Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 28 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 28
Topic #: 1
[All AWS Certified Security - Specialty Questions]

The Information Technology department has stopped using Classic Load Balancers and switched to Application Load Balancers to save costs. After the switch, some users on older devices are no longer able to connect to the website.
What is causing this situation?

  • A. Application Load Balancers do not support older web browsers.
  • B. The Perfect Forward Secrecy settings are not configured correctly.
  • C. The intermediate certificate is installed within the Application Load Balancer.
  • D. The cipher suites on the Application Load Balancers are blocking connections.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by sensor at July 4, 2019, 9:46 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Madura
Highly Voted 3 years, 1 month ago
Answer should be D. Classic load balancers support some of the legacy cipher suites. Given that some of the users are having problems could mean that legacy cipher suites have been deprecated in ALBs.
upvoted 41 times
...
polo
Highly Voted 3 years, 1 month ago
D...the aws document states something about disabling TLS if you want to support legacy clients https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
upvoted 9 times
rocka1
3 years ago
There is a statement in that link that validates your answer; * Do not use this policy unless you must support a legacy client that requires the DES-CBC3-SHA cipher, which is a weak cipher
upvoted 5 times
...
...
shammous
Most Recent 2 weeks, 1 day ago
Selected Answer: D
Application Load Balancers support only a specific set of TLS cipher suites. Many older browsers and devices can only communicate using outdated or less secure cipher suites, which ALBs now block for security purposes. This mismatch prevents these older systems from establishing a secure connection, leading to issues for users on those devices.
upvoted 1 times
...
dcyberguy
1 year, 4 months ago
Selected Answer: B
Answer should be B. Hear me out. What is DDOS? it floods traffic to the targeted online resources. That is where an Application Load balancer comes in, to redistribute the load, in the event of a DDoS attack, your site will not be down and will continue to function normally, most especially when the workload is distributed between two EC2 Instances.
upvoted 1 times
dcyberguy
1 year, 4 months ago
A huge mistake.... not for this question.
upvoted 5 times
...
...
Green53
1 year, 4 months ago
Selected Answer: D
C is rubbish, unsure how an intermediate certificate (installed via ACM, not via ALB) would cause some browsers not to work. D is much more likely
upvoted 2 times
...
Robert0
1 year, 5 months ago
Selected Answer: D
D: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
upvoted 1 times
...
matrpro
1 year, 6 months ago
Selected Answer: C
C is the correct one: "Follow the procedure to create a trail that applies to all Regions. A trail that applies to all Regions delivers log files from all Regions to an S3 bucket. After you create the trail, AWS CloudTrail automatically starts logging the events that you specified"
upvoted 1 times
Robert0
1 year, 5 months ago
haha not this question
upvoted 1 times
...
...
janvandermerwer
2 years ago
Likely historical ciphers misbehaving.
upvoted 1 times
...
MBPP
2 years, 3 months ago
D. ALB may not support legacy ciphers.
upvoted 1 times
...
sapien45
2 years, 3 months ago
Selected Answer: D
You can use one of the ELBSecurityPolicy-TLS policies to meet compliance and security standards that require disabling certain TLS protocol versions, or to support legacy clients that require deprecated ciphers. Only a small percentage of internet clients require TLS version 1.0. To view the TLS protocol version for requests to your load balancer, enable access logging for your load balancer and examine the access logs.
upvoted 1 times
...
Radhaghosh
2 years, 9 months ago
D. The cipher suites on the Application Load Balancers are blocking connections.
upvoted 1 times
...
awscerti
3 years ago
D seems to be correct! Client on legacy ciphers can fail.
upvoted 2 times
DahMac
3 years ago
When in doubt, pick D
upvoted 1 times
...
...
Mikeclue
3 years ago
Answer is D:
upvoted 2 times
...
devjava
3 years, 1 month ago
Ans > D
upvoted 2 times
...
AfricanCloudGuru
3 years, 1 month ago
Ans (D)
upvoted 3 times
...
satbim
3 years, 1 month ago
D is the correct answer..
upvoted 2 times
...
enthuguys
3 years, 1 month ago
I wasnt sure, but D make sense
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel