Topic 1 Question 201

AWS Certified SysOps Administrator - Associate

Topic 1 Question 201
A company’s web application is available through an Amazon CloudFront distribution and directly through an internet-facing Application Load Balancer (ALB). A SysOps administrator must make the application accessible only through the CloudFront distribution and not directly through the ALB. The SysOps administrator must make this change without changing the application code.

Which solution will meet these requirements?
- Modify the ALB type to internal. Set the distribution’s origin to the internal ALB domain name.
- Create a [email protected] function. Configure the function to compare a custom header value in the request with a stored password and to forward the request to the origin in case of a match. Associate the function with the distribution.
- Replace the ALB with a new internal ALB. Set the distribution’s origin to the internal ALB domain name. Add a custom HTTP header to the origin settings for the distribution. In the ALB listener, add a rule to forward requests that contain the matching custom header and the header’s value. Add a default rule to return a fixed response code of 403.
- Add a custom HTTP header to the origin settings for the distribution. In the ALB listener, add a rule to forward requests that contain the matching custom header and the header’s value. Add a default rule to return a fixed response code of 403.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: D
  D https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/restrict-access-to-load-balancer.html
  
  👍 4
  Arnaud922022/12/27
- 正解だと思う選択肢: D
  D
  
  To make the application accessible only through the CloudFront distribution and not directly through the Application Load Balancer (ALB), you can add a custom HTTP header to the origin settings for the CloudFront distribution. You can then create a rule in the ALB listener to forward requests that contain the matching custom header and its value to the origin. You can also add a default rule to the ALB listener to return a fixed response code of 403 for requests that do not contain the matching custom header. This will allow you to redirect all requests to the CloudFront distribution and block direct access to the application through the ALB.
  
  👍 3
  MrMLB2022/12/21
- A, but may need to remove public IP of ALB from DNS.
  
  👍 2
  vijaya2022/12/15
シャッフルモード

ユーザの投票

コメント(4)