DOP-C02 · Question #248
DOP-C02 Question #248: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #248. The question stem and answer options stay visible for context.
Question
A company groups its AWS accounts in OUs in an organization in AWS Organizations. The company has deployed a set of Amazon API Gateway APIs in one of the Organizations accounts. The APIs are bound to the account's VPC and have no existing authentication mechanism. Only principals in a specific OU can have permissions to invoke the APIs. The company applies the following policy to the API Gateway interface VPC endpoint: The company also updates the API Gateway resource policies to deny invocations that do not come through the interface VPC endpoint. After the updates, the following error message appears during attempts to use the interface VPC endpoint URL to invoke an API: "User: anonymous is not authorized." Which combination of steps will solve this problem? (Choose two.)
Options
- AEnable IAM authentication on all API methods by setting AWS JAM as the authorization method.
- BCreate a token-based AWS Lambda authorizer that passes the caller's identity in a bearer token.
- CCreate a request parameter-based AWS Lambda authorizer that passes the caller's identity in a
- DUse Amazon Cognito user pools as the authorizer to control access to the API.
- EVerify the identity of the requester by using Signature Version 4 to sign client requests by using
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.