1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Specialty
  5. SCS-C02 Discussions
  6. SCS-C02 Exam Topic 4 Question 30 Discussion

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 30 Topic 4 Discussion

 Amazon Web Services Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 30 Topic 4 Discussion

SCS-C02 Exam Topic 4 Question 30 Discussion:
Question #: 30
Topic #: 4

A company’s public Application Load Balancer (ALB) recently experienced a DDoS attack. To mitigate this issue. the company deployed Amazon CloudFront in front of the ALB so that users would not directly access the Amazon EC2 instances behind the ALB.

The company discovers that some traffic is still coming directly into the ALB and is still being handled by the EC2 instances.

Which combination of steps should the company take to ensure that the EC2 instances will receive traffic only from CloudFront? (Choose two.)
A.

Configure CloudFront to add a cache key policy to allow a custom HTTP header that CloudFront sends to the ALB.

B.

Configure CloudFront to add a custom: HTTP header to requests that CloudFront sends to the ALB.

C.

Configure the ALB to forward only requests that contain the custom HTTP header.

D.

Configure the ALB and CloudFront to use the X-Forwarded-For header to check client IP addresses.

E.

Configure the ALB and CloudFront to use the same X.509 certificate that is generated by AWS Certificate Manager (ACM).

Get Premium SCS-C02 Questions
Actual exam question for Amazon Web Services SCS-C02 exam by Axel43039 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next