Ends in

ALL AWS Specialty Practice Exams for only $17.99 $13.99 each!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Practice Question Set 2 – Category: SEC – Infrastructure Security

  • Practice Question Set 2 – Category: SEC – Infrastructure Security

  • robin-cher

    February 27, 2021 at 2:41 pm


    I have some doubts with this question and its answers.

    A new security policy mandates that all communications between the company’s on-premises application servers and Amazon EC2 instances be encrypted in transit. The servers use custom proprietary protocols for their communication, and the EC2 instances must be placed behind a load balancer to improve availability and scalability.

    The correct answer is: Offload the SSL termination to an SSL listener on a Classic Load Balancer (CLB). Use a TCP connection between the CLB and the EC2 instances.

    The option that says (Which i picked): Route all of the traffic throughout a TCP listener on a Classic Load Balancer (CLB). Terminate the TLS connection on the Amazon EC2 instances is incorrect because if you have a TCP listener on a CLB then the SSL termination is on the load balancer, not on the underlying EC2 instances.

    May i know why the correct answer is offloading SSL termination at the CLB? If that the case, the transmission between CLB –> EC2 instances will not be encrypted. Wouldn’t it fix the use case if we do a pass through via CLB, and allows the EC2 to offload the SSL instead?

    I use AWS at a time where NLB is taking over CLB, so do correct me if i am wrong.

  • Carlo-TutorialsDojo

    March 1, 2021 at 6:12 pm

    Hello robin,

    Thanks for your feedback.

    I agree. The question is all about end-to-end encryption. This can be done by configuring TCP passthrough on the CLB (set TCP as listener instead of HTTPS.)

    We will correct this item.



Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018