Topic 1 Question 228
3 つ選択A company has a web application that runs in eight AWS Regions. In each Region, the application is hosted on multiple compute resources behind an Application Load Balancer (ALB).
The different Regions are using different domains. Each ALB is configured to accept only HTTPS traffic. Each ALB uses a certificate from AWS Certificate Manager (ACM).
The company wants to simplify the application’s appearance on the web by using a new single domain for all Regions. A network engineer needs to implement this change by designing a solution that also will minimize latency for the application's end users.
Which combination of actions will meet these requirements?
Use ACM to create an SSL/TLS certificate in the us-east-1 Region for the new domain.
Set up latency-based routing in Amazon Route 53 for the new domain. Add the ALBs from all the Regions as targets.
Create an alias record for the accelerator in Amazon Route 53 for the new domain.
Create a standard accelerator in AWS Global Accelerator. Configure a listener for TCP traffic. Add all the ALBs as targets for the listener.
Use ACM to create an SSLITLS certificate for each Region. Configure all the ALBs to use the certificate in their respective Regions.
Create a custom routing accelerator in AWS Global Accelerator. Configure a listener for HTTPS traffic. Add all the ALBs as targets for the listener. Configure the accelerator to terminate TLS by using the SSLITLS certificate from ACM.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: CDE
(C) Create an alias record for the accelerator in Route 53 for the new domain • This step stays the same. You want your users to resolve a single domain that leads to Global Accelerator. • (D) Create a standard accelerator in AWS Global Accelerator, configure a listener for TCP (or TLS pass-through), and add all the ALBs as endpoints • Also unchanged. A standard accelerator is how you route traffic at the edge into the correct Region. • (E) Use ACM to create an SSL/TLS certificate for each Region. Configure all the ALBs to use the certificate in their respective Regions • This step is correct if the Region supports ACM for requesting or importing a cert. • If not, you do manual certificate handling (import or direct upload).
👍 2djangoGroup2025/01/08 - 正解だと思う選択肢: CDE
F: NO HTTPS listener available with GA A: NO global certificate is necessary is this case (see CloudFront) B: Could be a solution but GA improves latency more than Route53
👍 1c1193d42025/01/06 - 正解だと思う選択肢: ACF
Accelerator better than Route 53 as anycast and not dependent on DNS and delay measurement. (A) GA uses single certificate that must be in us-east-1. Need the alias (C) for GA to work. (F) Custom accelerator terminates TLS using the new certificate from (A).
👍 1secdaddy2025/01/30
シャッフルモード