Practice Test 2 | AWS Certified Solutions Architect Associate | SAA-C03 | Dumps | Mock Test
Your company currently has a web distribution hosted using the AWS CloudFront service. The IT Security department has confirmed that the application using this web distribution now falls under the scope of PCI compliance. What are the possible ways to meet the requirements? Choose two answers from the choices below.
A. Enable CloudFront access logs.
B. Enable Cache in CloudFront.
C. Capture requests that are sent to the CloudFront API.
D. Enable VPC Flow Logs
Explanation:
Answer – A and C
AWS Documentation mentions the following:
If you run PCI or HIPAA-compliant workloads based on the AWS Shared Responsibility Model, we recommend that you log your CloudFront usage data for the last 365 days for future auditing purposes. To log usage data, you can do the following:
- Enable CloudFront access logs.
- Capture requests that are sent to the CloudFront API.
For more information on compliance with CloudFront, please visit the following URL:
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
- https://aws.amazon.com/blogs/aws/pci-compliance-for-amazon-cloudfront/
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SERVICENAME-compliance.html
- Option B helps to reduce latency.
- Option D – VPC flow logs capture information about the IP traffic going to and from network interfaces in a VPC but not for CloudFront.
Comments are closed, but trackbacks and pingbacks are open.