Ends in

SALE! Extra $2 OFF our Practice Test + eBook Bundles. Valid until May 19, 2021 6PM UTC+8

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Practice Question Set 2 – Category: SEC – Infrastructure Security

  • Practice Question Set 2 – Category: SEC – Infrastructure Security

  • robin-cher

    February 27, 2021 at 2:41 pm


    I have some doubts with this question and its answers.

    A new security policy mandates that all communications between the company’s on-premises application servers and Amazon EC2 instances be encrypted in transit. The servers use custom proprietary protocols for their communication, and the EC2 instances must be placed behind a load balancer to improve availability and scalability.

    The correct answer is: Offload the SSL termination to an SSL listener on a Classic Load Balancer (CLB). Use a TCP connection between the CLB and the EC2 instances.

    The option that says (Which i picked): Route all of the traffic throughout a TCP listener on a Classic Load Balancer (CLB). Terminate the TLS connection on the Amazon EC2 instances is incorrect because if you have a TCP listener on a CLB then the SSL termination is on the load balancer, not on the underlying EC2 instances.

    May i know why the correct answer is offloading SSL termination at the CLB? If that the case, the transmission between CLB –> EC2 instances will not be encrypted. Wouldn’t it fix the use case if we do a pass through via CLB, and allows the EC2 to offload the SSL instead?

    I use AWS at a time where NLB is taking over CLB, so do correct me if i am wrong.

  • Carlo-TutorialsDojo

    March 1, 2021 at 6:12 pm

    Hello robin,

    Thanks for your feedback.

    I agree. The question is all about end-to-end encryption. This can be done by configuring TCP passthrough on the CLB (set TCP as listener instead of HTTPS.)

    We will correct this item.



Log in to reply.

Original Post
0 of 0 posts June 2018