ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 72 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 72
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is migrating an existing application to a new AWS account. The company will deploy the application in a single AWS Region by using one VPC and multiple Availability Zones. The application will run on Amazon EC2 instances. Each Availability Zone will have several EC2 instances. The EC2 instances will be deployed in private subnets.

The company's clients will connect to the application by using a web browser with the HTTPS protocol. Inbound connections must be distributed across the Availability Zones and EC2 instances. All connections from the same client session must be connected to the same EC2 instance. The company must provide end-to-end encryption for all connections between the clients and the application by using the application SSL certificate.

Which solution will meet these requirements?

  • A. Create a Network Load Balancer. Create a target group. Set the protocol to TCP and the port to 443 for the target group. Turn on session affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TCP and the port to 443 for the listener. Deploy SSL certificates to the EC2 instances.
  • B. Create an Application Load Balancer. Create a target group. Set the protocol to HTTP and the port to 80 for the target group. Turn on session affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTPS listener. Set the default action to forward to the target group. Use AWS Certificate Manager (ACM) to create a certificate for the listener.
  • C. Create a Network Load Balancer. Create a target group. Set the protocol to TLS and the port to 443 for the target group. Turn on session affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TLS and the port to 443 for the listener. Use AWS Certificate Manager (ACM) to create a certificate for the application.
  • D. Create an Application Load Balancer. Create a target group. Set the protocol to HTTPS and the port to 443 for the target group. Turn on session affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTP listener. Set the port to 443 for the listener. Set the default action to forward to the target group.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by TicDcNess at April 19, 2023, 6:52 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TicDcNess
Highly Voted 1 year, 9 months ago
If you need to pass encrypted traffic to targets without the load balancer decrypting it, you can create a Network Load Balancer or Classic Load Balancer with a TCP listener on port 443. Should be A
upvoted 13 times
rhinozD
1 year, 9 months ago
Yeah. That's right. With NLB, sticky sessions are not supported for TLS listeners that use TLS target groups.
upvoted 4 times
...
...
mic8
Most Recent 2 months, 3 weeks ago
Option C is close but doesn’t meet the end-to-end encryption requirement in the way described because it terminates SSL at the Network Load Balancer instead of the EC2 instances
upvoted 1 times
...
Spaurito
2 months, 3 weeks ago
A - You can do this for this scenario. You shouldn't need an ALB. Don't let the certificate get in the way. If you have a cert on the instance (which the application is using), regardless of the ELB, and a TCP listener for port 443, you got it covered. The certificate is passing through the NLB on port 443.
upvoted 1 times
...
Ravan
5 months ago
Selected Answer: B
ALB with HTTPS Listener: The Application Load Balancer (ALB) is designed for handling HTTP/HTTPS traffic and supports features like SSL termination, sticky sessions, and application-based routing. HTTPS End-to-End: Using HTTPS for the listener and registering the EC2 instances with HTTP or HTTPS will allow end-to-end encryption and efficient load balancing. AWS Certificate Manager (ACM): Using ACM for SSL certificates simplifies management and deployment.
upvoted 1 times
...
cerifyme85
9 months ago
Selected Answer: A
Architectural restirctions with NLB + TLS + Sticky sessions https://repost.aws/questions/QUKVeULln7Q9asBlZz_bkOgA/nlb-sticky-sessions-and-ssl-encryption#:~:text=When%20you%20are,is%20enabled%20on
upvoted 1 times
...
Raphaello
9 months, 2 weeks ago
Selected Answer: A
A is the correct answer. End-to-end encryption, the NLB with TCP listener would do.
upvoted 1 times
...
[Removed]
9 months, 3 weeks ago
You can answer this in 10 seconds. Encrypt end2end rules ALB out (as this terminates the TLS connection). Then from the 2 NLB options look for TCP (als TLS again would terminate TLS in the NLB).
upvoted 1 times
...
marfee
11 months, 3 weeks ago
I'm from Japan.As a result my inverstigation,I think that the correct answer is A.
upvoted 2 times
...
MarcosSantos
1 year, 1 month ago
I think it's C. Because using the tls listener on 443 we can use the ACM certificate, I will have to do a lab with tests to see what the applicable answer is. Chat GPT responds that the correct answer would be the letter D, and this is the same answer that I considered to be correct. reading it at this link: https://docs.aws.amazon.com/pt_br/elasticloadbalancing/latest/network/load-balancer-listeners.html It says that using TCP at 443, NLB transmits encrypted traffic to the destination without decrypting it. Therefore, alternative A seems to be very applicable.
upvoted 1 times
...
Arad
1 year, 3 months ago
Selected Answer: A
Correct answer is A.
upvoted 1 times
...
habros
1 year, 3 months ago
Selected Answer: A
A. Why? Because TLS no sticky session + ACM does not work in EC2.
upvoted 3 times
daemon101
10 months, 1 week ago
https://repost.aws/knowledge-center/configure-acm-certificates-ec2
upvoted 1 times
...
...
Mishranihal737
1 year, 5 months ago
Yes A is correct
upvoted 2 times
...
qsergii
1 year, 6 months ago
Selected Answer: A
Only one option - A
upvoted 2 times
...
takecoffe
1 year, 7 months ago
Selected Answer: A
Ec2 instances need to have certificate .
upvoted 2 times
...
printfmarcelo
1 year, 9 months ago
Selected Answer: A
Should be A To pass encrypted traffic, ==> Network Load Balancer + TCP.
upvoted 4 times
...
symplesims
1 year, 9 months ago
In case of Option A, Although it uses TCP and port 443, SSL certificates must be deployed to the EC2 instances, rather than using a certificate from AWS Certificate Manager (ACM). In addition, Network Load Balancers (NLB) are better suited for handling TCP traffic, but its not support session affinity using cookies. So Option B is better.
upvoted 4 times
Kristin01
1 year, 9 months ago
"The company's clients will connect to the application by using a web browser with the HTTPS protocol. "
upvoted 2 times
[Removed]
1 year, 6 months ago
Going with B, NLBs do not support HTTPS.
upvoted 1 times
[Removed]
1 year, 6 months ago
Edit changing to A. when using NLB with TCP protocol, any HTTPS connection is forwarded to your backend servers.
upvoted 3 times
...
...
...
rhinozD
1 year, 9 months ago
"The company must provide end-to-end encryption for all connections between the clients and the application by using the application SSL certificate." ACM Certificate can be able to deploy to EC2. NLB supports sticky session. -> A
upvoted 4 times
...
...
Spike2020
1 year, 9 months ago
A) I also agree its A
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago