ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 285 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 285
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A user is implementing a third-party web application on an Amazon EC2 instance. All client communications must be over HTTPS, and traffic must be terminated before it reaches the instance. Communication to the instance must be over port 80. Company policy requires that workloads reside in private subnets.
Which solution meets these requirements?

  • A. Create an Application Load Balancer. Add an HTTP listener for port 80 to redirect traffic to HTTPS on port 443. Add another listener with an AWS Certificate Manager (ACM) certificate for termination and a rule that forwards to the target instance through port 80.
  • B. Allocate an Elastic IP address that has SSL termination activated. Associate the Elastic IP address with the instance on port 80.
  • C. Create a Gateway Load Balancer. Add an HTTP listener for port 80 to redirect traffic to HTTPS on port 443. Add another listener with an AWS Certificate Manager (ACM) certificate for termination and a rule that forwards to the target instance through port 80.
  • D. Implement a Network Load Balancer. Add an HTTP listener for port 80 to redirect traffic to HTTPS on port 443. Add another listener with an AWS Certificate Manager (ACM) certificate for termination and a rule that forwards to the target instance through port 80.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by dumma at Aug. 26, 2021, 12:31 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dumma
Highly Voted 3 years, 7 months ago
It should be A as network load balancers can't redirect traffic.
upvoted 18 times
...
sakibmas
Highly Voted 2 years, 4 months ago
Selected Answer: A
If you have to pick a load balancer, choose the ALB unless you can find a good reason to go with an NLB. Typical reasons for selecting an NLB instead of an ALB are: - The workload requires UDP or a non-HTTP protocol. - Latency is very crucial, and you have to optimize for every millisecond. - Unexpected and huge traffic spikes are likely to happen. - Static IP addresses are required for inbound traffic.
upvoted 5 times
...
Raphaello
Most Recent 1 year, 2 months ago
Selected Answer: A
Correct answer it A. ALB + redirect flow to HTTPS + certificate using ACM + forward to port 80 on instances.
upvoted 1 times
...
D2
2 years, 5 months ago
Selected Answer: A
Answer A
upvoted 1 times
...
dcasabona
2 years, 9 months ago
Selected Answer: A
Option A I would choose.
upvoted 2 times
...
sapien45
2 years, 9 months ago
What is needed is AWS public URLs to validate any stateemnt ...this isn't tikTok ...kepp your opinions to yourselfs. Established facts only. A https://aws.amazon.com/premiumsupport/knowledge-center/elb-redirect-http-to-https-using-alb/
upvoted 2 times
...
TigerInTheCloud
3 years ago
Selected Answer: A
NLB does not know layer 7 HTTP
upvoted 1 times
...
Radhaghosh
3 years, 3 months ago
"all traffic must be terminated prior to reaching the instance" --> ALB is the answer.
upvoted 1 times
...
ddm123
3 years, 3 months ago
A is the correct answer on ALB Listener 1 -> To redirect incoming requests on HTTP to HTTPS Listener 2 -> To handle HTTPS requests with SSL termination and forward the requests to nodes on port 80
upvoted 3 times
...
IMAHM
3 years, 5 months ago
No, You can not redirect to HTTP/HTTPS as Network LB does not have application layer. HTTP and HTTPS traffic can be routed to your environment over TCP. Answer A
upvoted 4 times
...
1awssec
3 years, 5 months ago
NLB at L4, so NO awareness/redirection for L7 based data
upvoted 1 times
...
hk436
3 years, 6 months ago
A is my answer.!
upvoted 2 times
...
kiev
3 years, 6 months ago
HTTPS is ALB and A is the correct answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago