront. Which of the following solutions provides the strongest level of protection to the origin?
Options
- AUse an IP whitelist rule in AWS WAF within CloudFront to ensure that only known-client IPs are
- BConfigure CloudFront to use a custom header and configure an AWS WAF rule on the origin's
- CConfigure an AWS Lambda@Edge function to validate that the traffic to the Application Load
- DAttach an origin access identity to the CloudFront origin that allows traffic to the origin that
Unlock ANS-C01 to see the answer
You've previewed enough free ANS-C01 questions. Unlock ANS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.