ExpertHard1 markMultiple Choice
AWS SAP-C02 · Question 32 · Domain 2.3: Security Controls
An architecture uses Amazon API Gateway and AWS Lambda. The APIs must be protected by mutual TLS (mTLS). How should the architect implement mTLS?
An architecture uses Amazon API Gateway and AWS Lambda. The APIs must be protected by mutual TLS (mTLS). How should the architect implement mTLS?
Answer options:
A.
Configure mTLS directly on the Lambda function.
B.
Configure mTLS on a custom domain name in API Gateway. Upload the client certificate trust store to Amazon S3.
C.
Use AWS WAF to enforce mTLS on the API Gateway.
D.
Deploy an Application Load Balancer in front of API Gateway to handle mTLS.
How to approach this question
Identify the native mTLS capability of API Gateway.
Full Answer
B.Configure mTLS on a custom domain name in API Gateway. Upload the client certificate trust store to Amazon S3.✓ Correct
Configure mTLS on a custom domain name in API Gateway. Upload the client certificate trust store to Amazon S3.
Amazon API Gateway natively supports mutual TLS (mTLS) authentication. You must use a custom domain name and provide a trust store (uploaded to S3) containing the certificates of trusted clients.
Common mistakes
Thinking WAF handles mTLS.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 6
75 questions · hints · full answers · grading
More questions from this exam
Q01A global enterprise requires highly available hybrid connectivity between its on-premises data ce...HardQ02An organization has 50 VPCs across two AWS Regions connected via Transit Gateways (TGW). The TGWs...HardQ03A company uses AWS Organizations. The network team wants to share a central Transit Gateway (TGW)...MediumQ04An enterprise has on-premises data centers in the US and Europe. They want to use the AWS global ...HardQ05A company requires that all API calls to Amazon S3 from their VPC must not traverse the public in...Medium