ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 152 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 152
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has an order processing system that needs to keep credit card numbers encrypted. The company's customer-facing application runs as an Amazon Elastic Container Service (Amazon ECS) service behind an Application Load Balancer (ALB) in the us-west-2 Region. An Amazon CloudFront distribution is configured with the ALB as the origin. The company uses a third-party trusted certificate authority to provision its certificates.

The company is using HTTPS for encryption in transit. The company needs additional field-level encryption to keep sensitive data encrypted during processing so that only certain application components can decrypt the sensitive data.

Which combination of steps will meet these requirements? (Choose two.)

  • A. Import the third-party certificate for the ALB. Associate the certificate with the ALB. Upload the certificate for the CloudFront distribution into AWS Certificate Manager (ACM) in us-west-2.
  • B. Import the third-party certificate for the ALB into AWS Certificate Manager (ACM) in us-west-2. Associate the certificate with the ALUpload the certificate for the CloudFront distribution into ACM in the us-east-1 Region.
  • C. Upload the private key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests.
  • D. Upload the public key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption configuration, and specify the fields that contain sensitive information. Create a field-level encryption profile, and choose the newly created configuration. Link the profile to the appropriate cache behavior that is associated with sensitive GET requests.
  • E. Upload the public key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by ISSDoksim at July 31, 2023, 5:26 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Certified101
Highly Voted 1 year, 8 months ago
Selected Answer: BE
Option A: CloudFront does not use certificates stored in AWS Certificate Manager (ACM) in the us-west-2 region. It uses certificates stored in the us-east-1 region, making this option incorrect. Option C: This is incorrect because the private key should not be uploaded to CloudFront for field-level encryption. Instead, the public key is used. A private key must remain confidential and not exposed or uploaded to public services. Option D: This option incorrectly suggests that the field-level encryption profile should be linked to GET requests. Field-level encryption is used for encrypting sensitive information coming in POST requests (like form submissions with credit card details), not for GET requests. Therefore, this option is incorrect.
upvoted 7 times
...
woorkim
Most Recent 3 months, 3 weeks ago
Selected Answer: BE
The answer is B and E. Rationale: B ensures proper certificate management E implements field-level encryption for sensitive data like credit card numbers Using POST requests is more secure for sending sensitive information Public key encryption ensures only authorized components can decrypt
upvoted 1 times
...
Spaurito
5 months ago
AE - The Cert, ALB, and CFD should all be in the same region.
upvoted 1 times
...
JoellaLi
1 year ago
For A and B. To use a certificate in AWS Certificate Manager (ACM) to require HTTPS between viewers and CloudFront, make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). If you want to require HTTPS between CloudFront and your origin, and you’re using a load balancer in Elastic Load Balancing as your origin, you can request or import the certificate in any AWS Region. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html
upvoted 1 times
Spaurito
5 months ago
Not sure I understand why you would import a cert into a region not having anything provisioned. Doesn't make sense.
upvoted 1 times
Spaurito
5 months ago
Correction...adding the CFD in a region not in use.
upvoted 1 times
...
...
...
tromyunpak
1 year ago
Correct answer BE A is wrong due to cloudfront stores certs in us-east-1 not us-west-2 C is wrong due to the private key (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html) D is wrong because of the get requests as it should be post requests
upvoted 3 times
...
vikasj1in
1 year, 1 month ago
Selected Answer: AE
Option B is incorrect because it suggests uploading the certificate for the CloudFront distribution into ACM in a different region, which is not necessary and can complicate management. Option A is correct as it suggests importing the third-party certificate directly into ACM in the same region where the ALB is deployed. This simplifies certificate management and allows you to associate the certificate with the ALB. Option E is the correct choice for configuring field-level encryption (FLE). It involves uploading the public key that handles encryption of the sensitive data to the CloudFront distribution, creating a field-level encryption profile to specify the fields containing sensitive information, and then creating a field-level encryption configuration and linking it to the appropriate cache behavior associated with sensitive POST requests. This ensures that sensitive data is encrypted at the field level before being sent to the application components.
upvoted 1 times
...
ISSDoksim
1 year, 8 months ago
BE - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago