AWS Certified Security – Specialty — Question 443

A company wants to protect its website from man-in-the-middle attacks by using Amazon CloudFront.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Use the SimpleCORS managed response headers policy.
• B. Use a Lambda@Edge function to add the Strict-Transport-Security response header.
• C. Use the SecurityHeadersPolicy managed response headers policy.
• D. Include the X-XSS-Protection header in a custom response headers policy.

Correct answer: C

Explanation

Using the preconfigured SecurityHeadersPolicy managed response headers policy is the easiest way to add HTTP Strict-Transport-Security (HSTS), which prevents man-in-the-middle attacks by enforcing secure HTTPS connections. While a Lambda@Edge function could accomplish this, it introduces unnecessary operational overhead compared to a built-in managed policy. The SimpleCORS policy is designed for cross-origin access control, and the X-XSS-Protection header is used for mitigating cross-site scripting, neither of which addresses man-in-the-middle attacks.