Topic 1 Question 49

AWS Certified Solutions Architect - Professional

Topic 1 Question 49
A company is planning to host a web application on AWS and wants to load balance the traffic across a group of Amazon EC2 instances. One of the security requirements is to enable end-to-end encryption in transit between the client and the web server.

Which solution will meet this requirement?
- Place the EC2 instances behind an Application Load Balancer (ALB). Provision an SSL certificate using AWS Certificate Manager (ACM), and associate the SSL certificate with the ALB. Export the SSL certificate and install it on each EC2 instance. Configure the ALB to listen on port 443 and to forward traffic to port 443 on the instances.
- Associate the EC2 instances with a target group. Provision an SSL certificate using AWS Certificate Manager (ACM). Create an Amazon CloudFront distribution and configure it to use the SSL certificate. Set CloudFront to use the target group as the origin server.
- Place the EC2 instances behind an Application Load Balancer (ALB) Provision an SSL certificate using AWS Certificate Manager (ACM), and associate the SSL certificate with the ALB. Provision a third-party SSL certificate and install it on each EC2 instance. Configure the ALB to listen on port 443 and to forward traffic to port 443 on the instances.
- Place the EC2 instances behind a Network Load Balancer (NLB). Provision a third-party SSL certificate and install it on the NLB and on each EC2 instance. Configure the NLB to listen on port 443 and to forward traffic to port 443 on the instances.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: C
  Amazon-issued public certificates can’t be installed on an EC2 instance. To enable end-to-end encryption, you must use a third-party SSL certificate. https://aws.amazon.com/premiumsupport/knowledge-center/acm-ssl-certificate-ec2-elb/ so it's C or D. I choose C as it's ALB
  
  👍 24
  pitakk2023/01/23
- 正解だと思う選択肢: D
  Vote D. If you need to pass encrypted traffic to targets without the load balancer decrypting it, you can create a Network Load Balancer or Classic Load Balancer with a TCP listener on port 443. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
  
  👍 19
  Untamables2023/01/19
- 正解だと思う選択肢: C
  C is correct. Although D works, the fact that it states "install it on NLB" is wrong as you can ony associate/add it to the listener but there is no install option. ALB with public ACM cert fw to target group with seflf signed cert listening on port 443 is correct (see the implementation steps here).
  
  👍 4
  emiioan2023/05/18
シャッフルモード

ユーザの投票

コメント(17)