ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 1 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 1
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is planning to create a service that requires encryption in transit. The traffic must not be decrypted between the client and the backend of the service. The company will implement the service by using the gRPC protocol over TCP port 443. The service will scale up to thousands of simultaneous connections. The backend of the service will be hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) duster with the Kubernetes Cluster Autoscaler and the Horizontal Pod Autoscaler configured. The company needs to use mutual TLS for two-way authentication between the client and the backend.
Which solution will meet these requirements?

  • A. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
  • B. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
  • C. Create a target group. Add the EKS managed node group's Auto Scaling group as a target Create an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the target group.
  • D. Create a target group. Add the EKS managed node group’s Auto Scaling group as a target. Create a Network Load Balancer with a TLS listener on port 443 to forward traffic to the target group.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by c73bf38 at March 17, 2023, 7:44 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
emmanuelodenyire
Highly Voted 1 year, 9 months ago
Selected Answer: A
Option B is incorrect because an Application Load Balancer (ALB) does not support TLS passthrough and decrypts the traffic before forwarding it to the backend servers. Option C is incorrect because an Application Load Balancer (ALB) does not support mutual TLS authentication (mTLS), which is required for this use case. Option D is incorrect because a TLS listener is not suitable for this use case. TLS passthrough is required, and the correct listener type for NLB is TCP.
upvoted 13 times
...
Fengyu
Highly Voted 1 year, 7 months ago
Selected Answer: A
ALB does not support mutual TLS and will decrypt the traffic https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
upvoted 7 times
...
Duke_CT
Most Recent 5 days, 2 hours ago
Selected Answer: A
Option B is incorrect because an Application Load Balancer (ALB) does not support TLS passthrough
upvoted 1 times
...
Olaxkid_8
1 month ago
Selected Answer: A
(ALB) doesn't support mutual TLS and will decrypts the traffic
upvoted 1 times
...
hkfk
1 month, 3 weeks ago
Selected Answer: A
ALB does not support mutual TLS and will decrypt the traffic
upvoted 1 times
...
steli0
2 months, 2 weeks ago
Selected Answer: A
Voted A since the traffic must not be decrypted between client and backend.
upvoted 1 times
...
chris46
3 months ago
Selected Answer: C
The questions talks about the need for auto scaling, setting the LB's Target group to a specific IP will remove the ability to auto scale. gRPC via HTTPS is supported and ALB's support mTLS https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/deploy-a-grpc-based-application-on-an-amazon-eks-cluster-and-access-it-with-an-application-load-balancer.html
upvoted 1 times
...
minhpn28
4 months, 3 weeks ago
Selected Answer: B
ption B is incorrect because an Application Load Balancer (ALB) does not support TLS passthrough and decrypts the traffic before for
upvoted 1 times
...
minhpn28
4 months, 3 weeks ago
Selected Answer: A
Option B is incorrect because an Application Load Balancer (ALB) does not support TLS passthrough and decrypts the traffic before forwarding it to the backend servers.
upvoted 1 times
...
Ravan
5 months, 1 week ago
Selected Answer: A
Option B (ALB with HTTPS): ALB operates at Layer 7 and terminates TLS connections, which would decrypt traffic at the load balancer, violating the requirement that traffic must remain encrypted between the client and backend.
upvoted 1 times
...
[Removed]
5 months, 3 weeks ago
Selected Answer: B
As of 21 march 2024 Mtls is supported with alb
upvoted 1 times
...
Jonalb
6 months, 2 weeks ago
Selected Answer: A
100% A correct "
upvoted 1 times
...
KienCT
7 months, 1 week ago
Selected Answer: A
I TINK A
upvoted 1 times
...
ExamFrontier
7 months, 2 weeks ago
FYI. There are many new questions in the exam taken in June.
upvoted 1 times
...
ksdpmx
8 months ago
Selected Answer: B
gRPC is not supported by NLB natively til now (2024/6)
upvoted 2 times
...
dim912
9 months ago
Selected Answer: A
AAAAAAA
upvoted 3 times
...
43c89f4
9 months, 1 week ago
consider of 3 points 1. gRPC protocol 2. thousands of connections 3. Mutula TLS above 3 points supports ALB not NLB. hence answer would be B
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago