AWS Certified Solutions Architect - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Configure the ALB to enforce authentication and authorization by integrating the ALB with the IdP. Allow only authenticated users to access the backend services.

The correct answer is A. Configuring the ALB to enforce authentication and authorization by integrating it with the OpenID Connect (OIDC) identity provider (IdP) ensures that only authenticated users can access the backend services. This method leverages the existing IdP setup to directly enforce authentication at the ALB level, making it an effective and straightforward solution. Other options, such as using AWS WAF or CloudTrail with Lambda, while potentially viable, are more complex and less direct solutions compared to integrating the ALB with the IdP.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Configure the ALB to enforce authentication and authorization by integrating the ALB with the IdP. Allow only authenticated users to access the backend services.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company is seeking to enhance the security of their web-based application hosted on AWS. The application utilizes Amazon CloudFront with two distinct custom origins. The first origin directs requests to an Amazon API Gateway HTTP API, while the second origin directs traffic to an Application Load Balancer (ALB). The application employs an OpenID Connect (OIDC) identity provider (IdP) for user authentication. A recent security audit revealed that the API is secured using a JSON Web Token (JWT) authorizer, but the ALB is currently configured to accept requests from both authenticated and unauthenticated users. To address this security gap, a solutions architect is tasked with designing a solution that ensures all backend services are accessible only by authenticated users. Which solution should the architect implement to achieve this goal?

Exam-Like

Configure the ALB to enforce authentication and authorization by integrating the ALB with the IdP. Allow only authenticated users to access the backend services.

80.0%

Modify the CloudFront configuration to use signed URLs. Implement a permissive signing policy that allows any request to access the backend services.

0.0%

Create an AWS WAF web ACL that filters out unauthenticated requests at the ALB level. Allow only authenticated traffic to reach the backend services.

20.0%

Enable AWS CloudTrail to log all requests that come to the ALB. Create an AWS Lambda function to analyze the logs and block any requests that come from unauthenticated users.