Q65 — AWS ANS-C01 Ch.1

Question 65 of 100 | ← Chapter 1

A company deploys a new web application on Amazon EC2 instances. The application runs in private subnets in three Availability Zones behind an Application Load Balancer (ALB). Security auditors require encryption of all connections. The company uses Amazon Route 53 for DNS and uses AWS Certificate Manager (ACM) to automate SSL/TLS certificate provisioning. SSL/TLS connections are terminated on the ALB. The company tests the application with a single EC2 instance and does not observe any problems. However, after production deployment, users Report that they can log in but that they cannot use the application. Every new web request restarts the login process. What should a network engineer do to resolve this issue?

Correct Answer: C. Modify the ALB target group configuration by enabling the stickiness attribute. Use an application-based cookie. Set the duration to the Maximum application session length.

Explanation

该题目涉及应用负载均衡器(ALB)的会话粘性配置。根据AWS官方文档,ALB的会话粘性通过目标组级别的属性管理,而非监听器规则。用户登录后会话中断的问题通常是由于无状态的负载均衡导致请求被分发到不同实例。正确解决方法是在目标组启用粘性,使用应用生成的cookie(如AWSELB或自定义),确保同一用户请求路由到同一实例。选项C直接修改目标组配置,符合AWS的最佳实践。选项A错误地将配置放在监听器规则,而选项B、D涉及不必要的架构变更。