AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company has deployed an Application Load Balancer (ALB) to manage traffic to their public-facing applications. Recently, they experienced a DDoS attack, prompting them to place Amazon CloudFront in front of the ALB to prevent direct access to the EC2 instances. Despite this measure, they notice that some traffic is bypassing CloudFront and still reaching the ALB, potentially exposing the EC2 instances to direct traffic. What two actions should the company take to ensure that only traffic from CloudFront reaches the EC2 instances behind the ALB?
A
Configure CloudFront to add a cache key policy to allow a custom HTTP header that CloudFront sends to the ALB.
B
Configure CloudFront to add a custom HTTP header to requests that CloudFront sends to the ALB.
C
Configure the ALB to forward only requests that contain the custom HTTP header.
D
Configure the ALB and CloudFront to use the X-Forwarded-For header to check client IP addresses.
E
Configure the ALB and CloudFront to use the same X.509 certificate that is generated by AWS Certificate Manager (ACM).