ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 155 - SCS-C02 discussion

Report
Export

A company wants to protect its website from man in-the-middle attacks by using Amazon CloudFront. Which solution will meet these requirements with the LEAST operational overhead?

A.
Use the SimpleCORS managed response headers policy.
Answers
A.
Use the SimpleCORS managed response headers policy.
B.
Use a Lambda@Edge function to add the Strict-Transport-Security response header.
Answers
B.
Use a Lambda@Edge function to add the Strict-Transport-Security response header.
C.
Use the SecurityHeadersPolicy managed response headers policy.
Answers
C.
Use the SecurityHeadersPolicy managed response headers policy.
D.
Include the X-XSS-Protection header in a custom response headers policy.
Answers
D.
Include the X-XSS-Protection header in a custom response headers policy.
Suggested answer: C

Explanation:

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-response-headers-policies.html#managed-response-headers-policies-security

The SecurityHeadersPolicy is a managed policy provided by Amazon CloudFront that includes a set of recommended security headers to enhance the security of your website. These headers help protect against various types of attacks, including man-in-the-middle attacks. By applying the SecurityHeadersPolicy to your CloudFront distribution, the necessary security headers will be automatically added to the responses sent by CloudFront. This reduces operational overhead because you don't have to manually configure or manage the headers yourself.

asked 16/09/2024
Adilson Jacinto
36 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first