Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 152 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 152
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has an order processing system that needs to keep credit card numbers encrypted. The company's customer-facing application runs as an Amazon Elastic Container Service (Amazon ECS) service behind an Application Load Balancer (ALB) in the us-west-2 Region. An Amazon CloudFront distribution is configured with the ALB as the origin. The company uses a third-party trusted certificate authority to provision its certificates.

The company is using HTTPS for encryption in transit. The company needs additional field-level encryption to keep sensitive data encrypted during processing so that only certain application components can decrypt the sensitive data.

Which combination of steps will meet these requirements? (Choose two.)

  • A. Import the third-party certificate for the ALB. Associate the certificate with the ALB. Upload the certificate for the CloudFront distribution into AWS Certificate Manager (ACM) in us-west-2.
  • B. Import the third-party certificate for the ALB into AWS Certificate Manager (ACM) in us-west-2. Associate the certificate with the ALUpload the certificate for the CloudFront distribution into ACM in the us-east-1 Region.
  • C. Upload the private key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests.
  • D. Upload the public key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption configuration, and specify the fields that contain sensitive information. Create a field-level encryption profile, and choose the newly created configuration. Link the profile to the appropriate cache behavior that is associated with sensitive GET requests.
  • E. Upload the public key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by ISSDoksim at July 31, 2023, 5:26 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Certified101
Highly Voted 1 year, 1 month ago
Selected Answer: BE
Option A: CloudFront does not use certificates stored in AWS Certificate Manager (ACM) in the us-west-2 region. It uses certificates stored in the us-east-1 region, making this option incorrect. Option C: This is incorrect because the private key should not be uploaded to CloudFront for field-level encryption. Instead, the public key is used. A private key must remain confidential and not exposed or uploaded to public services. Option D: This option incorrectly suggests that the field-level encryption profile should be linked to GET requests. Field-level encryption is used for encrypting sensitive information coming in POST requests (like form submissions with credit card details), not for GET requests. Therefore, this option is incorrect.
upvoted 7 times
...
JoellaLi
Most Recent 5 months, 3 weeks ago
For A and B. To use a certificate in AWS Certificate Manager (ACM) to require HTTPS between viewers and CloudFront, make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). If you want to require HTTPS between CloudFront and your origin, and you’re using a load balancer in Elastic Load Balancing as your origin, you can request or import the certificate in any AWS Region. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html
upvoted 1 times
...
tromyunpak
5 months, 3 weeks ago
Correct answer BE A is wrong due to cloudfront stores certs in us-east-1 not us-west-2 C is wrong due to the private key (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html) D is wrong because of the get requests as it should be post requests
upvoted 2 times
...
vikasj1in
7 months ago
Selected Answer: AE
Option B is incorrect because it suggests uploading the certificate for the CloudFront distribution into ACM in a different region, which is not necessary and can complicate management. Option A is correct as it suggests importing the third-party certificate directly into ACM in the same region where the ALB is deployed. This simplifies certificate management and allows you to associate the certificate with the ALB. Option E is the correct choice for configuring field-level encryption (FLE). It involves uploading the public key that handles encryption of the sensitive data to the CloudFront distribution, creating a field-level encryption profile to specify the fields containing sensitive information, and then creating a field-level encryption configuration and linking it to the appropriate cache behavior associated with sensitive POST requests. This ensures that sensitive data is encrypted at the field level before being sent to the application components.
upvoted 1 times
...
ISSDoksim
1 year, 1 month ago
BE - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel