ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 178 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 178
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has an application that hosts personally identifiable information (PII) of users. All connections to the application must be secured by HTTPS with TLS certificates that implement Elliptic Curve Cryptography (ECC).

The application uses stateful connections between the web tier and the end users. Multiple instances host the application. A network engineer must implement a solution that offloads TLS connections to a load balancer.

Which load-balancing solution will meet these requirements?

  • A. Provision a Network Load Balancer. Configure a TLS listener by specifying the use of an ECC SSL certificate that is uploaded to AWS identity and Access Management (IAM). Turn on health checks to monitor the web hosts that connect to the end users.
  • B. Provision an Application Load Balancer. Configure an HTTPS listener by specifying the use of an ECC SSL certificate that is uploaded to AWS Certificate Manager (ACM). Configure a default action to redirect to the URL for the application. Turn on health checks to monitor the web hosts that connect to the end users.
  • C. Provision a Network Load Balancer. Configure a TLS listener by specifying the use of an ECC SSL certificate that is uploaded to AWS Certificate Manager (ACM). Turn on application-based session affinity (sticky sessions). Turn on health checks to monitor the web hosts that connect to the end users.
  • D. Provision an Application Load Balancer. Configure an HTTPS listener by specifying the use of an ECC SSL certificate that is uploaded to AWS Identity and Access Management (IAM). Configure a default action to redirect to the URL for the application. Turn on application-based session affinity (sticky sessions).
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by backspace0900 at March 20, 2024, 2:55 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
woorkim
1 week, 4 days ago
Selected Answer: D
A. Network Load Balancer with ECC SSL certificate in IAM: Network Load Balancers (NLBs) support TLS listeners but are designed for layer 4 (TCP) traffic. They lack features like session affinity and application-specific health checks. NLBs are not suitable for applications requiring sticky sessions or application-layer processing. B. ALB with health checks but no session affinity: This option misses the requirement for maintaining stateful connections. Without session affinity, the ALB may route user requests to different backend instances, breaking stateful communication. C. NLB with ECC SSL certificate in ACM and session affinity: NLB does not natively support application-based session affinity or sticky sessions. NLB is a layer 4 load balancer and is not optimal for this use case, which requires application-layer capabilities.
upvoted 1 times
...
Christina666
1 week, 6 days ago
Selected Answer: B
weird question, C and D both incorrect
upvoted 1 times
...
imymoco
3 weeks, 3 days ago
Selected Answer: C
c why use iam
upvoted 1 times
...
MO_SAM
2 months, 1 week ago
Selected Answer: D
Network load balancer does not the stickiness!! because stateful means you have to enable the sessions sickness which application layer 7
upvoted 1 times
Spaurito
1 month, 2 weeks ago
You can set sticky sessions with Target groups on the NLB now. In the past was not supported.
upvoted 1 times
Spaurito
1 month, 2 weeks ago
and to further define...not for application support.
upvoted 1 times
...
...
...
KobDragoon
8 months, 3 weeks ago
Selected Answer: D
Considering the importance of sticky sessions for stateful connections in conjunction with the other requirements (end-to-end encryption, use of ECC certificates), Option D works better, even if managing the certificate with IAM instead of ACM feels weird, it is possible.
upvoted 3 times
...
bluz
9 months ago
Selected Answer: D
NLB does not use application-based stickiness. For certificates in a Region supported by AWS Certificate Manager (ACM), we recommend that you use ACM to provision, manage, and deploy your server certificates. In unsupported Regions, you must use IAM as a certificate manager.
upvoted 4 times
daemon101
8 months, 3 weeks ago
i would for B if the ALB is using cookie-based affinity but it is not mentioned so I agree with you. I would also go for D. i think C is incorrect because when NLB is using a TLS listener, the session stickiness feature will longer available. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
upvoted 2 times
...
...
psou7
9 months ago
i Vote C
upvoted 3 times
KobDragoon
8 months, 3 weeks ago
Wrong - NLBs do not inherently manage application-level session affinity ("sticky sessions") based on cookies.
upvoted 2 times
...
...
backspace0900
9 months ago
Selected Answer: C
C ssl certificate managed acm
upvoted 3 times
KobDragoon
8 months ago
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#sticky-sessions "Sticky sessions are not supported for TLS listeners."
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago