Exam DOP-C02 All QuestionsBrowse all questions from this exam
Go to Exam
Question 233

A company groups its AWS accounts in OUs in an organization in AWS Organizations. The company has deployed a set of Amazon API Gateway APIs in one of the Organizations accounts. The APIs are bound to the account's VPC and have no existing authentication mechanism. Only principals in a specific OU can have permissions to invoke the APIs.

The company applies the following policy to the API Gateway interface VPC endpoint:

The company also updates the API Gateway resource policies to deny invocations that do not come through the interface VPC endpoint. After the updates, the following error message appears during attempts to use the interface VPC endpoint URL to invoke an API: "User: anonymous is not authorized."

Which combination of steps will solve this problem? (Choose two.)

    Correct Answer: A, E

    To solve the issue of the anonymous user not being authorized to invoke the API via the interface VPC endpoint, there are two important steps to follow. First, enabling IAM authentication on all API methods by setting AWS IAM as the authorization method ensures that only authenticated users can access the API. This addresses the issue of the 'anonymous' user by enforcing the use of IAM credentials for API access. Second, verifying the identity of the requester by using Signature Version 4 to sign client requests with AWS credentials ensures that the requests are authenticated and authorized properly. This combination secures the API and resolves the authorization error.

Discussion
tgv

---> A E (assuming there's a typo in AWS JAM) If there's no typo in AWS JAM, I'd go for B & E

komorebi

Anser:B,E