Q41 — AWS ANS-C01 Ch.1

Question 41 of 100 | ← Chapter 1

A company has an application that hosts personally identifiable information (PII) of users. All connections to the application must be secured by HTTPS with TLS certificates that implement Elliptic Curve Cryptography (ECC). The application uses stateful connections between the web tier and the end users. Multiple instances host the application. A network engineer Must implement a solution that offloads TLS connections to a load balancer. Which load-balancing solution will meet these requirements?

Correct Answer: D. Provision an Application Load Balancer. Configure an HTTPS listener by specifying the use of an ECC SSL certificate that is uploaded to AWS Identity and Access Management (IAM). Configure a default action to redirect to the URL for the application. Turn on application-based Session affinity (sticky sessions).

Explanation

本题核心考查AWS负载均衡器选型及TLS卸载配置。应用需支持有状态连接,要求使用ECC证书并实现TLS卸载。Application Load Balancer(ALB)支持HTTPS监听器,可直接处理TLS终止,符合TLS卸载需求。会话亲和性(sticky sessions)通过基于应用的会话保持机制确保有状态连接,此为ALB特性。虽然AWS推荐使用ACM管理证书,但ALB也支持IAM存储的ECC证书。Network Load Balancer(NLB)仅支持TLS监听器且缺乏应用层会话保持能力,无法满足要求。正确配置需同时包含HTTPS监听、ECC证书及会话亲和性。