ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 177 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 177
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has a public application. The application uses an Application Load Balancer (ALB) that has a target group of Amazon EC2 instances.

The company wants to protect the application from security issues in web requests. The traffic to the application must have end-to-end encryption.

Which solution will meet these requirements?

  • A. Configure a Network Load Balancer (NLB) that has a target group of the existing EC2 instances. Configure TLS connections to terminate on the EC2 instances that use a public certificate. Configure an AWS WAF web ACL. Associate the web ACL with the NLB.
  • B. Configure TLS connections to terminate at the ALB that uses a public certificate. Configure AWS Certificate Manager (ACM) certificates for the communication between the ALB and the EC2 instances. Configure an AWS WAF web ACL. Associate the web ACL with the ALB.
  • C. Configure a Network Load Balancer (NLB) that has a target group of the existing EC2 instances. Configure TLS connections to terminate at the EC2 instances by creating a TLS listener. Configure self-signed certificates on the EC2 instances for the communication between the NLB and the EC2 instances. Configure an AWS WAF web ACL. Associate the web ACL with the NLB.
  • D. Configure a third-party certificate on the EC2 instances for the communication between the ALB and the EC2 instances. Import the third-party certificate into AWS Certificate Manager (ACM). Associate the imported certificate with the ALB. Configure TLS connections to terminate at the ALB. Configure an AWS WAF web ACL. Associate the web ACL with the ALB.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by wa212 at March 30, 2024, 4:44 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
JoellaLi
Highly Voted 8 months, 2 weeks ago
Selected Answer: D
ACM certificates are supported by the following services: • Elastic Load Balancing To serve secure content over SSL/TLS, load balancers require that SSL/TLS certificates be installed on either the load balancer or the back-end Amazon EC2 instance. ACM is integrated with Elastic Load Balancing to deploy ACM certificates on the load balancer. • Amazon CloudFront To use an ACM certificate with CloudFront, make sure you request (or import) the certificate in the US East Region (us-east-1). • Amazon API Gateway With the proliferation of mobile devices and growth of the Internet of Things (IoT), it has become increasingly common to create APIs that can be used to access data and interact with back-end systems on AWS. • AWS Nitro Enclaves EC2 instances connected to Nitro Enclaves support ACM certificates. You cannot associate ACM certificates with an EC2 instance that is not connected to a Nitro Enclave.
upvoted 6 times
...
Spaurito
Most Recent 1 month, 2 weeks ago
D - You can import a certificate for use with ALB, CF, etc. If you need on your EC2 instances, you will need to import to them as well, but they can be used. Do this on a regular basis it seems.
upvoted 1 times
...
VerRi
2 months, 3 weeks ago
Selected Answer: D
You cannot use ACM's cert between EC2 and ALB.
upvoted 1 times
Spaurito
1 month, 2 weeks ago
You can get a Public cert, install on EC2 instances, import into ACM, and associate it to other resources. It's just not an AWS provided certificate.
upvoted 1 times
...
...
Blitz1
5 months, 1 week ago
Selected Answer: D
The debate is between B and D ...(because the question is actually saying that ALB is already used -> NLB is excluded from the beginning) Even if ACM is more easier to use ( i mean you don't need to go to a third party provider) when reading B answer it is saying : "Configure AWS Certificate Manager (ACM) certificates for the communication between the ALB and the EC2 instances." You cannot use ACM for communication between ALB and EC2. Actually in the target group you can specify protocol and port and the instances associated but there is no field where to specify which certificate to use. Also in (B) it is not saying to configure the certificates in EC2 which is wrong as well. The ACM is used for ALB and in the listener part you have the default certificate and the SNIs under certificates tab. Therefore D is the correct answer.
upvoted 3 times
...
hedglin
5 months, 3 weeks ago
B is correct. D is wrong, because this option involves using a third-party certificate, which adds complexity without providing any clear benefits over using ACM directly for certificate management. Terminating TLS at the ALB and applying the WAF ACL at the ALB level is correct, but the ALB's integration with ACM simplifies the process.
upvoted 1 times
hedglin
2 months, 3 weeks ago
Sorry, D is correct. You cannot directly use AWS ACM (Certificate Manager) for communication between an Application Load Balancer (ALB) and an EC2 instance.
upvoted 1 times
...
...
KobDragoon
8 months, 3 weeks ago
Selected Answer: B
WAF for security and ACM managed certificate for TLS encryptions. B looks fine to me
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago