exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 12 discussion

An ecommerce company is hosting a web application on Amazon EC2 instances to handle continuously changing customer demand. The EC2 instances are part of an Auto Scaling group. The company wants to implement a solution to distribute traffic from customers to the EC2 instances. The company must encrypt all traffic at all stages between the customers and the application servers. No decryption at intermediate points is allowed.
Which solution will meet these requirements?

  • A. Create an Application Load Balancer (ALB). Add an HTTPS listener to the ALB. Configure the Auto Scaling group to register instances with the ALB's target group.
  • B. Create an Amazon CloudFront distribution. Configure the distribution with a custom SSL/TLS certificate. Set the Auto Scaling group as the distribution's origin.
  • C. Create a Network Load Balancer (NLB). Add a TCP listener to the NLB. Configure the Auto Scaling group to register instances with the NLB's target group.
  • D. Create a Gateway Load Balancer (GLB). Configure the Auto Scaling group to register instances with the GLB's target group.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Untamables
Highly Voted 1 year, 8 months ago
Selected Answer: C
C If you need to pass encrypted traffic to the targets without the load balancer decrypting it, create a TCP listener on port 443 instead of creating a TLS listener. https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html
upvoted 14 times
...
exampb007
Most Recent 1 month ago
Option B ...Encryption at all stages: The requirement specifies that all traffic must be encrypted at all stages, with no decryption at intermediate points. Amazon CloudFront is a content delivery network (CDN) that supports end-to-end encryption (from the customer to the application). By configuring CloudFront with a custom SSL/TLS certificate, traffic between the customer and CloudFront (as well as between CloudFront and the origin) can be fully encrypted. No decryption at intermediate points: With CloudFront, you can ensure that traffic remains encrypted, and CloudFront acts as a proxy for the traffic without decrypting it. It only forwards the traffic (still encrypted) to the application servers.
upvoted 1 times
...
Raphaello
8 months, 2 weeks ago
Selected Answer: C
With ALB HTTPS listener will have ALB itself to intercept and terminate SSL/TLS connection. NLB will TCP listener will allow SSL/TLS connections to passthrough to backend app. servers where they can decrypt the flow.
upvoted 3 times
...
Marfee400704
10 months, 1 week ago
I think that it's correct answer is C according to SPOTO products.
upvoted 1 times
...
marfee
10 months, 2 weeks ago
I think that it's correcty answer is C.
upvoted 1 times
...
Snape
11 months, 1 week ago
Selected Answer: C
'No decryption at intermediate points is allowed.'
upvoted 1 times
...
MEDES
1 year, 2 months ago
C If you need to pass encrypted traffic to the targets without the load balancer decrypting it, create a TCP listener on port 443 instead of creating a TLS listener. https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html
upvoted 1 times
...
[Removed]
1 year, 5 months ago
Selected Answer: A
Option A correct, an Application Load Balancer (ALB) is a Layer 7 load balancer that routes incoming traffic based on the content of the request. It can route traffic to Amazon EC2 instances, containers, and IP addresses based on the rules that you define. You can use an HTTPS listener to encrypt traffic between clients and the load balancer. The load balancer decrypts requests and encrypts responses before sending them to clients. Option C incorrect because The load balancer passes the request through as is, Since we must encrypt all traffic at all stages between the customers and the application servers and no decryption at intermediate points is allowed, NLB is not suitable for this scenario.
upvoted 2 times
WMF0187
1 year, 3 months ago
Since we must encrypt all traffic at all stages between the customers and the application servers and no decryption at intermediate points is allowed and an ALB decrypts requests and encrypts responses before sending them to clients, doesn't this go against what the question is asking and better option being an NLB as it passes encrypted traffic to the targets without the load balancer decrypting it?
upvoted 3 times
...
...
JoeAWS
1 year, 6 months ago
ALB is wrong because entire network packet needs to be forwarded
upvoted 3 times
...
emmanuelodenyire
1 year, 7 months ago
Selected Answer: C
C is the correct answer here Based on the requirements given in the question, option C is the most suitable and correct solution. The Network Load Balancer (NLB) can handle TCP and UDP traffic, and it can also encrypt traffic with SSL/TLS encryption. Additionally, NLB is designed for high performance, low latency traffic and can handle millions of requests per second, making it well-suited for handling the continuously changing customer demand mentioned in the question. Option A, creating an Application Load Balancer (ALB), is also a viable solution for load balancing traffic to the EC2 instances, but it may not be the best option for handling high volumes of TCP and UDP traffic, especially when it comes to real-time applications.
upvoted 3 times
...
slackbot
1 year, 8 months ago
Selected Answer: C
C covers the requirement for end-to-end encryption
upvoted 4 times
...
ohcan
1 year, 8 months ago
Selected Answer: C
C is the only option that provides the connection from client not to be terminated in any intermediate point but the application server
upvoted 4 times
...
helloworldabc
1 year, 9 months ago
AAAAAAAAAAAAAA
upvoted 1 times
...
zaazanuna
1 year, 9 months ago
Option C may be a valid solution, but it only provides transport layer security (TLS) encryption, not end-to-end encryption. Additionally, TCP listeners cannot inspect the contents of traffic, so the Network Load Balancer would not be able to ensure that traffic is not decrypted at intermediate points.
upvoted 1 times
...
zaazanuna
1 year, 9 months ago
Option C, creating a Network Load Balancer (NLB), is a Layer 4 load balancer that can distribute incoming traffic to EC2 instances based on IP protocol data such as TCP, UDP, or SSL. However, it does not provide the same routing and load balancing capabilities as an ALB, which can route traffic based on application layer data such as HTTP headers.
upvoted 1 times
...
study_aws1
1 year, 9 months ago
Should be option C). Requirement is for end-end encryption in transit between customer & instances (EC2), and hence requires NLB with TCP passthrough.
upvoted 2 times
...
flowers00
1 year, 9 months ago
C - correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago