ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 122 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 122
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is deploying a new stateless web application on AWS. The web application will run on Amazon EC2 instances in private subnets behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The web application has a stateful management application for administration that will run on EC2 instances that are in a separate Auto Scaling group.

The company wants to access the management application by using the same URL as the web application, with a path prefix of/management. The protocol, hostname, and port number must be the same for the web application and the management application. Access to the management application must be restricted to the company's on-premises IP address space. An SSL/TLS certificate from AWS Certificate Manager (ACM) will protect the web application.

Which combination of steps should a network engineer take to meet these requirements? (Choose two.)

  • A. Insert a rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the source-ip condition type for the on-premises IP address space. Forward requests to the management application target group if there is a match. Edit the management application target group and enable stickiness.
  • B. Modify the default rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the source-ip condition type for the on-premises IP address space. Forward requests to the management application target group if there is not a match. Enable group-level stickiness in the rule attributes.
  • C. Insert a rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the X-Forwarded-For HTTP header for the on-premises IP address space. Forward requests to the management application target group if there is a match. Enable group-level stickiness in the rule attributes.
  • D. Modify the default rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the source-ip condition type for the on-premises IP address space. Forward requests to the web application target group if there is not a match.
  • E. Forward all requests to the web application target group. Edit the web application target group and disable stickiness.
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️
by papercuts23 at June 13, 2023, 8:28 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Certified101
Highly Voted 1 year, 5 months ago
Selected Answer: AE
DEFAULT RULES CANNOT HAVE CONDITIONS so B & D are out. Changing to A & E. A to forward people to managment with stickiness E to forward people to the web application without stickiness https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
upvoted 19 times
JoseCC
1 year, 5 months ago
AE correct for me as well.
upvoted 3 times
...
Certified101
1 year, 5 months ago
Also see - https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-update-rules.html#edit-rule Step 8 - "(Optional) Modify the conditions and actions as needed. For example, you can edit a condition or action (pencil icon), add a condition, add an authenticate action to a rule for an HTTPS listener, or delete a condition or action (trash can icon). You can't add conditions to the default rule."
upvoted 3 times
...
...
papercuts23
Highly Voted 1 year, 7 months ago
Selected Answer: AD
AD is correct. Default rule does not need stickiness because it is stateless
upvoted 7 times
awskiller007
1 year, 5 months ago
why does the new rule in A requires enable stickiness?
upvoted 1 times
...
...
Ravan
Most Recent 4 months, 2 weeks ago
Selected Answer: AD
E: Disabling stickiness on the web application target group would not fulfill the requirement for the management application, which needs stickiness for stateful sessions.
upvoted 1 times
...
cerifyme85
9 months ago
Selected Answer: AE
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules:~:text=When%20you%20create%20a%20listener%2C%20you%20define%20actions%20for%20the%20default%20rule.%20Default%20rules%20can%27t%20have%20conditions.%20If%20the%20conditions%20for%20none%20of%20a%20listener%27s%20rules%20are%20met%2C%20then%20the%20action%20for%20the%20default%20rule%20is%20performed.
upvoted 1 times
...
patanjali
10 months, 3 weeks ago
Selected Answer: AE
Default rule cant have condition
upvoted 1 times
...
michele_scar
11 months ago
Selected Answer: AE
Eliminating the answers with "Update default rule" remains A, C, E. Obv C is uncorrect: A and E.
upvoted 2 times
...
vikasj1in
11 months, 2 weeks ago
Selected Answer: AE
Option B is incorrect because it suggests forwarding requests to the management application target group if there is not a match, which contradicts the requirement to restrict access to the management application to the company's on-premises IP address space. Option C is incorrect because it suggests checking the X-Forwarded-For HTTP header for the on-premises IP address space, which is unnecessary and potentially less secure than directly checking the source IP address. Option D is incorrect because it suggests forwarding requests to the web application target group if there is not a match, which would not meet the requirement to access the management application via the same URL prefix. Therefore, options A and E are the most suitable for meeting the requirements outlined in the scenario.
upvoted 4 times
...
Marfee400704
11 months, 2 weeks ago
I think that it's correct answer is AC according to SPOTO products.
upvoted 1 times
...
michele_scar
11 months, 2 weeks ago
Selected Answer: AE
cannot modify default rule
upvoted 1 times
...
cumzle_com
1 year, 1 month ago
Selected Answer: AE
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html Default rules When you create a listener, you define actions for the default rule. Default rules can't have conditions. If the conditions for none of a listener's rules are met, then the action for the default rule is performed.
upvoted 2 times
...
aws_god
1 year, 2 months ago
Selected Answer: AD
correct answer is A and D
upvoted 1 times
...
Cheam
1 year, 4 months ago
Selected Answer: AD
1) By default, sticky-sessions is not enabled on the ALB, and therefore answer E does not apply. Ref: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html 2) You can modify the default rule to check against the source-ip condition, CLI. Ref: https://docs.aws.amazon.com/cli/latest/reference/elbv2/modify-listener.html All the best.
upvoted 1 times
...
Certified101
1 year, 5 months ago
Selected Answer: AC
Default rules can't have conditions.https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html So I think its AC
upvoted 1 times
...
ISSDoksim
1 year, 5 months ago
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
upvoted 1 times
ISSDoksim
1 year, 5 months ago
AC - Default rules can't have conditions.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago