Amazon ANS-C01 Exam - Topic 2 Question 38 Discussion

Actual exam question for Amazon's ANS-C01 exam

Question #: 38
Topic #: 2

A company is migrating an existing application to a new AWS account. The company will deploy the application in a single AWS Region by using one VPC and multiple Availability Zones. The application will run on Amazon EC2 instances. Each Availability Zone will have several EC2 instances. The EC2 instances will be deployed in private subnets.

The company's clients will connect to the application by using a web browser with the HTTPS protocol. Inbound connections must be distributed across the Availability Zones and EC2 instances. All connections from the same client session must be connected to the same EC2 instance. The company must provide end-to-end encryption for all connections between the clients and the application by using the application SSL certificate.

Which solution will meet these requirements?

ACreate a Network Load Balancer. Create a target group. Set the protocol to TCP and the port to 443 for the target group. Turn on session affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TCP and the port to 443 for the listener. Deploy SSL certificates to the EC2 instances.

BCreate an Application Load Balancer. Create a target group. Set the protocol to HTTP and the port to 80 for the target group. Turn on session affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTPS listener. Set the default action to forward to the target group. Use AWS Certificate Manager (ACM) to create a certificate for the listener.

CCreate a Network Load Balancer. Create a target group. Set the protocol to TLS and the port to 443 for the target group. Turn on session affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TLS and the port to 443 for the listener. Use AWS Certificate Manager (ACM) to create a certificate for the application.

DCreate an Application Load Balancer. Create a target group. Set the protocol to HTTPS and the port to 443 for the target group. Turn on session affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTP listener. Set the port to 443 for the listener. Set the default action to forward to the target group.

Show Suggested Answer

Suggested Answer: A

by Arthur at Sep 16, 2024, 06:19 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Raina

3 months ago

Isn't TLS just another name for SSL? Confusing!

upvoted 0 times

...

Teddy

3 months ago

I agree, sticky sessions are a must for this setup!

upvoted 0 times

...

Samuel

3 months ago

Wait, why would you use HTTP in option B? That doesn't make sense.

upvoted 0 times

...

Cyril

4 months ago

I think D is the best choice for HTTPS traffic.

upvoted 0 times

...

Lindsey

4 months ago

Option B seems solid with the Application Load Balancer.

upvoted 0 times

...

Jacquline

4 months ago

I feel like option D might be the right choice, but I’m confused about the listener settings. Shouldn't it be HTTPS instead of HTTP?

upvoted 0 times

...

Jeannine

4 months ago

I practiced a similar question where we had to choose between ALB and NLB, and I think ALB is the way to go for SSL termination.

upvoted 0 times

...

Lavonna

4 months ago

I'm not entirely sure, but I think the Network Load Balancer is more suited for TCP traffic, right?

upvoted 0 times

...

Mendy

5 months ago

I remember we discussed the importance of using an Application Load Balancer for HTTP/HTTPS traffic, especially with session affinity.

upvoted 0 times

...

Sharmaine

5 months ago

I'm not entirely sure about this one. I'll need to carefully read through the requirements again and think through the pros and cons of each option.

upvoted 0 times

...

Frank

5 months ago

Okay, I've got a strategy. I'll focus on the requirements of end-to-end encryption and session affinity. That should help me narrow down the right solution.

upvoted 0 times

...

Taryn

5 months ago

I'm a bit confused by the different load balancer options. I'll need to review the differences between Network Load Balancer and Application Load Balancer to determine the best fit.

upvoted 0 times

...

Nina

5 months ago

This looks like a tricky question, but I think I can tackle it. The key is to identify the right load balancer type and configure it properly to meet the requirements.

upvoted 0 times

...

Nydia

5 months ago

This seems straightforward. I'd go with Option C - create a Network Load Balancer with TLS protocol and use ACM to handle the SSL certificates.

upvoted 0 times

...

Nan

5 months ago

This is a good question. I'm pretty confident that the answer is either A or B, as those options seem to be the most relevant to the task of gathering logs from a managed device. I'll need to carefully consider the differences between OS-based targeted logging and device-side logging to determine which one is the best approach.

upvoted 0 times

...

Lang

1 year ago

Haha, Option A with TCP protocol and SSL certs on EC2 instances? That's a bit old-school, don't you think?

upvoted 0 times

...

Vannessa

1 year ago

Hmm, Option B seems a bit off. Using HTTP protocol and then relying on ACM for HTTPS listener? Doesn't sound right to me.

upvoted 0 times

Horace

1 year ago

D: I think Option A is the way to go. It ensures that all connections are encrypted and distributed across the Availability Zones and EC2 instances.

upvoted 0 times

...

Brinda

1 year ago

C: Option A looks like a better fit. Creating a Network Load Balancer with TCP protocol and deploying SSL certificates to the EC2 instances seems more secure.

upvoted 0 times

...

Santos

1 year ago

B: Yeah, I agree. It might not provide the end-to-end encryption needed for the connections between clients and the application.

upvoted 0 times

...

Yesenia

1 year ago

A: Option B does seem a bit strange. Using HTTP for the protocol and then relying on ACM for HTTPS doesn't sound like the best approach.

upvoted 0 times

...

Merri

1 year ago

I'd go with Option D. Using an Application Load Balancer with HTTPS protocol and session affinity should handle the client connections and encryption requirements.

upvoted 0 times

Zana

1 year ago

Yeah, using HTTPS protocol and session affinity will definitely help with managing client connections and ensuring encryption.

upvoted 0 times

...

Maryann

1 year ago

I agree, Option D with an Application Load Balancer seems like the most suitable solution for this scenario.

upvoted 0 times

...

Ma

1 year ago

Option D sounds like the best choice. It covers both the client connection distribution and encryption.

upvoted 0 times

...

Daniela

1 year ago

Hmm, you make a good point. Option B does seem to meet all the requirements for distributing connections and providing end-to-end encryption. I might reconsider my choice.

upvoted 0 times

...

Louvenia

1 year ago

I disagree, I believe option B is the correct choice. It uses an Application Load Balancer with HTTPS listener and AWS Certificate Manager for SSL certificates.

upvoted 0 times

...

Harrison

1 year ago

Option C looks like the best choice. Using a Network Load Balancer with TLS protocol and ACM certificates seems to meet all the requirements.

upvoted 0 times

Brett

1 year ago

Yes, Option C with Network Load Balancer and TLS protocol seems like the most secure and efficient solution for the migration.

upvoted 0 times

...

Rolland

1 year ago

I agree, Option C seems to provide the necessary end-to-end encryption and session affinity for the application.

upvoted 0 times

...

Ronald

1 year ago

Option C looks like the best choice. Using a Network Load Balancer with TLS protocol and ACM certificates seems to meet all the requirements.

upvoted 0 times

...

Daniela

1 year ago

I think option A is the best solution because it uses a Network Load Balancer with TCP protocol and session affinity for sticky sessions.

upvoted 0 times

...