Which combination of CloudFront configuration settings should the developer use to meet these requirements?
(Choose two.)
Restrict viewer access by using signed URLs.
Set the Origin Protocol Policy setting to Match Viewer.
Enable field-level encryption.
Enable automatic object compression.
Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS.
Explanations:
While using signed URLs can restrict access to CloudFront distributions, it does not directly address the requirement of encrypting customer data in transit. It focuses on controlling who can access the content rather than ensuring data is securely transmitted.
Setting the Origin Protocol Policy to “Match Viewer” ensures that if a viewer accesses CloudFront over HTTPS, the connection to the ALB is also secured via HTTPS, maintaining encryption in transit for customer data.
Enabling field-level encryption is useful for protecting sensitive data within payloads, but it does not inherently ensure that all customer data is encrypted in transit. It focuses more on data protection rather than transmission security.
Enabling automatic object compression improves performance and reduces bandwidth but does not impact the encryption of data in transit. Compression is unrelated to security measures.
Setting the Viewer Protocol Policy to “Redirect HTTP to HTTPS” ensures that all viewer requests are redirected to HTTPS, enforcing secure transmission for all customer data sent from browsers to CloudFront.