Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 178 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 178
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has an application that hosts personally identifiable information (PII) of users. All connections to the application must be secured by HTTPS with TLS certificates that implement Elliptic Curve Cryptography (ECC).

The application uses stateful connections between the web tier and the end users. Multiple instances host the application. A network engineer must implement a solution that offloads TLS connections to a load balancer.

Which load-balancing solution will meet these requirements?

  • A. Provision a Network Load Balancer. Configure a TLS listener by specifying the use of an ECC SSL certificate that is uploaded to AWS identity and Access Management (IAM). Turn on health checks to monitor the web hosts that connect to the end users.
  • B. Provision an Application Load Balancer. Configure an HTTPS listener by specifying the use of an ECC SSL certificate that is uploaded to AWS Certificate Manager (ACM). Configure a default action to redirect to the URL for the application. Turn on health checks to monitor the web hosts that connect to the end users.
  • C. Provision a Network Load Balancer. Configure a TLS listener by specifying the use of an ECC SSL certificate that is uploaded to AWS Certificate Manager (ACM). Turn on application-based session affinity (sticky sessions). Turn on health checks to monitor the web hosts that connect to the end users.
  • D. Provision an Application Load Balancer. Configure an HTTPS listener by specifying the use of an ECC SSL certificate that is uploaded to AWS Identity and Access Management (IAM). Configure a default action to redirect to the URL for the application. Turn on application-based session affinity (sticky sessions).
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by backspace0900 at March 20, 2024, 2:55 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
KobDragoon
5 months, 3 weeks ago
Selected Answer: D
Considering the importance of sticky sessions for stateful connections in conjunction with the other requirements (end-to-end encryption, use of ECC certificates), Option D works better, even if managing the certificate with IAM instead of ACM feels weird, it is possible.
upvoted 3 times
...
bluz
6 months ago
Selected Answer: D
NLB does not use application-based stickiness. For certificates in a Region supported by AWS Certificate Manager (ACM), we recommend that you use ACM to provision, manage, and deploy your server certificates. In unsupported Regions, you must use IAM as a certificate manager.
upvoted 4 times
daemon101
5 months, 3 weeks ago
i would for B if the ALB is using cookie-based affinity but it is not mentioned so I agree with you. I would also go for D. i think C is incorrect because when NLB is using a TLS listener, the session stickiness feature will longer available. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
upvoted 2 times
...
...
psou7
6 months ago
i Vote C
upvoted 3 times
KobDragoon
5 months, 3 weeks ago
Wrong - NLBs do not inherently manage application-level session affinity ("sticky sessions") based on cookies.
upvoted 1 times
...
...
backspace0900
6 months ago
Selected Answer: C
C ssl certificate managed acm
upvoted 3 times
KobDragoon
5 months ago
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#sticky-sessions "Sticky sessions are not supported for TLS listeners."
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel