Amazon Exam ANS-C01 Topic 7 Question 14 Discussion

Actual exam question for Amazon's ANS-C01 exam

Question #: 14
Topic #: 7

An ecommerce company is hosting a web application on Amazon EC2 instances to handle continuously changing customer demand. The EC2 instances are part of an Auto Scaling group. The company wants to implement a solution to distribute traffic from customers to the EC2 instances. The company must encrypt all traffic at all stages between the customers and the application servers. No decryption at intermediate points is allowed.

Which solution will meet these requirements?

ACreate an Application Load Balancer (ALB). Add an HTTPS listener to the ALB. Configure the Auto Scaling group to register instances with the ALB's target group.

BCreate an Amazon CloudFront distribution. Configure the distribution with a custom SSL/TLS certificate. Set the Auto Scaling group as the distribution's origin.

CCreate a Network Load Balancer (NLB). Add a TCP listener to the NLB. Configure the Auto Scaling group to register instances with the NLB's target group.

DCreate a Gateway Load Balancer (GLB). Configure the Auto Scaling group to register instances with the GLB's target group.

Show Suggested Answer

Suggested Answer: B

Creating a new Route 53 Resolver outbound endpoint in the shared services VPC would enable forwarding of DNS queries from the VPC to on-premises1.Creating forwarding rules for the on-premises hosted domains would enable specifying which domain names are forwarded to the on-premises DNS servers2.Associating the rules with the new Resolver endpoint and each application VPC would enable applying the rules to the VPCs2.This solution would not affect the default DNS resolution behavior of Route 53 Resolver for local VPC domain names and domains that are hosted in Route 53 private hosted zones3.

by Erinn at Oct 08, 2023, 12:51 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Alpha

4 days ago

I'm not sure, but I think option B with Amazon CloudFront could also work since it allows custom SSL/TLS certificates for encryption.

upvoted 0 times

...

Brunilda

6 days ago

Option A seems like the obvious choice here. An ALB with HTTPS listener is the perfect solution to encrypt traffic and distribute it to the EC2 instances. Easy to set up and manage.

upvoted 0 times

...

Carin

6 days ago

I agree with Kara. Option A ensures end-to-end encryption without decryption at intermediate points.

upvoted 0 times

...

Kara

10 days ago

I think option A is the best solution because it uses an Application Load Balancer with HTTPS listener for encryption.

upvoted 0 times

...