Topic 1 Question 177
A company has a public application. The application uses an Application Load Balancer (ALB) that has a target group of Amazon EC2 instances.
The company wants to protect the application from security issues in web requests. The traffic to the application must have end-to-end encryption.
Which solution will meet these requirements?
Configure a Network Load Balancer (NLB) that has a target group of the existing EC2 instances. Configure TLS connections to terminate on the EC2 instances that use a public certificate. Configure an AWS WAF web ACL. Associate the web ACL with the NLB.
Configure TLS connections to terminate at the ALB that uses a public certificate. Configure AWS Certificate Manager (ACM) certificates for the communication between the ALB and the EC2 instances. Configure an AWS WAF web ACL. Associate the web ACL with the ALB.
Configure a Network Load Balancer (NLB) that has a target group of the existing EC2 instances. Configure TLS connections to terminate at the EC2 instances by creating a TLS listener. Configure self-signed certificates on the EC2 instances for the communication between the NLB and the EC2 instances. Configure an AWS WAF web ACL. Associate the web ACL with the NLB.
Configure a third-party certificate on the EC2 instances for the communication between the ALB and the EC2 instances. Import the third-party certificate into AWS Certificate Manager (ACM). Associate the imported certificate with the ALB. Configure TLS connections to terminate at the ALB. Configure an AWS WAF web ACL. Associate the web ACL with the ALB.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: D
ACM certificates are supported by the following services: ��• Elastic Load Balancing To serve secure content over SSL/TLS, load balancers require that SSL/TLS certificates be installed on either the load balancer or the back-end Amazon EC2 instance. ACM is integrated with Elastic Load Balancing to deploy ACM certificates on the load balancer. • Amazon CloudFront To use an ACM certificate with CloudFront, make sure you request (or import) the certificate in the US East Region (us-east-1).
• Amazon API Gateway With the proliferation of mobile devices and growth of the Internet of Things (IoT), it has become increasingly common to create APIs that can be used to access data and interact with back-end systems on AWS. • AWS Nitro Enclaves EC2 instances connected to Nitro Enclaves support ACM certificates. You cannot associate ACM certificates with an EC2 instance that is not connected to a Nitro Enclave.👍 6JoellaLi2024/04/07 - 正解だと思う選択肢: B
WAF for security and ACM managed certificate for TLS encryptions. B looks fine to me
👍 4KobDragoon2024/03/31 - 正解だと思う選択肢: D
The debate is between B and D ...(because the question is actually saying that ALB is already used -> NLB is excluded from the beginning)
Even if ACM is more easier to use ( i mean you don't need to go to a third party provider) when reading B answer it is saying : "Configure AWS Certificate Manager (ACM) certificates for the communication between the ALB and the EC2 instances." You cannot use ACM for communication between ALB and EC2. Actually in the target group you can specify protocol and port and the instances associated but there is no field where to specify which certificate to use. Also in (B) it is not saying to configure the certificates in EC2 which is wrong as well. The ACM is used for ALB and in the listener part you have the default certificate and the SNIs under certificates tab.
Therefore D is the correct answer.
👍 3Blitz12024/07/16
シャッフルモード