Home › Forums › AWS › AWS Certified Advanced Networking – Specialty › ELB END TO END ENCRYPTION
-
Category: ANS – Design and Implement for Security and Compliance
Q: A company has recently adopted a hybrid cloud architecture to extend the capabilities of its legacy applications. The on-premises data center is connected to the company’s Amazon VPC via an AWS Direct Connect connection. The Network Administrator has been tasked to ensure that all communications between the new Amazon EC2 instances of its VPC and the company’s on-premises application servers be encrypted in transit. The new instances must also use a load balancer to improve the scalability and availability of the architecture. The legacy on-premises servers only use custom proprietary protocols for secure communication.
Which of the following must the Administrator do to fulfill the above requirements?
A: Launch a Classic Load Balancer (CLB) and set up an SSL listener to offload the SSL termination. Use a TCP connection between the Amazon EC2 instances and the CLB.
B: Launch an Application Load Balancer (ALB) with an SSL listener to offload SSL termination. Re-spawn the SSL connection between the Amazon EC2 instances and the ALB.
C: Launch a new Classic Load Balancer (CLB) with a TCP listener. Route all of the traffic through the CLB and terminate the TLS connection on the Amazon EC2 instances.
D: Launch a new Application Load Balancer (ALB) with an HTTPS listener. Route all of the network communication through the ALB to encrypt the data in transit to and from the on-premises servers.
The suggested answer is A, but I think it should be C. The requirement is “all communications between the new Amazon EC2 instances of its VPC and the company’s on-premises application servers be encrypted in transit”, so it shouldn’t offload encryption on ELB. Instead use TCP listener to bypass ELB and end encryption on instances.
-
Thanks, Jacky for bringing this up to our attention.
It seems that the answer key and the rationale for Option A and Option C were switched. We will rectify this issue immediately to avoid any further misunderstanding.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!
Regards,
Jon Bonso @ Tutorials Dojo
-
HI Jon, the similar is also marked wrong in your Security practice exam – Time based Set 2. Please check it. Thanks.
“A new security policy mandates that all communications between the company’s on-prem app servers and EC2 instances be encrypted in transit. servers use custom proprietary protocols for their communication, and the EC2 instances must be placed behind a LB to improve availability and scalability. Which of the following will satisfy the above requirements? ….”
-
Hello JD88,
Thank you for the feedback.
Can you provide a screenshot for the question and explanation, so we can further investigate this problem?
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!
Regards,
Gerome @ Tutorials Dojo
-
-
Log in to reply.