Which action should the solutions architect take?

By: study aws cloud

On: December 31, 2024

Tagged: Solutions Architect Associate

With: 0 Comments

A solutions architect is creating a new Amazon CloudFront distribution for an application.Some of the information submitted by users is sensitive.The application uses HTTPS but needs another layer of security.The sensitive information should.be protected throughout the entire application stack, and access to the information should be restricted to certain applications.

Which action should the solutions architect take?

Configure a CloudFront signed URL.

Configure a CloudFront signed cookie.

Configure a CloudFront field-level encryption profile.

Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy.

Explanations:

CloudFront signed URLs are used to grant time-limited access to specific content, but they do not provide additional protection for sensitive information at the application stack level.

CloudFront signed cookies also provide access control to resources but are not designed to encrypt sensitive data during transit. They manage access rather than add an encryption layer.

CloudFront field-level encryption allows you to encrypt sensitive data in specific fields within the request before it reaches your origin. This adds an extra layer of security for sensitive information throughout the application stack.

Setting the Origin Protocol Policy to HTTPS Only ensures that communications between CloudFront and the origin are secure, but it does not add an additional layer of encryption specifically for sensitive data at the field level.

Previous Post: What could be causing this?

Next Post: What are the MINIMUM security credentials that the user needs to achieve this goal?

Leave a Reply Cancel reply