Q67 — AWS ANS-C01 Ch.1
Question 67 of 100 | ← Chapter 1
A company is migrating an existing application to a new AWS account. The company will deploy the application in a single AWS Region by using one VPC and multiple Availability Zones. The application will run on Amazon EC2 instances. Each Availability Zone will have several EC2 instances. The EC2 instances will be deployed in private subnets. The company's clients will connect to the application by using a web browser with the HTTPS protocol. Inbound connections must be distributed across the Availability Zones and EC2 instances. All connections from the same client session must be connected to the same EC2 instance. The company must provide end-to-end encryption for all connections between the clients and the application by using the application SSL certificate. Which solution will meet these requirements?
- A. Create a Network Load Balancer. Create a target group. Set the protocol to TCP and the port to 443 for the target group. Turn on session affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TCP and the port to 443 for the listener. Deploy SSL certificates to the EC2 instances. ✓
- B. Create an Application Load Balancer. Create a target group. Set the protocol to HTTP and the port to 80 for the target group. Turn on session affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTPS listener. Set the default action to forward to the target group. Use AWS Certificate Manager (ACM) to create a certificate for the listener.
- C. Create a Network Load Balancer. Create a target group. Set the protocol to TLS and the port to 443 for the target group. Turn on session affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TLS and the port to 443 for the listener. Use AWS Certificate Manager (ACM) to create a certificate for the application.
- D. Create an Application Load Balancer. Create a target group. Set the protocol to HTTPS and the port to 443 for the target group. Turn on session affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTP listener. Set the port to 443 for the listener. Set the default action to forward to the target group.
Correct Answer: A. Create a Network Load Balancer. Create a target group. Set the protocol to TCP and the port to 443 for the target group. Turn on session affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TCP and the port to 443 for the listener. Deploy SSL certificates to the EC2 instances.
Explanation
题目中要求实现客户端通过HTTPS协议连接应用,连接需分布在多个可用区和EC2实例,且同一会话的连接要连到同一实例,并提供端到端加密。A选项正确。创建网络负载均衡器(NetworkLoadBalancer)可以处理网络层的流量,支持TCP协议和443端口。设置会话亲和性(stickysessions)能确保同一会话连接到同一实例。使用目标组注册EC2实例,并在负载均衡器上创建相应的监听器,部署SSL证书到EC2实例,可满足要求。B选项使用应用负载均衡器(ApplicationLoadBalancer),目标组协议设置为HTTP错误,应是HTTPS。C选项网络负载均衡器目标组协议设置为TLS错误,应为TCP。D选项创建的是HTTP监听器错误,应是HTTPS监听器。综上,A选项是正确答案。 查看全部