AWS Certified Developer – Associate — Question 90
A developer is writing a web application that is deployed on Amazon EC2 instances behind an internet-facing Application Load Balancer (ALB). The developer must add an Amazon CloudFront distribution in front of the ALB. The developer also must ensure that customer data from outside the VPC is encrypted in transit.
Which combination of CloudFront configuration settings should the developer use to meet these requirements? (Choose two.)
Answer options
- A. Restrict viewer access by using signed URLs.
- B. Set the Origin Protocol Policy setting to Match Viewer.
- C. Enable field-level encryption.
- D. Enable automatic object compression.
- E. Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS.
Correct answer: B, E
Explanation
The correct choices, B and E, ensure that traffic is encrypted. Setting the Origin Protocol Policy to Match Viewer (B) allows CloudFront to use the same protocol as the viewer, and redirecting HTTP to HTTPS (E) ensures all communications are secure. Options A, C, and D do not directly address the requirement for encryption in transit.