AWS Certified Solutions Architect – Associate (SAA-C03) — Question 158

A solutions architect is creating a new Amazon CloudFront distribution for an application. Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should.be protected throughout the entire application stack, and access to the information should be restricted to certain applications.

Which action should the solutions architect take?

Answer options

• A. Configure a CloudFront signed URL.
• B. Configure a CloudFront signed cookie.
• C. Configure a CloudFront field-level encryption profile.
• D. Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy.

Correct answer: C

Explanation

Configuring a CloudFront field-level encryption profile is the correct choice because it allows sensitive data to be specially encrypted while in transit, adding an extra layer of security. The other options, such as signed URLs and cookies, primarily focus on access control rather than encrypting sensitive data throughout the application stack.