AWS Certified Developer – Associate (DVA-C02) — Question 146

An organization is using Amazon CloudFront to ensure that its users experience low-latency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application.

How can these requirements be met? (Choose two.)

Answer options

• A. Use AWS KMS to encrypt traffic between CloudFront and the web application.
• B. Set the Origin Protocol Policy to “HTTPS Only”.
• C. Set the Origin’s HTTP Port to 443.
• D. Set the Viewer Protocol Policy to “HTTPS Only” or “Redirect HTTP to HTTPS”.
• E. Enable the CloudFront option Restrict Viewer Access.

Correct answer: B, D

Explanation

The correct answers are B and D because setting the Origin Protocol Policy to 'HTTPS Only' ensures that the connection between CloudFront and the origin server is encrypted, while configuring the Viewer Protocol Policy to 'HTTPS Only' or redirecting HTTP to HTTPS ensures that traffic between the users and CloudFront is also encrypted. Options A, C, and E do not directly address the encryption requirements for user and CloudFront traffic.