Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 72 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 72
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is migrating an existing application to a new AWS account. The company will deploy the application in a single AWS Region by using one VPC and multiple Availability Zones. The application will run on Amazon EC2 instances. Each Availability Zone will have several EC2 instances. The EC2 instances will be deployed in private subnets.

The company's clients will connect to the application by using a web browser with the HTTPS protocol. Inbound connections must be distributed across the Availability Zones and EC2 instances. All connections from the same client session must be connected to the same EC2 instance. The company must provide end-to-end encryption for all connections between the clients and the application by using the application SSL certificate.

Which solution will meet these requirements?

  • A. Create a Network Load Balancer. Create a target group. Set the protocol to TCP and the port to 443 for the target group. Turn on session affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TCP and the port to 443 for the listener. Deploy SSL certificates to the EC2 instances.
  • B. Create an Application Load Balancer. Create a target group. Set the protocol to HTTP and the port to 80 for the target group. Turn on session affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTPS listener. Set the default action to forward to the target group. Use AWS Certificate Manager (ACM) to create a certificate for the listener.
  • C. Create a Network Load Balancer. Create a target group. Set the protocol to TLS and the port to 443 for the target group. Turn on session affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TLS and the port to 443 for the listener. Use AWS Certificate Manager (ACM) to create a certificate for the application.
  • D. Create an Application Load Balancer. Create a target group. Set the protocol to HTTPS and the port to 443 for the target group. Turn on session affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTP listener. Set the port to 443 for the listener. Set the default action to forward to the target group.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by TicDcNess at April 19, 2023, 6:52 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
TicDcNess
Highly Voted 1 year, 5 months ago
If you need to pass encrypted traffic to targets without the load balancer decrypting it, you can create a Network Load Balancer or Classic Load Balancer with a TCP listener on port 443. Should be A
upvoted 13 times
rhinozD
1 year, 4 months ago
Yeah. That's right. With NLB, sticky sessions are not supported for TLS listeners that use TLS target groups.
upvoted 4 times
...
...
Ravan
Most Recent 2 weeks, 6 days ago
Selected Answer: B
ALB with HTTPS Listener: The Application Load Balancer (ALB) is designed for handling HTTP/HTTPS traffic and supports features like SSL termination, sticky sessions, and application-based routing. HTTPS End-to-End: Using HTTPS for the listener and registering the EC2 instances with HTTP or HTTPS will allow end-to-end encryption and efficient load balancing. AWS Certificate Manager (ACM): Using ACM for SSL certificates simplifies management and deployment.
upvoted 1 times
...
cerifyme85
4 months, 3 weeks ago
Selected Answer: A
Architectural restirctions with NLB + TLS + Sticky sessions https://repost.aws/questions/QUKVeULln7Q9asBlZz_bkOgA/nlb-sticky-sessions-and-ssl-encryption#:~:text=When%20you%20are,is%20enabled%20on
upvoted 1 times
...
Raphaello
5 months, 1 week ago
Selected Answer: A
A is the correct answer. End-to-end encryption, the NLB with TCP listener would do.
upvoted 1 times
...
[Removed]
5 months, 1 week ago
You can answer this in 10 seconds. Encrypt end2end rules ALB out (as this terminates the TLS connection). Then from the 2 NLB options look for TCP (als TLS again would terminate TLS in the NLB).
upvoted 1 times
...
marfee
7 months, 1 week ago
I'm from Japan.As a result my inverstigation,I think that the correct answer is A.
upvoted 2 times
...
MarcosSantos
8 months, 3 weeks ago
I think it's C. Because using the tls listener on 443 we can use the ACM certificate, I will have to do a lab with tests to see what the applicable answer is. Chat GPT responds that the correct answer would be the letter D, and this is the same answer that I considered to be correct. reading it at this link: https://docs.aws.amazon.com/pt_br/elasticloadbalancing/latest/network/load-balancer-listeners.html It says that using TCP at 443, NLB transmits encrypted traffic to the destination without decrypting it. Therefore, alternative A seems to be very applicable.
upvoted 1 times
...
Arad
10 months, 3 weeks ago
Selected Answer: A
Correct answer is A.
upvoted 1 times
...
habros
11 months ago
Selected Answer: A
A. Why? Because TLS no sticky session + ACM does not work in EC2.
upvoted 3 times
daemon101
5 months, 3 weeks ago
https://repost.aws/knowledge-center/configure-acm-certificates-ec2
upvoted 1 times
...
...
Mishranihal737
1 year, 1 month ago
Yes A is correct
upvoted 2 times
...
qsergii
1 year, 1 month ago
Selected Answer: A
Only one option - A
upvoted 2 times
...
takecoffe
1 year, 3 months ago
Selected Answer: A
Ec2 instances need to have certificate .
upvoted 2 times
...
printfmarcelo
1 year, 4 months ago
Selected Answer: A
Should be A To pass encrypted traffic, ==> Network Load Balancer + TCP.
upvoted 4 times
...
symplesims
1 year, 4 months ago
In case of Option A, Although it uses TCP and port 443, SSL certificates must be deployed to the EC2 instances, rather than using a certificate from AWS Certificate Manager (ACM). In addition, Network Load Balancers (NLB) are better suited for handling TCP traffic, but its not support session affinity using cookies. So Option B is better.
upvoted 4 times
Kristin01
1 year, 4 months ago
"The company's clients will connect to the application by using a web browser with the HTTPS protocol. "
upvoted 2 times
[Removed]
1 year, 2 months ago
Going with B, NLBs do not support HTTPS.
upvoted 1 times
[Removed]
1 year, 2 months ago
Edit changing to A. when using NLB with TCP protocol, any HTTPS connection is forwarded to your backend servers.
upvoted 3 times
...
...
...
rhinozD
1 year, 4 months ago
"The company must provide end-to-end encryption for all connections between the clients and the application by using the application SSL certificate." ACM Certificate can be able to deploy to EC2. NLB supports sticky session. -> A
upvoted 4 times
...
...
Spike2020
1 year, 5 months ago
A) I also agree its A
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel