Amazon Exam ANS-C01 Topic 7 Question 14 Discussion

Actual exam question for Amazon's ANS-C01 exam

Question #: 14
Topic #: 7

An ecommerce company is hosting a web application on Amazon EC2 instances to handle continuously changing customer demand. The EC2 instances are part of an Auto Scaling group. The company wants to implement a solution to distribute traffic from customers to the EC2 instances. The company must encrypt all traffic at all stages between the customers and the application servers. No decryption at intermediate points is allowed.

Which solution will meet these requirements?

ACreate an Application Load Balancer (ALB). Add an HTTPS listener to the ALB. Configure the Auto Scaling group to register instances with the ALB's target group.

BCreate an Amazon CloudFront distribution. Configure the distribution with a custom SSL/TLS certificate. Set the Auto Scaling group as the distribution's origin.

CCreate a Network Load Balancer (NLB). Add a TCP listener to the NLB. Configure the Auto Scaling group to register instances with the NLB's target group.

DCreate a Gateway Load Balancer (GLB). Configure the Auto Scaling group to register instances with the GLB's target group.

Show Suggested Answer

Suggested Answer: B

Creating a new Route 53 Resolver outbound endpoint in the shared services VPC would enable forwarding of DNS queries from the VPC to on-premises1.Creating forwarding rules for the on-premises hosted domains would enable specifying which domain names are forwarded to the on-premises DNS servers2.Associating the rules with the new Resolver endpoint and each application VPC would enable applying the rules to the VPCs2.This solution would not affect the default DNS resolution behavior of Route 53 Resolver for local VPC domain names and domains that are hosted in Route 53 private hosted zones3.

by Erinn at Oct 08, 2023, 12:51 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Tammi

1 months ago

I'd go with Option C. A Network Load Balancer handles TCP traffic well, and it should be able to encrypt the connections too. Seems like a solid choice.

upvoted 0 times

Garry

3 days ago

Yeah, Option C is the way to go. It meets the requirements of encrypting traffic and distributing it effectively.

upvoted 0 times

...

Edelmira

8 days ago

I agree, using a Network Load Balancer for this scenario seems like the most appropriate solution.

upvoted 0 times

...

Marci

14 days ago

Option C sounds like a good choice. Network Load Balancer is known for handling TCP traffic efficiently.

upvoted 0 times

...

Jess

1 months ago

Haha, Option D with the Gateway Load Balancer? That's a new one! I've never even heard of that before. Sounds like someone is trying to trick us.

upvoted 0 times

Rosio

17 days ago

A) Create an Application Load Balancer (ALB). Add an HTTPS listener to the ALB. Configure the Auto Scaling group to register instances with the ALB's target group.

upvoted 0 times

...

Odelia

1 months ago

I'm not sure about Option B. CloudFront is great for content delivery, but I don't think it's the right fit for this use case. Seems like overkill.

upvoted 0 times

Lai

14 days ago

A) Definitely, ALB with HTTPS listener should be sufficient for encrypting traffic between customers and application servers.

upvoted 0 times

...

Elouise

17 days ago

B) I agree, CloudFront might be too much for this scenario. It's better to go with a simpler solution.

upvoted 0 times

...

Keith

22 days ago

A) Create an Application Load Balancer (ALB). Add an HTTPS listener to the ALB. Configure the Auto Scaling group to register instances with the ALB's target group.

upvoted 0 times

...

Alpha

2 months ago

I'm not sure, but I think option B with Amazon CloudFront could also work since it allows custom SSL/TLS certificates for encryption.

upvoted 0 times

...

Brunilda

2 months ago

Option A seems like the obvious choice here. An ALB with HTTPS listener is the perfect solution to encrypt traffic and distribute it to the EC2 instances. Easy to set up and manage.

upvoted 0 times

Ma

1 months ago

I agree, ALB is easy to set up and manage. It's the perfect solution for this scenario.

upvoted 0 times

...

Katlyn

1 months ago

Option A seems like the best choice. ALB with HTTPS listener will encrypt traffic and distribute it to EC2 instances.

upvoted 0 times

...

Carin

2 months ago

I agree with Kara. Option A ensures end-to-end encryption without decryption at intermediate points.

upvoted 0 times

...

Kara

2 months ago

I think option A is the best solution because it uses an Application Load Balancer with HTTPS listener for encryption.

upvoted 0 times

...