Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 744 discussion

A for sure. The same question was in "AWS Certified Solutions Architect Associate Practice Test 3" on Udemy. There was an explaination that NLB needs to be before ALB because only NLB can have static IP.

AnswerA

A - correct (Static ip can thereafter be used for client whitelisting) Using a Network Load Balancer instead of a Classic Load Balancer has the following benefits: Support for static IP addresses for the load balancer. https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html

Option A Please look into the below for detailed explaination https://www.scalefactory.com/blog/2021/12/13/aws-network-load-balancers-new-features/img/previously-firewall-egress.png

Option C

B -> Application Load Balancer cannot be assigned an Elastic IP address (static IP address). C -> Its DNS after all, "Associated elastic IP" is what IP? Makes no sense D -> "If you require a persistent public IP address that can be associated to and from instances as you require, use an Elastic IP address instead." PUBLIC IP of an EC2 is not persistent, although we can give an Elastic Ip, Using EC2 in front of a Load Balancer is tooooo much. What if it gets a million request? So to scale that EC2 you use another LB and an ASG>? This makes no sense A is correct because a NLB can have an elastic IP and we can use this in our firewall as per the use case

Setting up an EC2 instance with a public IP address to act as a proxy in front of the load balancer allows clients with restricted IP access to connect to the web service. The EC2 instance can handle IP address whitelisting and proxy requests to the ELB load balancer, ensuring that only authorized clients can access the service. This solution provides flexibility and control over access while leveraging the scalability and availability benefits of ELB.

Option C