ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 73 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 73
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

You are designing an SSL/TLS solution that requires HTTPS clients to be authenticated by the Web server using client certificate authentication. The solution must be resilient.
Which of the following options would you consider for configuring the web server infrastructure? (Choose two.)

  • A. Configure ELB with TCP listeners on TCP/443. And place the Web servers behind it.
  • B. Configure your Web servers with EIPs. Place the Web servers in a Route53 Record Set and configure health checks against all Web servers.
  • C. Configure ELB with HTTPS listeners, and place the Web servers behind it.
  • D. Configure your web servers as the origins for a CloudFront distribution. Use custom SSL certificates on your CloudFront distribution.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
TCP/443 or HTTPS listener either way you can configure, but you can only upload ssl certificate on HTTPS listener.
by TaherShaker at March 18, 2021, 10:47 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
amministrazione
1 year ago
A. Configure ELB with TCP listeners on TCP/443. And place the Web servers behind it. C. Configure ELB with HTTPS listeners, and place the Web servers behind it.
upvoted 1 times
...
TigerInTheCloud
2 years, 8 months ago
Selected Answer: AB
A: NLB TLS is not terminated on the ELB. Example: https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/configure-mutual-tls-authentication-for-applications-running-on-amazon-eks.html B: Doable, Route 53 multivalue with health check works as a load balancer. C: Application Load Balancers do not support mutual TLS authentication (mTLS). For mTLS support, create a TCP listener using a Network Load Balancer or a Classic Load Balancer and implement mTLS on the target. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html D: CloudFront does not support client authentication with client-side SSL certificates. If an origin requests a client-side certificate, CloudFront drops the request (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#RequestCustomClientSideSslAuth)
upvoted 1 times
...
delfnec
3 years, 3 months ago
A&C, i will choose A&C, both ALB and NLB can do that, but not cloudfront or route 53.
upvoted 2 times
...
cldy
3 years, 8 months ago
A. Configure ELB with TCP listeners on TCP/443. And place the Web servers behind it. B. Configure your Web servers with EIPs. Place the Web servers in a Route53 Record Set and configure health checks against all Web servers.
upvoted 1 times
...
01037
3 years, 10 months ago
AB Neither ALB nor Cloudfront supports client certificate. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#RequestCustomClientSideSslAuth
upvoted 4 times
...
sevromv
3 years, 10 months ago
https://www.reddit.com/r/aws/comments/862vxa/client_side_certificate_check_with_elb_in_aws/
upvoted 1 times
...
sevromv
3 years, 10 months ago
ELB does not do mutual authentication, aka client certificate authentication. You can use a TCP listener on an ELB on TCP/443 and pass the connection to your backing instances to do mutual authentication.
upvoted 1 times
...
anandbabu
3 years, 10 months ago
i will go with C D
upvoted 3 times
...
TaherShaker
3 years, 11 months ago
Correct Answer is A, B https://medium.com/@dirk.avery/can-an-aws-web-server-authenticate-using-client-certificate-authentication-85c65bc2f145
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel