ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 5 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 5
Topic #: 1
[All AWS Certified Security - Specialty Questions]

Compliance requirements state that all communications between company on-premises hosts and EC2 instances be encrypted in transit. Hosts use custom proprietary protocols for their communication, and EC2 instances need to be fronted by a load balancer for increased availability.
Which of the following solutions will meet these requirements?

  • A. Offload SSL termination onto an SSL listener on a Classic Load Balancer, and use a TCP connection between the load balancer and the EC2 instances.
  • B. Route all traffic through a TCP listener on a Classic Load Balancer, and terminate the TLS connection on the EC2 instances.
  • C. Create an HTTPS listener using an Application Load Balancer, and route all of the communication through that load balancer.
  • D. Offload SSL termination onto an SSL listener using an Application Load Balancer, and re-spawn and SSL connection between the load balancer and the EC2 instances.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by BillyC at Aug. 25, 2019, 5:12 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BillyC
Highly Voted 3 years, 11 months ago
B i Think
upvoted 42 times
Daniel76
3 years, 9 months ago
Support B with this link for ref: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-endtoend.html
upvoted 5 times
...
cloudprincipal
3 years, 10 months ago
Agreed, B is correct. Data must be encrypted in transit. That should imply end-to-end encryption. So TLS must be terminated at EC2 instance only.
upvoted 13 times
...
Mike_1
3 years, 10 months ago
C it is... pls read https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/data-protection.html, AWS encourages the usage of ALB over CLB in this use case, as ALB is more suited.
upvoted 4 times
Kdosec
3 years, 9 months ago
This is a custom protocol, so we can't use ALB because it supports HTTP and HTTPS only. So, B is correct.
upvoted 20 times
...
...
...
INASR
Highly Voted 3 years, 10 months ago
B is correct , first it mentioned custom protocols and ALBs only support HTTP & HTTPS listeners, CLBs support TCP,SSL/TLS,HTTP & HTTPS listeners . Second , it says encryption in transit between hosts and EC2 which means end-end encryption and not terminating or off-loading the session on the laod balancer , so only answer that terminates Session on EC2 is B.
upvoted 37 times
...
heatblur
Most Recent 1 year, 8 months ago
Selected Answer: B
B seems to be the most suitable. It ensures that all traffic remains encrypted in transit, meeting the compliance requirements. The TLS termination occurs at the EC2 instances, which allows for handling custom proprietary protocols effectively. This setup also leverages the benefits of a load balancer for increased availability without compromising security.
upvoted 2 times
...
Benah
1 year, 11 months ago
I will go with B, Route all traffic through a TCP listener on a Classic Load Balancer, and terminate the TLS connection on the EC2 instances
upvoted 1 times
...
Green53
2 years, 1 month ago
Selected Answer: B
Anything that state routing traffic through SSL/HTTPS can be removed, since the question states it's a custom protocol (so remove A, C and D). That leaves B
upvoted 3 times
...
elkore
2 years, 2 months ago
Selected Answer: B
B is correct. This question is outdated newer documentation would recommend avoiding the classical load balancer and using the network load balancer instead.
upvoted 4 times
Robert0
2 years, 2 months ago
Exactly, NLB has the same feature
upvoted 2 times
...
...
ITGURU51
2 years, 3 months ago
The question states that we must encrypt data in transit between the remote network and the EC2 machines. B
upvoted 1 times
...
Kitman
2 years, 3 months ago
Selected Answer: B
Answer is B
upvoted 1 times
...
Nikhil0222
2 years, 4 months ago
I think C is the correct option. "creates an HTTPS listener using an Application Load Balancer. " indicates that traffic will be encrypted in transit
upvoted 1 times
...
arpgaur
2 years, 7 months ago
How is Routing traffic through TCP listener encrypt traffic? sure, the connection can be built over TCP, but we still don't have encryption? Confused on why B ?
upvoted 1 times
...
Root_Access
2 years, 11 months ago
Selected Answer: B
If you need to pass encrypted traffic to targets without the load balancer decrypting it, you can create a Network Load Balancer or Classic Load Balancer with a TCP listener on port 443. With a TCP listener, the load balancer passes encrypted traffic through to the targets without decrypting it. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
upvoted 6 times
...
sapien45
2 years, 11 months ago
Selected Answer: B
Custom protocols and ALBs only support HTTP & HTTPS listeners, CLBs support TCP,SSL/TLS,HTTP & HTTPS listeners . Also the question says encryption in transit between hosts and EC2 which means end-end encryption and not terminating or off-loading the session on the laod balancer , so only answer that terminates Session on EC2 is B
upvoted 1 times
...
awsec2
2 years, 11 months ago
I think C
upvoted 1 times
...
dcasabona
3 years ago
Selected Answer: B
I agree with INASR. Well done.
upvoted 1 times
...
abdullah78658
3 years, 1 month ago
B APPLICATION LOAD BALANCER DOESN'T SUPPORT TCP
upvoted 1 times
...
leotoras
3 years, 3 months ago
A is correct Only TCP allows proprietary protocols as requested.
upvoted 1 times
...
Radhaghosh
3 years, 6 months ago
B is the correct answer.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel