A solutions architect is creating a new Amazon CloudFront distribution for an application that accepts some sensitive user-submitted information. The application already uses HTTPS but requires an additional layer of protection so the sensitive information remains protected across the entire application stack and is accessible only to specific applications. Which action should the solutions architect take?
Choose an answer
Tap an option to check your answer.
Correct answer: Configure a CloudFront field-level encryption profile..
Why this is the answer
Field-level encryption allows you to encrypt specific data fields at the edge of the CloudFront distribution before the data is cached or forwarded to the origin. This ensures that sensitive information remains encrypted throughout the entire application stack, accessible only by applications that possess the decryption keys. This meets the requirement for an "additional layer of protection" for "sensitive user-submitted information." CloudFront signed URLs and signed cookies are used for controlling access to content, not for encrypting specific data fields within a request. While they provide security, they don't address
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed