CCCCCCCCC Field-level encryption allows you to enable your users to securely upload sensitive information to your web servers. The sensitive information provided by your users is encrypted at the edge, close to the user, and remains encrypted throughout your entire application stack. This encryption ensures that only applications that need the data—and have the credentials to decrypt it—are able to do so.

With Amazon CloudFront, you can enforce secure end-to-end connections to origin servers by using HTTPS. Field-level encryption adds an additional layer of security that lets you protect specific data throughout system processing so that only certain applications can see it. Field-level encryption allows you to enable your users to securely upload sensitive information to your web servers. The sensitive information provided by your users is encrypted at the edge, close to the user, and remains encrypted throughout your entire application stack. This encryption ensures that only applications that need the data—and have the credentials to decrypt it—are able to do so.

C: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html

C is the only one that addresses handling sensitive information.

Reviewing my first vote after research. It seems that C is the best answer: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html

A if for fetch. B requires cookies. D just enforces HTTPS which is already mentioned for the solution (CloudFront only allows HTTPS) and does not add another layer of security. C provides field level encryption security which is another layer of security.

Please go through below link: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html

cccc,this link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html

Options A and B (signed URL and signed cookie) are used for controlling access to specific resources and are typically used for restricting access based on URLs or cookies. They do not provide field-level encryption for sensitive data within HTTP requests. Option D (configuring CloudFront with the Origin Protocol Policy set to HTTPS Only for the Viewer Protocol Policy) is related to enforcing HTTPS communication between CloudFront and the viewer (end-user). While important for security, it doesn't address the specific requirement of protecting sensitive data within the application stack.

C) Configure a CloudFront field-level encryption profile. Field-level encryption allows you to encrypt sensitive information at the edge before distributing content through CloudFront. It provides an additional layer of security for sensitive user-submitted data. The other options would not provide field-level encryption

Would the HTTPS imply that the cert was signed by a CA

Option A and Option B are used for controlling access to specific resources or content based on signed URLs or cookies. While they provide security and access control, they do not provide field-level encryption for sensitive data within the requests. Option D ensures that communication between the viewer and CloudFront is encrypted with HTTPS. However, it does not specifically address the protection and encryption of sensitive information within the application stack. Therefore, the most appropriate action to protect sensitive information throughout the entire application stack and restrict access to certain applications is to configure a CloudFront field-level encryption profile (Option C).

With Amazon CloudFront, you can enforce secure end-to-end connections to origin servers by using HTTPS. Field-level encryption adds an additional layer of security that lets you protect specific data throughout system processing so that only certain applications can see it.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html "Field-level encryption allows you to enable your users to securely upload sensitive information to your web servers. The sensitive information provided by your users is encrypted at the edge, close to the user, and remains encrypted throughout your entire application stack".

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-levelencryption. html "With Amazon CloudFront, you can enforce secure end-to-end connections to origin servers by using HTTPS. Field-level encryption adds an additional layer of security that lets you protect specific data throughout system processing so that only certain applications can see it."

C, field-level encryption should be used when necessary to protect sensitive data.

It should be C