Questions 55 to 57

Explanations for questions 55 to 57

We'll cover the following

Question 55
Question 56
Question 57

Question 55

An application running on an external website is attempting to initiate a request to a company’s website using API calls to Amazon API Gateway. A problem has been reported in which the requests are failing with an error that includes the following text:

“Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource”

Which of the following is the correct solution for this problem?

The IAM policy does not allow access to the API.
The ACL on the API needs to be updated.
The request is not secured with SSL/TLS.
Enable CORS on the APIs resources using the selected methods under the API Gateway.

Correct Answer: 4

Explanation: Cross-Origin Resource Sharing (CORS) is a browser security feature that restricts cross-origin HTTP requests that are initiated from scripts running in the browser. If your REST API’s resources receive non-simple cross-origin HTTP requests, you need to enable CORS support.

A cross-origin HTTP request is one that is made to:

A different domain (for example, from example.com to amazondomains.com)
A different subdomain (for example, from example.com to petstore.example.com)
A different port (for example, from example.com to example.com:10777)
A different protocol (for example, from https://example.com to http://example.com)

Therefore, in order to support CORS, a REST API resource needs to implement an OPTIONS method that can respond to the OPTIONS preflight request with at least the following response headers mandated by the Fetch standard:

Access-Control-Allow-Methods
Access-Control-Allow-Headers
Access-Control-Allow-Origin

INCORRECT: “The IAM policy does not allow access to the API.” is incorrect. IAM policies are not used to control CORS and there is no ACL on the API to update.

INCORRECT: “The ACL on the API needs to be updated.” is incorrect. There is no ACL on an API.

INCORRECT: “The request is not secured with SSL/TLS.” is incorrect. This error would display regardless of SSL/TLS being used.

CORRECT: “Enable CORS on the APIs resources using the selected methods under the API Gateway.” is the correct answer.

References:

https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

Level up your interview prep. Join Educative to access 70+ hands-on prep courses.

Introduction

Getting Started

Compute

Storage

AWS Database

Migration

Networking and Content Delivery

Management Tools

Media Services

Analytics

AWS Security, Identity, & Compliance

Application Integration

AWS Desktop & App Streaming

Wrapping Up

Practice Exam 1

Practice Exam 1 Explanations

Practice Exam 2

Practice Exam 2 Explanations

Practice Exam 3

Practice Exam 3 Explanations

Practice Exam 4

Practice Exam 4 Explanations

Practice Exam 5

Practice Exam 5 Explanations

Practice Exam 6

Practice Exam 6 Explanations

Questions 55 to 57

Question 55