MemberFebruary 27, 2021 at 2:41 pm
I have some doubts with this question and its answers.
A new security policy mandates that all communications between the company’s on-premises application servers and Amazon EC2 instances be encrypted in transit. The servers use custom proprietary protocols for their communication, and the EC2 instances must be placed behind a load balancer to improve availability and scalability.
The correct answer is: Offload the SSL termination to an SSL listener on a Classic Load Balancer (CLB). Use a TCP connection between the CLB and the EC2 instances.
The option that says (Which i picked): Route all of the traffic throughout a TCP listener on a Classic Load Balancer (CLB). Terminate the TLS connection on the Amazon EC2 instances is incorrect because if you have a TCP listener on a CLB then the SSL termination is on the load balancer, not on the underlying EC2 instances.
May i know why the correct answer is offloading SSL termination at the CLB? If that the case, the transmission between CLB –> EC2 instances will not be encrypted. Wouldn’t it fix the use case if we do a pass through via CLB, and allows the EC2 to offload the SSL instead?
I use AWS at a time where NLB is taking over CLB, so do correct me if i am wrong.
AdministratorMarch 1, 2021 at 6:12 pm
Thanks for your feedback.
I agree. The question is all about end-to-end encryption. This can be done by configuring TCP passthrough on the CLB (set TCP as listener instead of HTTPS.)
We will correct this item.
- This reply was modified 2 years, 11 months ago by Carlo-TutorialsDojo.
Log in to reply.