Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 123 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 123
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has a dynamic web application hosted on two Amazon EC2 instances. The company has its own SSL certificate, which is on each instance to perform SSL termination.
There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit.
What should a solutions architect do to increase the application's performance?

  • A. Create a new SSL certificate using AWS Certificate Manager (ACM). Install the ACM certificate on each instance.
  • B. Create an Amazon S3 bucket Migrate the SSL certificate to the S3 bucket. Configure the EC2 instances to reference the bucket for SSL termination.
  • C. Create another EC2 instance as a proxy server. Migrate the SSL certificate to the new instance and configure it to direct connections to the existing EC2 instances.
  • D. Import the SSL certificate into AWS Certificate Manager (ACM). Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by 123jhl0 at Oct. 19, 2022, 9:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
123jhl0
Highly Voted 2 years, 1 month ago
Selected Answer: D
This issue is solved by SSL offloading, i.e. by moving the SSL termination task to the ALB. https://aws.amazon.com/blogs/aws/elastic-load-balancer-support-for-ssl-termination/
upvoted 22 times
...
Buruguduystunstugudunstuy
Highly Voted 1 year, 10 months ago
Selected Answer: D
The correct answer is D. To increase the application's performance, the solutions architect should import the SSL certificate into AWS Certificate Manager (ACM) and create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM. An Application Load Balancer (ALB) can offload the SSL termination process from the EC2 instances, which can help to increase the compute capacity available for the web application. By creating an ALB with an HTTPS listener and using the SSL certificate from ACM, the ALB can handle the SSL termination process, leaving the EC2 instances free to focus on running the web application.
upvoted 12 times
...
PaulGa
Most Recent 2 months ago
Ans D - well explained by Buruguduystunstugudunstuy (1yr, 8mth): "To increase the application's performance, the solutions architect should import the SSL certificate into AWS Certificate Manager (ACM) and create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM. An Application Load Balancer (ALB) can offload the SSL termination process from the EC2 instances, which can help to increase the compute capacity available for the web application. By creating an ALB with an HTTPS listener and using the SSL certificate from ACM, the ALB can handle the SSL termination process, leaving the EC2 instances free to focus on running the web application."
upvoted 2 times
...
jaradat02
4 months ago
Selected Answer: D
D is the correct answer.
upvoted 1 times
...
Ruffyit
1 year ago
This issue is solved by SSL offloading, i.e. by moving the SSL termination task to the ALB. https://aws.amazon.com/blogs/aws/elastic-load-balancer-support-for-ssl-termination
upvoted 4 times
...
Guru4Cloud
1 year, 3 months ago
Selected Answer: D
The key reasons are: Using an Application Load Balancer with an HTTPS listener allows SSL termination to happen at the load balancer layer. The EC2 instances behind the load balancer receive only unencrypted traffic, reducing load on them. Importing the custom SSL certificate into ACM allows the ALB to use it for HTTPS listeners. This removes the need to install and manage SSL certificates on each EC2 instance. ALB handles the SSL overhead and scales automatically. The EC2 fleet focuses on app logic. Options A, B, C don't offload SSL overhead from the EC2 instances themselves.
upvoted 3 times
...
cookieMr
1 year, 5 months ago
Selected Answer: D
By using ACM to manage the SSL certificate and configuring an ALB with HTTPS listener, the SSL termination will be handled by the load balancer instead of the web servers. This offloading of SSL processing to the ALB reduces the compute capacity burden on the web servers and improves their performance by allowing them to focus on serving the dynamic web application. Option A suggests creating a new SSL certificate using ACM, but it does not address the SSL termination offloading and load balancing capabilities provided by an ALB. Option B suggests migrating the SSL certificate to an S3 bucket, but this approach does not provide the necessary SSL termination and load balancing functionalities. Option C suggests creating another EC2 instance as a proxy server, but this adds unnecessary complexity and management overhead without leveraging the benefits of ALB's built-in load balancing and SSL termination capabilities. Therefore, option D is the most suitable choice to increase the application's performance in this scenario.
upvoted 3 times
...
dejung
1 year, 9 months ago
Selected Answer: A
Why is A wrong?
upvoted 2 times
Yadav_Sanjay
1 year, 6 months ago
Company uses its own SSL certificate. Option A says.. Create a SSL certificate in ACM
upvoted 3 times
...
xdkonorek2
1 year ago
ec2 instances still would be responsible for decrypting traffic and it wouldn't solve load issue
upvoted 2 times
...
...
remand
1 year, 10 months ago
Selected Answer: D
SSL termination is the process of ending an SSL/TLS connection. This is typically done by a device, such as a load balancer or a reverse proxy, that is positioned in front of one or more web servers. The device decrypts incoming SSL/TLS traffic and then forwards the unencrypted request to the web server. This allows the web server to process the request without the overhead of decrypting and encrypting the traffic. The device then re-encrypts the response from the web server and sends it back to the client. This allows the device to offload the SSL/TLS processing from the web servers and also allows for features such as SSL offloading, SSL bridging, and SSL acceleration.
upvoted 5 times
...
career360guru
1 year, 11 months ago
Selected Answer: D
Option D to offload the SSL encryption workload
upvoted 2 times
...
Aamee
1 year, 11 months ago
Selected Answer: D
Due to this statement particularly: "The company has its own SSL certificate" as it's not created from AWS ACM itself.
upvoted 1 times
...
Wpcorgan
2 years ago
D is correct
upvoted 1 times
...
Six_Fingered_Jose
2 years ago
Selected Answer: D
agree with D
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel