Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 178 discussion

You can upload certificate to IAM via aws cli. ACM did not support ECC-SSL at the time exam question were written, but they do now, for the purpose of this question you need to use IAM. https://repost.aws/knowledge-center/import-ssl-certificate-to-iam

A. Network Load Balancer with ECC SSL certificate in IAM: Network Load Balancers (NLBs) support TLS listeners but are designed for layer 4 (TCP) traffic. They lack features like session affinity and application-specific health checks. NLBs are not suitable for applications requiring sticky sessions or application-layer processing. B. ALB with health checks but no session affinity: This option misses the requirement for maintaining stateful connections. Without session affinity, the ALB may route user requests to different backend instances, breaking stateful communication. C. NLB with ECC SSL certificate in ACM and session affinity: NLB does not natively support application-based session affinity or sticky sessions. NLB is a layer 4 load balancer and is not optimal for this use case, which requires application-layer capabilities.

weird question, C and D both incorrect

c why use iam

Network load balancer does not the stickiness!! because stateful means you have to enable the sessions sickness which application layer 7

Considering the importance of sticky sessions for stateful connections in conjunction with the other requirements (end-to-end encryption, use of ECC certificates), Option D works better, even if managing the certificate with IAM instead of ACM feels weird, it is possible.

NLB does not use application-based stickiness. For certificates in a Region supported by AWS Certificate Manager (ACM), we recommend that you use ACM to provision, manage, and deploy your server certificates. In unsupported Regions, you must use IAM as a certificate manager.

i Vote C

C ssl certificate managed acm