Home › Forums › AWS › AWS Certified Security – Specialty › Practice Question Set 2 – Category: SEC – Infrastructure Security
-
Practice Question Set 2 – Category: SEC – Infrastructure Security
Carlo-TutorialsDojo updated 3 years, 9 months ago 2 Members · 2 Posts -
Hi,
I have some doubts with this question and its answers.
A new security policy mandates that all communications between the company’s on-premises application servers and Amazon EC2 instances be encrypted in transit. The servers use custom proprietary protocols for their communication, and the EC2 instances must be placed behind a load balancer to improve availability and scalability.
The correct answer is: Offload the SSL termination to an SSL listener on a Classic Load Balancer (CLB). Use a TCP connection between the CLB and the EC2 instances.
The option that says (Which i picked): Route all of the traffic throughout a TCP listener on a Classic Load Balancer (CLB). Terminate the TLS connection on the Amazon EC2 instances is incorrect because if you have a TCP listener on a CLB then the SSL termination is on the load balancer, not on the underlying EC2 instances.
May i know why the correct answer is offloading SSL termination at the CLB? If that the case, the transmission between CLB –> EC2 instances will not be encrypted. Wouldn’t it fix the use case if we do a pass through via CLB, and allows the EC2 to offload the SSL instead?
I use AWS at a time where NLB is taking over CLB, so do correct me if i am wrong.
-
Hello robin,
Thanks for your feedback.
I agree. The question is all about end-to-end encryption. This can be done by configuring TCP passthrough on the CLB (set TCP as listener instead of HTTPS.)
We will correct this item.
Regards,
Carlo
- This reply was modified 3 years, 9 months ago by Carlo-TutorialsDojo.
Log in to reply.