ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 94 discussion

Exam question from Amazon's ANS-C00
Question #: 94
Topic #: 1
[All ANS-C00 Questions]

A company has a hybrid IT architecture with two AWS Direct Connect connections to provide high availability. The services hosted on-premises are accessible using public IPs, and are also on the 172.16.0.0/16 range. The AWS resources are on the 192.168.0.0/18 range. The company wants to use Amazon Elastic Load
Balancing for SSL offloading, health checks, and sticky sessions.
What should be done to meet these requirements?

  • A. Create a Network Load Balancer pointing to the on-premises server's private IP address.
  • B. Create an Amazon CloudFront distribution for the on-premises service and use the public IPs of the on-premises servers as the origin.
  • C. Create a Network Load Balancer pointing to the on-premises server's public IP address.
  • D. Create an Application Load Balancer pointing to the on-premises server's private IP address.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by pechung1206 at May 7, 2020, 8:57 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ITstudy
Highly Voted 3 years, 7 months ago
D Need to be perform SSL offload , session sticky,etc.,
upvoted 12 times
skjs
3 years, 7 months ago
Correct, NLB is not capable of sticky sessions
upvoted 5 times
...
SilverT
3 years, 7 months ago
Also ALB supports on-prem IP address targets. https://aws.amazon.com/blogs/aws/new-application-load-balancing-via-ip-address-to-aws-on-premises-resources/
upvoted 1 times
...
...
Serial_X25
Highly Voted 3 years, 6 months ago
Hi, all. I think it can`t be letter A, according to https://docs.aws.amazon.com/elasticloadbalancing/latest/network/elb-ng.pdf, page 38, we have that "Sticky sessions are not supported with TLS listeners and TLS target groups".
upvoted 7 times
eeghai7thioyaiR4
3 years, 6 months ago
Ha ! Thanks for that information I would have use A, because nothing says this is HTTP But as you say, sticky session on NLB are not supported with TLS .. So Ans: D
upvoted 1 times
...
...
nyy88
Most Recent 2 years, 7 months ago
Selected Answer: D
D is right
upvoted 1 times
...
Jazz888
3 years, 2 months ago
Hi All, NLB supports stickiness, however stickiness is not support if your target is TLS (If you are doing SSL offloading) Answer should be D
upvoted 1 times
...
StelSen
3 years, 5 months ago
NLB also supports SSL offlload, sticky session, health check (May be recently). A&D are correct as of now. But for exam perspective Ans could be D https://aws.amazon.com/blogs/aws/new-tls-termination-for-network-load-balancers/ https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#sticky-sessions https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-health-checks.html
upvoted 2 times
...
Ishu_awsguy
3 years, 5 months ago
I would rather go with A . NLB now supports sticky sessions. Why I am choosing it over ALB is the support for TCP UDP which might be needed in hybrid scenario. Secondly in hybrid scenarios private IP for DNS mappings might be very important or handy. So I prefer A over D if only 1 answer is to be given.
upvoted 2 times
...
student2020
3 years, 6 months ago
Answer is D: Sticky sessions are not supported with TLS listeners and TLS target groups. https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#sticky-sessions
upvoted 2 times
...
Gurnoor
3 years, 6 months ago
D - Is the answer as NLB does not support SSL offloading and sticky sessions.
upvoted 1 times
...
sensor
3 years, 6 months ago
The question is directed to 'target as ip address' and particulary private or public ip address -which one to use since both LBs (A/NLB) fullfill other reqs. Acc to article below, paragraph -ip, the RFC 6598 range (100.64.0.0/10) for targets located outside the load balancer’s VP(this includes Peered VPC, EC2-Classic, and on-premises targets reachable over Direct Connect or VPN) must be used: https://aws.amazon.com/blogs/aws/new-application-load-balancing-via-ip-address-to-aws-on-premises-resources/ This leads to C.
upvoted 1 times
Johnny_Green
3 years, 6 months ago
The entire paragraph from the above link is included here as follows: "ip – Targets are registered as IP addresses. You can use any IPv4 address from the load balancer’s VPC CIDR for targets within load balancer’s VPC and any IPv4 address from the RFC 1918 ranges (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) or the RFC 6598 range (100.64.0.0/10) for targets located outside the load balancer’s VPC (this includes Peered VPC, EC2-Classic, and on-premises targets reachable over Direct Connect or VPN)." After reading through the paragraph, I didn't get the impression that the RFC 6598 range (100.64.0.0/10) must be used. Rather, any IPv4 address from the RFC 1918 ranges (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) or the RFC 6598 range (100.64.0.0/10) can be used for targets located outside the load balancer’s VPC. As a result, I still believe the answer is D. Using on-premises server's public IP address seems to create unnecessary security concern.
upvoted 3 times
Johnny_Green
3 years, 6 months ago
As a matter of fact, it looks like you can't specify publicly routable IP addresses as target anyway.
upvoted 2 times
...
...
...
Johnny_Green
3 years, 6 months ago
The requirements are: SSL offloading, health checks, and sticky sessions. Answer D is a safer bet even though NLB now supports SSL offload, sticky session, and health check as well according to the link provided by r3bus76. Here is an example that shows AWS - SSL Offloading with an Application Load Balancer: https://infra.engineer/aws/36-aws-ssl-offloading-with-an-application-load-balancer
upvoted 4 times
...
FortiLeo
3 years, 6 months ago
If you compare the features using the official study guide that came out in 2018, the NLB did not support SSL offloading or sticky sessions. Therefore D should be the correct answer based on this version of the exam.
upvoted 1 times
certificatores
3 years, 6 months ago
answer D was the right answer in 2018. if NLB supports these features now, answer will be both A and D so it is impossible to eliminate the original answer of the question. so If D was already an answer, it can not be changed now unless the question asks for 2 answers. I will go with answer D for sure as everyone agrees that was the answer when the question was released.
upvoted 1 times
...
OKMAN
3 years, 6 months ago
AWS updating all answers per new released features.
upvoted 2 times
...
...
OKMAN
3 years, 7 months ago
Answer is A. You need to use TCP/IP over HTTP/HTTPS. Also NLB does support sticky sessions. https://aws.amazon.com/elasticloadbalancing/features/
upvoted 3 times
...
r3bus76
3 years, 7 months ago
A or D. Now NLB supports SSL offload, sticky session and health check. https://aws.amazon.com/elasticloadbalancing/features/?nc1=h_ls In the question is not explain what kind of services are hosted, so A for me is more corrects as answer.
upvoted 2 times
...
kvirk
3 years, 7 months ago
Ans is D
upvoted 2 times
...
pechung1206
3 years, 7 months ago
D. NLB cannot do sticky session - https://aws.amazon.com/elasticloadbalancing/features/
upvoted 3 times
JamesTR
3 years, 6 months ago
You link says that they do.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago