Which action should the solutions architect take?

By: study aws cloud

On: January 9, 2025

Tagged: Solutions Architect Associate

With: 0 Comments

A solutions architect is creating a new Amazon CloudFront distribution for an application.Some of the information submitted by users is sensitive.The application uses HTTPS but needs another layer of security.The sensitive information should be protected throughout the entire application stack, and access to the information should be restricted to certain applications.

Which action should the solutions architect take?

Configure a CloudFront signed URL

Configure a CloudFront signed cookie.

Configure a CloudFront field-level encryption profile.

Configure a CloudFront and set the Origin Protocol Policy setting to HTTPS. Only for the Viewer Protocol Pokey.

Explanations:

A CloudFront signed URL is primarily used to restrict access to specific content by generating time-limited URLs. While it provides access control, it does not offer an additional layer of encryption for sensitive information.

A CloudFront signed cookie allows users to access multiple restricted files without the need for individual signed URLs. However, like signed URLs, it does not encrypt sensitive data in transit or provide field-level encryption.

Configuring a CloudFront field-level encryption profile enables you to encrypt sensitive data at the request level before it reaches the origin. This adds an additional layer of security, ensuring that sensitive information is protected throughout the application stack.

Setting the Origin Protocol Policy to HTTPS ensures that communication between CloudFront and the origin server is encrypted. However, it does not encrypt sensitive data at the field level, which is necessary for additional security.

Previous Post: What should the database specialist do to meet these requirements?

Next Post: Which model is MOST likely to provide the best results in Amazon SageMaker?

Leave a Reply Cancel reply