ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 58 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 58
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A developer is testing a new file storage application that uses an Amazon CloudFront distribution to serve content from an Amazon S3 bucket. The distribution accesses the S3 bucket by using an origin access identity (OAI). The S3 bucket's permissions explicitly deny access to all other users.
The application prompts users to authenticate on a login page and then uses signed cookies to allow users to access their personal storage directories. The developer has configured the distribution to use its default cache behavior with restricted viewer access and has set the origin to point to the S3 bucket. However, when the developer tries to navigate to the login page, the developer receives a 403 Forbidden error.
The developer needs to implement a solution to allow unauthenticated access to the login page. The solution also must keep all private content secure.
Which solution will meet these requirements?

  • A. Add a second cache behavior to the distribution with the same origin as the default cache behavior. Set the path pattern for the second cache behavior to the path of the login page, and make viewer access unrestricted. Keep the default cache behavior's settings unchanged.
  • B. Add a second cache behavior to the distribution with the same origin as the default cache behavior. Set the path pattern for the second cache behavior to *, and make viewer access restricted. Change the default cache behavior's path pattern to the path of the login page, and make viewer access unrestricted.
  • C. Add a second origin as a failover origin to the default cache behavior. Point the failover origin to the S3 bucket. Set the path pattern for the primary origin to *, and make viewer access restricted. Set the path pattern for the failover origin to the path of the login page, and make viewer access unrestricted.
  • D. Add a bucket policy to the S3 bucket to allow read access. Set the resource on the policy to the Amazon Resource Name (ARN) of the login page object in the S3 bucket. Add a CloudFront function to the default cache behavior to redirect unauthorized requests to the login page's S3 URL.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Untamables at March 27, 2023, 1:24 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Untamables
Highly Voted 1 year, 7 months ago
Selected Answer: A
A If you create additional cache behaviors, the default cache behavior is always the last to be processed. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesCacheBehavior
upvoted 12 times
...
sumanshu
Most Recent 4 months ago
Selected Answer: A
A) Adding a second cache behavior allows you to define specific rules for the login page while keeping the default settings for private content unchanged. B) Eliminated - Changing the default cache behavior to allow unrestricted access to the login page affects other private content, potentially compromising security. D) Eliminated - Adding a bucket policy to allow public access to the login page directly contradicts the requirement to use CloudFront for secure content delivery.
upvoted 2 times
...
65703c1
5 months, 1 week ago
Selected Answer: A
A is the correct answer.
upvoted 1 times
...
ShinobiGrappler
10 months, 2 weeks ago
Answer is A. --The original way the developer had designed this application was too restrictive and didn't allow someone to even authenticate to get a signed cookie. By caching the second behavior, it allows the person authenticating to retrieve a cookie to access their personal data.
upvoted 1 times
...
LR2023
11 months ago
D cloud front function acts as lamda function
upvoted 1 times
...
ninomfr64
1 year, 2 months ago
Selected Answer: A
B) you cannot override the path pattern of the default Cache behavior C) the origin failover is used when the primary origin is not available, this is not our case D) with this configuration I think users wil get 403 Forbidden error and then redirected to the login page's S3 URL A is a workable approach in my opinion
upvoted 2 times
...
Harddiver
1 year, 4 months ago
Should it be D? In case s3 bucket restricts permissions, those should be open for login.
upvoted 3 times
...
MrTee
1 year, 6 months ago
Selected Answer: A
By adding a second cache behavior with unrestricted viewer access to the login page's path pattern, unauthenticated users will be allowed to access the login page. At the same time, the default cache behavior's settings remain unchanged, and private content remains secure because it still requires signed cookies for access.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago