Q31 — AWS ANS-C01 Ch.1

Question 31 of 100 | ← Chapter 1

An ecommerce company is hosting a web application on Amazon EC2 instances to handle continuously changing customer demand. The EC2 Instances are part of an Auto Scaling group. The company wants to implement a solution to distribute tra¨c from customers to the EC2 instances. The company must encrypt all tra¨c at all stages between the customers and the application servers. No decryption at intermediate points is Allowed. Which solution will meet these requirements?

Correct Answer: C. Create a Network Load Balancer (NLB). Add a TCP listener to the NLB. Con¦gure the Auto Scaling group to register instances with the NLB's Target group.

Explanation

为了满足题目中提到的要求,即加密客户与应用服务器之间所有阶段的流量,并且不允许在中间点解密,需要选择能够处理TCP层加密的解决方案。在给出的选项中:A.ALB支持HTTPS监听器,但主要用于HTTP/HTTPS协议的负载均衡,并且可能不直接满足在所有阶段加密的要求,因为它主要工作在更高层的协议上。B.AmazonCloudFront主要用于缓存和分发静态内容,虽然可以配置SSL/TLS证书来加密内容,但它不是直接用于处理动态应用服务器流量的最佳工具。C.NLB(网络负载均衡器)在TCP/IP层工作,支持TCP监听器,这意味着它可以处理加密的TCP连接,如SSL/TLS,满足在所有阶段加密流量的要求。D.GatewayLoadBalancer(GLB)不是一个AWS官方提供的服务名称,可能是对某种负载均衡器的误解或混淆。因此,正确答案是C,因为它能够满足在所有阶段加密客户与应用服务器之间流量的要求。 查看全部