ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 2.5: PerformancePerformanceCloudFrontLambda@EdgeSecurity

AWS SAP-C02 · Question 48 · Domain 2.5: Performance

A media streaming company stores petabytes of video files in Amazon S3. They use Amazon CloudFront to deliver the content globally. To protect their content, they want to ensure that users can only access the videos if they have a valid subscription. The authorization logic is complex, requires querying an external database, and must be executed as close to the user as possible to minimize latency. Which solution meets these requirements?

Answer options:

A.

Use Lambda@Edge triggered by the CloudFront viewer request event to execute the authorization logic.

B.

Use CloudFront signed URLs generated by the application backend.

C.

Use AWS WAF attached to CloudFront with a custom rule to query the external database.

D.

Use CloudFront Functions triggered by the viewer request event.

How to approach this question

Identify the edge compute service that supports network calls (Lambda@Edge vs CloudFront Functions).

Full Answer

A.Use Lambda@Edge triggered by the CloudFront viewer request event to execute the authorization logic.✓ Correct
Lambda@Edge allows you to run Node.js or Python functions at AWS edge locations. Because the authorization logic requires querying an external database, you must use Lambda@Edge (CloudFront Functions do not support network access). By attaching the function to the 'viewer request' event, the logic executes immediately when the user's request hits the edge location, minimizing latency.

Common mistakes

Choosing CloudFront Functions, forgetting its limitation on network calls.
47All questions49

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 5

75 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A global enterprise is redesigning its AWS network architecture across 50 AWS accounts and 3 AWS ...HardQ02A company uses AWS Organizations to manage multiple accounts. The security team mandates that no ...MediumQ03A financial institution requires a disaster recovery strategy for its critical trading applicatio...HardQ04An enterprise is setting up a new multi-account AWS environment using AWS Control Tower. They nee...MediumQ05A company has a complex AWS environment with hundreds of linked accounts under AWS Organizations....Hard
View all 75 questions →