ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 28 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 28
Topic #: 1
[All AWS Certified Security - Specialty Questions]

The Information Technology department has stopped using Classic Load Balancers and switched to Application Load Balancers to save costs. After the switch, some users on older devices are no longer able to connect to the website.
What is causing this situation?

  • A. Application Load Balancers do not support older web browsers.
  • B. The Perfect Forward Secrecy settings are not configured correctly.
  • C. The intermediate certificate is installed within the Application Load Balancer.
  • D. The cipher suites on the Application Load Balancers are blocking connections.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by sensor at July 4, 2019, 9:46 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Madura
Highly Voted 3 years, 7 months ago
Answer should be D. Classic load balancers support some of the legacy cipher suites. Given that some of the users are having problems could mean that legacy cipher suites have been deprecated in ALBs.
upvoted 41 times
...
polo
Highly Voted 3 years, 7 months ago
D...the aws document states something about disabling TLS if you want to support legacy clients https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
upvoted 9 times
rocka1
3 years, 6 months ago
There is a statement in that link that validates your answer; * Do not use this policy unless you must support a legacy client that requires the DES-CBC3-SHA cipher, which is a weak cipher
upvoted 5 times
...
...
shammous
Most Recent 5 months, 4 weeks ago
Selected Answer: D
Application Load Balancers support only a specific set of TLS cipher suites. Many older browsers and devices can only communicate using outdated or less secure cipher suites, which ALBs now block for security purposes. This mismatch prevents these older systems from establishing a secure connection, leading to issues for users on those devices.
upvoted 1 times
...
dcyberguy
1 year, 9 months ago
Selected Answer: B
Answer should be B. Hear me out. What is DDOS? it floods traffic to the targeted online resources. That is where an Application Load balancer comes in, to redistribute the load, in the event of a DDoS attack, your site will not be down and will continue to function normally, most especially when the workload is distributed between two EC2 Instances.
upvoted 1 times
dcyberguy
1 year, 9 months ago
A huge mistake.... not for this question.
upvoted 5 times
...
...
Green53
1 year, 10 months ago
Selected Answer: D
C is rubbish, unsure how an intermediate certificate (installed via ACM, not via ALB) would cause some browsers not to work. D is much more likely
upvoted 2 times
...
Robert0
1 year, 10 months ago
Selected Answer: D
D: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
upvoted 1 times
...
matrpro
1 year, 12 months ago
Selected Answer: C
C is the correct one: "Follow the procedure to create a trail that applies to all Regions. A trail that applies to all Regions delivers log files from all Regions to an S3 bucket. After you create the trail, AWS CloudTrail automatically starts logging the events that you specified"
upvoted 1 times
Robert0
1 year, 10 months ago
haha not this question
upvoted 1 times
...
...
janvandermerwer
2 years, 5 months ago
Likely historical ciphers misbehaving.
upvoted 1 times
...
MBPP
2 years, 8 months ago
D. ALB may not support legacy ciphers.
upvoted 1 times
...
sapien45
2 years, 9 months ago
Selected Answer: D
You can use one of the ELBSecurityPolicy-TLS policies to meet compliance and security standards that require disabling certain TLS protocol versions, or to support legacy clients that require deprecated ciphers. Only a small percentage of internet clients require TLS version 1.0. To view the TLS protocol version for requests to your load balancer, enable access logging for your load balancer and examine the access logs.
upvoted 1 times
...
Radhaghosh
3 years, 2 months ago
D. The cipher suites on the Application Load Balancers are blocking connections.
upvoted 1 times
...
awscerti
3 years, 5 months ago
D seems to be correct! Client on legacy ciphers can fail.
upvoted 2 times
DahMac
3 years, 5 months ago
When in doubt, pick D
upvoted 1 times
...
...
Mikeclue
3 years, 5 months ago
Answer is D:
upvoted 2 times
...
devjava
3 years, 6 months ago
Ans > D
upvoted 2 times
...
AfricanCloudGuru
3 years, 6 months ago
Ans (D)
upvoted 3 times
...
satbim
3 years, 6 months ago
D is the correct answer..
upvoted 2 times
...
enthuguys
3 years, 6 months ago
I wasnt sure, but D make sense
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago