Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 122 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 122
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is deploying a new stateless web application on AWS. The web application will run on Amazon EC2 instances in private subnets behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The web application has a stateful management application for administration that will run on EC2 instances that are in a separate Auto Scaling group.

The company wants to access the management application by using the same URL as the web application, with a path prefix of/management. The protocol, hostname, and port number must be the same for the web application and the management application. Access to the management application must be restricted to the company's on-premises IP address space. An SSL/TLS certificate from AWS Certificate Manager (ACM) will protect the web application.

Which combination of steps should a network engineer take to meet these requirements? (Choose two.)

  • A. Insert a rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the source-ip condition type for the on-premises IP address space. Forward requests to the management application target group if there is a match. Edit the management application target group and enable stickiness.
  • B. Modify the default rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the source-ip condition type for the on-premises IP address space. Forward requests to the management application target group if there is not a match. Enable group-level stickiness in the rule attributes.
  • C. Insert a rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the X-Forwarded-For HTTP header for the on-premises IP address space. Forward requests to the management application target group if there is a match. Enable group-level stickiness in the rule attributes.
  • D. Modify the default rule for the load balancer HTTPS listener. Configure the rule to check the path-pattern condition type for the /management prefix and to check the source-ip condition type for the on-premises IP address space. Forward requests to the web application target group if there is not a match.
  • E. Forward all requests to the web application target group. Edit the web application target group and disable stickiness.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by papercuts23 at June 13, 2023, 8:28 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Certified101
Highly Voted 1 year, 1 month ago
Selected Answer: AE
DEFAULT RULES CANNOT HAVE CONDITIONS so B & D are out. Changing to A & E. A to forward people to managment with stickiness E to forward people to the web application without stickiness https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
upvoted 17 times
JoseCC
1 year, 1 month ago
AE correct for me as well.
upvoted 3 times
...
Certified101
1 year, 1 month ago
Also see - https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-update-rules.html#edit-rule Step 8 - "(Optional) Modify the conditions and actions as needed. For example, you can edit a condition or action (pencil icon), add a condition, add an authenticate action to a rule for an HTTPS listener, or delete a condition or action (trash can icon). You can't add conditions to the default rule."
upvoted 3 times
...
...
papercuts23
Highly Voted 1 year, 3 months ago
Selected Answer: AD
AD is correct. Default rule does not need stickiness because it is stateless
upvoted 7 times
awskiller007
1 year, 1 month ago
why does the new rule in A requires enable stickiness?
upvoted 1 times
...
...
Ravan
Most Recent 1 week, 5 days ago
Selected Answer: AD
E: Disabling stickiness on the web application target group would not fulfill the requirement for the management application, which needs stickiness for stateful sessions.
upvoted 1 times
...
cerifyme85
4 months, 3 weeks ago
Selected Answer: AE
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules:~:text=When%20you%20create%20a%20listener%2C%20you%20define%20actions%20for%20the%20default%20rule.%20Default%20rules%20can%27t%20have%20conditions.%20If%20the%20conditions%20for%20none%20of%20a%20listener%27s%20rules%20are%20met%2C%20then%20the%20action%20for%20the%20default%20rule%20is%20performed.
upvoted 1 times
...
patanjali
6 months, 2 weeks ago
Selected Answer: AE
Default rule cant have condition
upvoted 1 times
...
michele_scar
6 months, 3 weeks ago
Selected Answer: AE
Eliminating the answers with "Update default rule" remains A, C, E. Obv C is uncorrect: A and E.
upvoted 2 times
...
vikasj1in
7 months ago
Selected Answer: AE
Option B is incorrect because it suggests forwarding requests to the management application target group if there is not a match, which contradicts the requirement to restrict access to the management application to the company's on-premises IP address space. Option C is incorrect because it suggests checking the X-Forwarded-For HTTP header for the on-premises IP address space, which is unnecessary and potentially less secure than directly checking the source IP address. Option D is incorrect because it suggests forwarding requests to the web application target group if there is not a match, which would not meet the requirement to access the management application via the same URL prefix. Therefore, options A and E are the most suitable for meeting the requirements outlined in the scenario.
upvoted 2 times
...
Marfee400704
7 months, 1 week ago
I think that it's correct answer is AC according to SPOTO products.
upvoted 1 times
...
michele_scar
7 months, 1 week ago
Selected Answer: AE
cannot modify default rule
upvoted 1 times
...
cumzle_com
9 months, 3 weeks ago
Selected Answer: AE
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html Default rules When you create a listener, you define actions for the default rule. Default rules can't have conditions. If the conditions for none of a listener's rules are met, then the action for the default rule is performed.
upvoted 2 times
...
aws_god
10 months, 2 weeks ago
Selected Answer: AD
correct answer is A and D
upvoted 1 times
...
Cheam
11 months, 4 weeks ago
Selected Answer: AD
1) By default, sticky-sessions is not enabled on the ALB, and therefore answer E does not apply. Ref: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html 2) You can modify the default rule to check against the source-ip condition, CLI. Ref: https://docs.aws.amazon.com/cli/latest/reference/elbv2/modify-listener.html All the best.
upvoted 1 times
...
Certified101
1 year, 1 month ago
Selected Answer: AC
Default rules can't have conditions.https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html So I think its AC
upvoted 1 times
...
ISSDoksim
1 year, 1 month ago
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
upvoted 1 times
ISSDoksim
1 year, 1 month ago
AC - Default rules can't have conditions.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel