Q85 — AWS DOP-C02 Ch.2
Question 85 of 100 | ← Chapter 2
A company needs to implement failover for its application. The application includes an Amazon CloudFront distribution and an Application Load Balancer (ALB) in a primary Region. The company has configured the ALB as the default origin for the distribution. Following recent application outages, the company requires zero-second RTO. The application is deployed to a warm standby configuration in a secondary Region. Architects need to automate failover to the secondary Region so HTTP requests meet the required RTO.
- A. Create a second CloudFront distribution with the secondary ALB as the default origin. Create an Amazon Route 53 alias record with a failover routing policy, evaluating health checks for both CloudFront distributions with 'Evaluate Target Health' set to 'Yes'. Update the application to use the new record set.
- B. Add a new origin to the existing distribution, setting the primary ALB as the origin. Configure origin group failure for HTTP 5xx status codes. Update the default cache behavior to use the origin group. ✓
- C. Create an Amazon Route 53 alias record with a failover routing policy, evaluating health checks for both ALBs with 'Evaluate Target Health' set to 'Yes'. Set TTL for both records to 0. Update the distribution's origin to use the new record set.
- D. Create a CloudFront Function to detect HTTP 5xx status codes. If the function detects a 5xx status code, configure it to return a 307 Temporary Redirect response pointing to the secondary ALB. Update the distribution's default cache behavior to send origin responses to the function.
Correct Answer: B. Add a new origin to the existing distribution, setting the primary ALB as the origin. Configure origin group failure for HTTP 5xx status codes. Update the default cache behavior to use the origin group.
Explanation
Achieving zero-second RTO requires immediate, DNS-level failover coordinated with health monitoring. Option C configures Amazon Route 53 with a failover routing policy and health checks against both ALBs, with TTL=0 ensuring near-instant DNS propagation upon health failure. Route 53 automatically routes traffic to the healthy ALB, meeting zero-second RTO for HTTP requests. Option A incorrectly uses CloudFront distributions as targets — Route 53 health checks cannot evaluate CloudFront distribution health directly; they must target ALBs or other endpoints. Option B uses origin groups, which provide origin-level redundancy but do not route traffic away from the primary Region — failover remains within the same Region. Option D uses CloudFront Functions for redirection, introducing latency and browser-side redirects, violating zero-second RTO and breaking transparent failover.