Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 1 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 1
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is planning to create a service that requires encryption in transit. The traffic must not be decrypted between the client and the backend of the service. The company will implement the service by using the gRPC protocol over TCP port 443. The service will scale up to thousands of simultaneous connections. The backend of the service will be hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) duster with the Kubernetes Cluster Autoscaler and the Horizontal Pod Autoscaler configured. The company needs to use mutual TLS for two-way authentication between the client and the backend.
Which solution will meet these requirements?

  • A. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
  • B. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
  • C. Create a target group. Add the EKS managed node group's Auto Scaling group as a target Create an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the target group.
  • D. Create a target group. Add the EKS managed node group’s Auto Scaling group as a target. Create a Network Load Balancer with a TLS listener on port 443 to forward traffic to the target group.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by c73bf38 at March 17, 2023, 7:44 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
emmanuelodenyire
Highly Voted 1 year, 4 months ago
Selected Answer: A
Option B is incorrect because an Application Load Balancer (ALB) does not support TLS passthrough and decrypts the traffic before forwarding it to the backend servers. Option C is incorrect because an Application Load Balancer (ALB) does not support mutual TLS authentication (mTLS), which is required for this use case. Option D is incorrect because a TLS listener is not suitable for this use case. TLS passthrough is required, and the correct listener type for NLB is TCP.
upvoted 9 times
natasha57
5 days, 16 hours ago
Today i see full discussion Details '; https://docs-aws.com/discussion/ANS-C01-242154
upvoted 1 times
...
...
Fengyu
Highly Voted 1 year, 2 months ago
Selected Answer: A
ALB does not support mutual TLS and will decrypt the traffic https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
upvoted 5 times
...
namahix
Most Recent 2 days, 2 hours ago
100% B correct " Option B (ALB with HTTPS): ALB operates at Layer 7 and terminates TLS connections, which would decrypt traffic at the load balancer, violating the requirement that traffic must remain encrypted between the client and backend. https://shorturl.at/BhwEB
upvoted 1 times
...
Ravan
2 weeks ago
Selected Answer: A
Option B (ALB with HTTPS): ALB operates at Layer 7 and terminates TLS connections, which would decrypt traffic at the load balancer, violating the requirement that traffic must remain encrypted between the client and backend.
upvoted 1 times
...
learndigitalcloud
4 weeks ago
Selected Answer: B
As of 21 march 2024 Mtls is supported with alb
upvoted 1 times
...
Jonalb
1 month, 3 weeks ago
Selected Answer: A
100% A correct "
upvoted 1 times
...
KienCT
2 months, 1 week ago
Selected Answer: A
I TINK A
upvoted 1 times
...
ExamFrontier
2 months, 2 weeks ago
FYI. There are many new questions in the exam taken in June.
upvoted 1 times
...
ksdpmx
3 months, 1 week ago
Selected Answer: B
gRPC is not supported by NLB natively til now (2024/6)
upvoted 2 times
...
dim912
4 months ago
Selected Answer: A
AAAAAAA
upvoted 3 times
...
43c89f4
4 months, 2 weeks ago
consider of 3 points 1. gRPC protocol 2. thousands of connections 3. Mutula TLS above 3 points supports ALB not NLB. hence answer would be B
upvoted 4 times
...
Raphaello
5 months, 3 weeks ago
Selected Answer: B
Correct answer is B. ALB support gRPC, not NLB. AWS Load Balancer Controller manage ALB for K8s cluster. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/deploy-a-grpc-based-application-on-an-amazon-eks-cluster-and-access-it-with-an-application-load-balancer.html
upvoted 2 times
...
xTrayusx
5 months, 3 weeks ago
Selected Answer: B
Using an Application Load Balancer (ALB) with an HTTPS listener on port 443 ensures encryption of traffic in transit.
upvoted 1 times
...
tromyunpak
6 months ago
now both A and B are correct before MTLS was only supported by NLB but last reinvent mtls is now supported on ALB also
upvoted 3 times
...
JoellaLi
6 months ago
I asked the 'Amazon Q'. And it said B is correct...
upvoted 2 times
...
vikasj1in
7 months, 1 week ago
Selected Answer: B
The AWS Load Balancer Controller for Kubernetes enables the configuration of AWS load balancers directly from Kubernetes resources. An Application Load Balancer (ALB) with an HTTPS listener on port 443 allows for secure communication over the gRPC protocol. With mutual TLS authentication, both the client and the backend server present certificates to each other, ensuring the identity of both parties. Configuring the ALB with HTTPS ensures that traffic between the client and the backend is encrypted in transit without decryption between them. By using the AWS Load Balancer Controller, the ALB can dynamically scale to handle thousands of simultaneous connections, working seamlessly with the Kubernetes Cluster Autoscaler and Horizontal Pod Autoscaler configurations.
upvoted 2 times
...
Marfee400704
7 months, 1 week ago
I think that it's correct answer is B according to SPOTO products.
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel