Which action should the solutions architect take?

By:
In: SAA-C03
Tagged:
With: 1 Comment
A solutions architect is creating a new Amazon CloudFront distribution for an application.Some of the information submitted by users is sensitive.The application uses HTTPS but needs another layer of security.The sensitive information should.be protected throughout the entire application stack, and access to the information should be restricted to certain applications.

Which action should the solutions architect take?

Configure a CloudFront signed URL.

Configure a CloudFront signed cookie.

Configure a CloudFront field-level encryption profile.

Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy.

Explanations:

CloudFront signed URLs are used to grant time-limited access to specific content, but they do not provide additional protection for sensitive information at the application stack level.

CloudFront signed cookies also provide access control to resources but are not designed to encrypt sensitive data during transit. They manage access rather than add an encryption layer.

CloudFront field-level encryption allows you to encrypt sensitive data in specific fields within the request before it reaches your origin. This adds an extra layer of security for sensitive information throughout the application stack.

Setting the Origin Protocol Policy to HTTPS Only ensures that communications between CloudFront and the origin are secure, but it does not add an additional layer of encryption specifically for sensitive data at the field level.

2025-10-23

1 Comment

  1. Gloria
    Author

    I suspect that the answer is:
    Configure a CloudFront field-level encryption profile.

Leave a Reply

Your email address will not be published. Required fields are marked *

eleven − 9 =