Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

$2 OFF ALL AWS, Azure, Google Cloud & Kubernetes Practice Exams!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Advanced Networking – Specialty ELB END TO END ENCRYPTION

  • jacky-shu

    Member
    September 25, 2020 at 4:55 am

    Category: ANS – Design and Implement for Security and Compliance

    Q: A company has recently adopted a hybrid cloud architecture to extend the capabilities of its legacy applications. The on-premises data center is connected to the company’s Amazon VPC via an AWS Direct Connect connection. The Network Administrator has been tasked to ensure that all communications between the new Amazon EC2 instances of its VPC and the company’s on-premises application servers be encrypted in transit. The new instances must also use a load balancer to improve the scalability and availability of the architecture. The legacy on-premises servers only use custom proprietary protocols for secure communication.

    Which of the following must the Administrator do to fulfill the above requirements?

    A: Launch a Classic Load Balancer (CLB) and set up an SSL listener to offload the SSL termination. Use a TCP connection between the Amazon EC2 instances and the CLB.

    B: Launch an Application Load Balancer (ALB) with an SSL listener to offload SSL termination. Re-spawn the SSL connection between the Amazon EC2 instances and the ALB.

    C: Launch a new Classic Load Balancer (CLB) with a TCP listener. Route all of the traffic through the CLB and terminate the TLS connection on the Amazon EC2 instances.

    D: Launch a new Application Load Balancer (ALB) with an HTTPS listener. Route all of the network communication through the ALB to encrypt the data in transit to and from the on-premises servers.

    The suggested answer is A, but I think it should be C. The requirement is “all communications between the new Amazon EC2 instances of its VPC and the company’s on-premises application servers be encrypted in transit”, so it shouldn’t offload encryption on ELB. Instead use TCP listener to bypass ELB and end encryption on instances.

  • Jon-Bonso

    Administrator
    September 25, 2020 at 9:51 am

    Thanks, Jacky for bringing this up to our attention.

    It seems that the answer key and the rationale for Option A and Option C were switched. We will rectify this issue immediately to avoid any further misunderstanding.

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!

    Regards,

    Jon Bonso @ Tutorials Dojo

    • JD88

      Member
      November 25, 2020 at 12:30 pm

      HI Jon, the similar is also marked wrong in your Security practice exam – Time based Set 2. Please check it. Thanks.

      “A new security policy mandates that all communications between the company’s on-prem app servers and EC2 instances be encrypted in transit. servers use custom proprietary protocols for their communication, and the EC2 instances must be placed behind a LB to improve availability and scalability. Which of the following will satisfy the above requirements? ….”

      • Gerome-TutorialsDojo

        Member
        November 26, 2020 at 8:37 am

        Hello JD88,

        Thank you for the feedback.

        Can you provide a screenshot for the question and explanation, so we can further investigate this problem?

        Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!

        Regards,

        Gerome @ Tutorials Dojo

  • jacky-shu

    Member
    September 26, 2020 at 1:09 am

    Awesome. Thanks!

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now