nerdexam
Amazon

DVA-C02 · Question #137

A developer is developing an application that uses signed requests (Signature Version 4) to call other AWS services. The developer has created a canonical request, has created the string to sign, and

The correct answer is A. Add the signature to an HTTP header that is named Authorization. D. Add the signature to a query string parameter that is named X-Amz-Signature.. AWS Signature Version 4 allows the completed signature to be transmitted either in the HTTP Authorization header or as a query string parameter named X-Amz-Signature.

Submitted by tarun92· Mar 5, 2026Development with AWS Services

Question

A developer is developing an application that uses signed requests (Signature Version 4) to call other AWS services. The developer has created a canonical request, has created the string to sign, and has calculated signing information. Which methods could the developer use to complete a signed request? (Choose two.)

Options

  • AAdd the signature to an HTTP header that is named Authorization.
  • BAdd the signature to a session cookie.
  • CAdd the signature to an HTTP header that is named Authentication.
  • DAdd the signature to a query string parameter that is named X-Amz-Signature.
  • EAdd the signature to an HTTP header that is named WWW-Authenticate.

How the community answered

(53 responses)
  • A
    89% (47)
  • B
    2% (1)
  • C
    6% (3)
  • E
    4% (2)

Why each option

AWS Signature Version 4 allows the completed signature to be transmitted either in the HTTP Authorization header or as a query string parameter named X-Amz-Signature.

AAdd the signature to an HTTP header that is named Authorization.Correct

The Authorization HTTP header is the standard method for passing a Signature Version 4 signature; it contains the credential scope, signed headers list, and the computed signature in a structured format recognized by AWS services.

BAdd the signature to a session cookie.

Session cookies are not a supported transport mechanism for AWS Signature Version 4; AWS APIs do not parse authentication information from cookies.

CAdd the signature to an HTTP header that is named Authentication.

The correct header name is Authorization, not Authentication; AWS services will not recognize a signature placed in a non-standard Authentication header.

DAdd the signature to a query string parameter that is named X-Amz-Signature.Correct

Pre-signed URLs use query string authentication where X-Amz-Signature is a designated query parameter that carries the signature, enabling shareable URLs without requiring the caller to have AWS credentials.

EAdd the signature to an HTTP header that is named WWW-Authenticate.

WWW-Authenticate is a response header used by servers to challenge clients for credentials in HTTP authentication schemes; it is not a valid request header for transmitting an AWS signature.

Concept tested: AWS Signature Version 4 transmission methods

Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice