New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 7 Question 14 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 14
Topic #: 7
[All ANS-C01 Questions]

An ecommerce company is hosting a web application on Amazon EC2 instances to handle continuously changing customer demand. The EC2 instances are part of an Auto Scaling group. The company wants to implement a solution to distribute traffic from customers to the EC2 instances. The company must encrypt all traffic at all stages between the customers and the application servers. No decryption at intermediate points is allowed.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

Creating a new Route 53 Resolver outbound endpoint in the shared services VPC would enable forwarding of DNS queries from the VPC to on-premises1.Creating forwarding rules for the on-premises hosted domains would enable specifying which domain names are forwarded to the on-premises DNS servers2.Associating the rules with the new Resolver endpoint and each application VPC would enable applying the rules to the VPCs2.This solution would not affect the default DNS resolution behavior of Route 53 Resolver for local VPC domain names and domains that are hosted in Route 53 private hosted zones3.


by Erinn at Oct 08, 2023, 12:51 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Johanna
3 months ago
NLB (Option C) doesn't support HTTPS, so it's a no-go.
upvoted 0 times
...
Sharen
3 months ago
Wait, can we really not decrypt at any point? That sounds risky.
upvoted 0 times
...
Chau
4 months ago
But wouldn't CloudFront (Option B) also work?
upvoted 0 times
...
Weldon
4 months ago
I agree, ALB is the way to go for this!
upvoted 0 times
...
Claudio
4 months ago
Option A seems solid with the HTTPS listener.
upvoted 0 times
...
Clay
4 months ago
I don't think a Gateway Load Balancer is suitable here; it seems more focused on integrating with security appliances rather than handling traffic directly.
upvoted 0 times
...
Marget
4 months ago
I practiced a similar question about load balancers, and I feel like the NLB might not be the right choice for HTTPS traffic.
upvoted 0 times
...
Kristian
5 months ago
I think CloudFront could work since it supports SSL/TLS, but I can't recall if it meets the no-decryption requirement.
upvoted 0 times
...
Skye
5 months ago
I remember that ALBs are great for HTTP/HTTPS traffic, but I'm not sure if they can handle end-to-end encryption without decryption.
upvoted 0 times
...
Florinda
5 months ago
I think option B with Amazon CloudFront might be the way to go. CloudFront can handle the SSL/TLS encryption, and setting the Auto Scaling group as the origin should address the dynamic demand. The "no decryption" part still has me a bit unsure, but I'll double-check the CloudFront documentation.
upvoted 0 times
...
Iesha
5 months ago
I'm not sure about this one. The requirement for no decryption at intermediate points makes me hesitant about some of these options. I'll need to review the details of each load balancing service to see which one can truly meet all the requirements.
upvoted 0 times
...
Amber
5 months ago
Okay, I've got this. The answer is clearly option A - create an Application Load Balancer (ALB) with an HTTPS listener. That way, the traffic is encrypted end-to-end, and the Auto Scaling group can handle the dynamic demand. Simple and effective!
upvoted 0 times
...
Ranee
5 months ago
Hmm, I'm a bit confused about the requirement for no decryption at intermediate points. That seems to rule out some of the more common load balancing solutions. I'll need to think carefully about which option best meets all the criteria.
upvoted 0 times
...
Essie
5 months ago
This seems like a straightforward question about load balancing and encryption. I think the key is to find a solution that can handle the dynamic customer demand and encrypt all traffic without any decryption at intermediate points.
upvoted 0 times
...
Dortha
5 months ago
I'm a bit confused about the sandbox refresh process. Should it be after each push from the partial data sandbox, or only after major releases? I'll need to review the details.
upvoted 0 times
...
Leonida
5 months ago
This looks like a straightforward question about automating the survey process. I think the key is to leverage Dynamics 365 Marketing and Customer Voice to streamline the workflow.
upvoted 0 times
...
Tammi
10 months ago
I'd go with Option C. A Network Load Balancer handles TCP traffic well, and it should be able to encrypt the connections too. Seems like a solid choice.
upvoted 0 times
Garry
9 months ago
Yeah, Option C is the way to go. It meets the requirements of encrypting traffic and distributing it effectively.
upvoted 0 times
...
Edelmira
9 months ago
I agree, using a Network Load Balancer for this scenario seems like the most appropriate solution.
upvoted 0 times
...
Marci
9 months ago
Option C sounds like a good choice. Network Load Balancer is known for handling TCP traffic efficiently.
upvoted 0 times
...
...
Jess
10 months ago
Haha, Option D with the Gateway Load Balancer? That's a new one! I've never even heard of that before. Sounds like someone is trying to trick us.
upvoted 0 times
Tammy
9 months ago
C) Create a Network Load Balancer (NLB). Add a TCP listener to the NLB. Configure the Auto Scaling group to register instances with the NLB's target group.
upvoted 0 times
...
Lucille
9 months ago
B) Create an Amazon CloudFront distribution. Configure the distribution with a custom SSL/TLS certificate. Set the Auto Scaling group as the distribution's origin.
upvoted 0 times
...
Rosio
9 months ago
A) Create an Application Load Balancer (ALB). Add an HTTPS listener to the ALB. Configure the Auto Scaling group to register instances with the ALB's target group.
upvoted 0 times
...
...
Odelia
10 months ago
I'm not sure about Option B. CloudFront is great for content delivery, but I don't think it's the right fit for this use case. Seems like overkill.
upvoted 0 times
Jules
8 months ago
C) Create a Network Load Balancer (NLB). Add a TCP listener to the NLB. Configure the Auto Scaling group to register instances with the NLB's target group.
upvoted 0 times
...
Lai
9 months ago
A) Definitely, ALB with HTTPS listener should be sufficient for encrypting traffic between customers and application servers.
upvoted 0 times
...
Elouise
9 months ago
B) I agree, CloudFront might be too much for this scenario. It's better to go with a simpler solution.
upvoted 0 times
...
Keith
10 months ago
A) Create an Application Load Balancer (ALB). Add an HTTPS listener to the ALB. Configure the Auto Scaling group to register instances with the ALB's target group.
upvoted 0 times
...
...
Alpha
10 months ago
I'm not sure, but I think option B with Amazon CloudFront could also work since it allows custom SSL/TLS certificates for encryption.
upvoted 0 times
...
Brunilda
11 months ago
Option A seems like the obvious choice here. An ALB with HTTPS listener is the perfect solution to encrypt traffic and distribute it to the EC2 instances. Easy to set up and manage.
upvoted 0 times
Ma
10 months ago
I agree, ALB is easy to set up and manage. It's the perfect solution for this scenario.
upvoted 0 times
...
Katlyn
10 months ago
Option A seems like the best choice. ALB with HTTPS listener will encrypt traffic and distribute it to EC2 instances.
upvoted 0 times
...
...
Carin
11 months ago
I agree with Kara. Option A ensures end-to-end encryption without decryption at intermediate points.
upvoted 0 times
...
Kara
11 months ago
I think option A is the best solution because it uses an Application Load Balancer with HTTPS listener for encryption.
upvoted 0 times
...

Save Cancel