Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 1 Question 7 Discussion

A company is planning to create a service that requires encryption in transit. The traffic must not be decrypted between the client and the backend of the service. The company will implement the service by using the gRPC protocol over TCP port 443. The service will scale up to thousands of simultaneous connections. The backend of the service will be hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) duster with the Kubernetes Cluster Autoscaler and the Horizontal Pod Autoscaler configured. The company needs to use mutual TLS for two-way authentication between the client and the backend.Which solution will meet these requirements?
B) Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
A) Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
C) Create a target group. Add the EKS managed node group's Auto Scaling group as a target Create an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the target group.
D) Create a target group. Add the EKS managed node group's Auto Scaling group as a target. Create a Network Load Balancer with a TLS listener on port 443 to forward traffic to the target group.

Amazon ANS-C01 Exam - Topic 1 Question 7 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 7
Topic #: 1
[All ANS-C01 Questions]

A company is planning to create a service that requires encryption in transit. The traffic must not be decrypted between the client and the backend of the service. The company will implement the service by using the gRPC protocol over TCP port 443. The service will scale up to thousands of simultaneous connections. The backend of the service will be hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) duster with the Kubernetes Cluster Autoscaler and the Horizontal Pod Autoscaler configured. The company needs to use mutual TLS for two-way authentication between the client and the backend.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Elvera at Apr 01, 2023, 02:49 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ligia
7 months ago
D looks good for scaling with the target group setup!
upvoted 0 times
...
Olene
7 months ago
Wait, can a Network Load Balancer even handle mutual TLS?
upvoted 0 times
...
Louvenia
7 months ago
Mutual TLS? Definitely need an Application Load Balancer for that!
upvoted 0 times
...
Sheron
8 months ago
I think A is better for TCP connections.
upvoted 0 times
...
Stanford
8 months ago
Option B seems solid for HTTPS traffic.
upvoted 0 times
...
Tammara
8 months ago
I feel like the Network Load Balancer might be the right choice since it can handle TCP traffic directly, but I need to double-check the requirements for mutual TLS.
upvoted 0 times
...
Nilsa
8 months ago
I'm a bit confused about whether we need a TCP listener or an HTTPS listener for this setup. Does mutual TLS require specific configurations?
upvoted 0 times
...
Emerson
8 months ago
I think we practiced a similar question about load balancers in our last session, and I recall that the Application Load Balancer is more suited for HTTPS traffic.
upvoted 0 times
...
Tiera
8 months ago
I remember studying the differences between Network Load Balancers and Application Load Balancers, but I'm not sure which one is better for mutual TLS.
upvoted 0 times
...
Hester
8 months ago
I'm a bit unsure about some of the options here. I'll need to review my notes on composite sensors to make sure I don't miss anything important in my answer.
upvoted 0 times
...
Odette
8 months ago
This question seems familiar; I think we discussed how overhead allocation can impact profitability. I need to double-check my calculations to see which profit figures make the most sense here.
upvoted 0 times
...
Stevie
8 months ago
I'm pretty sure we discussed how observing sudden changes in lifestyle, like Elizabeth's purchases, could warrant further investigation.
upvoted 0 times
...
Herminia
8 months ago
I feel like Cisco's security approach applies to multiple types of networks, maybe all of them? Like, isn't it supposed to be comprehensive?
upvoted 0 times
...
Jesusita
8 months ago
From what I recall, High task; High relationship definitely involves coaching and support. I think that's the correct choice!
upvoted 0 times
...
Valentin
1 year ago
Wait, is this a trick question? What if the answer is actually a combination of options, like a Network Load Balancer with an HTTPS listener and an Application Load Balancer for the backend? Hmm, better think this through again.
upvoted 0 times
Yong
11 months ago
Erasmo: Let's carefully review the requirements and options before making a decision.
upvoted 0 times
...
Lindsey
12 months ago
User 3: That could work, we need to make sure the traffic is secure and encrypted.
upvoted 0 times
...
Erasmo
1 year ago
User 2: Maybe we should consider using both a Network Load Balancer and an Application Load Balancer.
upvoted 0 times
...
Casey
1 year ago
User 1: I think the answer might be a combination of options.
upvoted 0 times
...
...
Florinda
1 year ago
I'm a big fan of the Network Load Balancer, so I'm leaning towards option D as well. Gotta love those TLS listeners!
upvoted 0 times
Josephine
12 months ago
Definitely, option D provides the encryption needed for secure communication between the client and backend.
upvoted 0 times
...
Amalia
12 months ago
I agree, Network Load Balancer with a TLS listener seems like the best choice for this scenario.
upvoted 0 times
...
Aleta
1 year ago
Option D sounds like the way to go. TLS listeners are great for encryption.
upvoted 0 times
...
...
Johanna
1 year ago
Haha, I bet the person who wrote this question loves to see us struggle with the differences between ALB and NLB. But I'm going with option D - a Network Load Balancer with a TLS listener seems like the right fit.
upvoted 0 times
Farrah
1 year ago
Definitely, using mutual TLS for two-way authentication is crucial for security in this scenario.
upvoted 0 times
...
Novella
1 year ago
Yeah, I think so too. It's important to make sure the traffic remains encrypted between the client and backend.
upvoted 0 times
...
Carli
1 year ago
I agree, option D with a Network Load Balancer and TLS listener seems like the best choice.
upvoted 0 times
...
...
Wilbert
1 year ago
This is a tricky one. I'm not sure about the performance implications of using an Application Load Balancer versus a Network Load Balancer. Let me think this through a bit more.
upvoted 0 times
Socorro
11 months ago
D) Mutual TLS might work better with a Network Load Balancer. Consider that option as well.
upvoted 0 times
...
Bernadine
11 months ago
C) Create a target group. Add the EKS managed node group's Auto Scaling group as a target. Create an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the target group.
upvoted 0 times
...
Serita
12 months ago
B) I think using a Network Load Balancer might be more suitable for this scenario.
upvoted 0 times
...
Brianne
12 months ago
A) Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
upvoted 0 times
...
Shawnna
12 months ago
D: True, but we also need to consider the mutual TLS authentication requirement.
upvoted 0 times
...
Johnetta
1 year ago
C: But option C with an Application Load Balancer might provide more features for HTTPS traffic.
upvoted 0 times
...
Cletus
1 year ago
B: I agree, Network Load Balancer could handle the traffic better.
upvoted 0 times
...
Nichelle
1 year ago
B: I agree, that seems like the best choice for our requirements.
upvoted 0 times
...
Rosendo
1 year ago
A: I think option A with a Network Load Balancer might be better for performance.
upvoted 0 times
...
Dylan
1 year ago
A: I think we should go with option A and use a Network Load Balancer.
upvoted 0 times
...
...
Jamal
1 year ago
But option C also seems viable, it utilizes an Application Load Balancer with an HTTPS listener and adds the EKS managed node group's Auto Scaling group as a target.
upvoted 0 times
...
Iraida
1 year ago
Hmm, this seems straightforward. I think option B is the way to go - using an Application Load Balancer with an HTTPS listener to handle the mutual TLS requirement.
upvoted 0 times
...
Elza
1 year ago
I disagree, I believe option B is better as it uses an Application Load Balancer with an HTTPS listener for secure communication.
upvoted 0 times
...
Jamal
1 year ago
I think option A is the best solution because it uses a Network Load Balancer with a TCP listener on port 443.
upvoted 0 times
...

Save Cancel