Home › Forums › AWS › AWS Certified Security – Specialty › Diagnostic Test – Incorrect answer
-
Diagnostic Test – Incorrect answer
Neil-TutorialsDojo updated 7 months, 1 week ago 2 Members · 2 Posts -
Question: What solution the security engineer must implement to prevent exposure of the source code to unauthenticated users while ensuring that authenticated users can continue to use the application as intended?
Accepted answer: Deploy an Amazon Cognito hosted user interface (UI) for the login. Integrate Lambda@Edge logic into the CloudFront distribution to decide between serving content or redirecting to the login.
The answer should be: Deploy an Amazon Cognito hosted user interface (UI) for the login. Integrate CloudFront Functions logic into the CloudFront distribution to decide between serving content or redirecting to the login.
-
Hi Viktor Krasheninnikov,
Good day! Thank you for your feedback.
Referring from the explanation given: “Although adding logic to serve content or redirect the user to login can prevent unauthenticated users from accessing the index.html, the CloudFront functions feature remains inadequate because it cannot utilize certain libraries. To satisfy the requirement for this solution, you must use libraries to validate the JWTs, which is outside the capability of CloudFront functions. Keep in mind that CloudFront functions serve a similar purpose as the Lambda@edge function, a middleware service that allows developers to run code; however, it is only ideal for short and simple tasks.“
Thus the Accepted answer: “Deploy an Amazon Cognito hosted user interface (UI) for the login. Integrate Lambda@Edge logic into the CloudFront distribution to decide between serving content or redirecting to the login.”
I hope this helps.
Regards,
Neil @ Tutorials Dojo
Log in to reply.