SAP-C02 · Question #683
SAP-C02 Question #683: Real Exam Question with Answer & Explanation
Sign in or unlock SAP-C02 to reveal the answer and full explanation for question #683. The question stem and answer options stay visible for context.
Question
A company needs to improve the security of its web-based application on AWS. The application uses Amazon CloudFront with two custom origins. The first custom origin routes requests to an Amazon API Gateway HTTP API. The second custom origin routes traffic to an Application Load Balancer (ALB). The application integrates with an OpenID Connect (OIDC) identity provider (IdP) for user management. A security audit shows that a JSON Web Token (JWT) authorizer provides access to the API. The security audit also shows that the ALB accepts requests from unauthenticated users. A solutions architect must design a solution to ensure that all backend services respond to only authenticated users. Which solution will meet this requirement?
Options
- AConfigure the ALB to enforce authentication and authorization by integrating the ALB with the IdP.
- BModify the CloudFront configuration to use signed URLs. Implement a permissive signing policy
- CCreate an AWS WAF web ACL that filters out unauthenticated requests at the ALB level. Allow
- DEnable AWS CloudTrail to log all requests that come to the ALB. Create an AWS Lambda
Unlock SAP-C02 to see the answer
You've previewed enough free SAP-C02 questions. Unlock SAP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.