Q78 — AWS DOP-C02 Ch.3
Question 78 of 100 | ← Chapter 3
A DevOps engineer is creating an AWS CloudFormation template to deploy a web service. The web service runs on Amazon EC2 instances in private subnets behind an Application Load Balancer (ALB). The DevOps engineer wants to ensure the service can accept requests from clients with IPv6 addresses.
- A. Add an IPv6 CIDR block to the VPC and private subnets hosting the EC2 instances. Create a route table entry for IPv6 traffic using IPv6-capable EC2 instance types, and assign IPv6 addresses to each EC2 instance.
- B. Assign an IPv6 Elastic IP address to each EC2 instance. Create a target group and register the EC2 instances as targets. Create a listener on port 443 of the ALB and associate the target group with the ALB.
- C. Replace the ALB with a Network Load Balancer (NLB). Add an IPv6 CIDR block to the NLB’s VPC and subnets, and assign an IPv6 Elastic IP address to the NLB.
- D. Add an IPv6 CIDR block to the ALB’s VPC and subnets. Create a listener on port 443 and specify the dual-stack IP address type on the ALB. Create a target group, register the EC2 instances as targets, and associate the target group with the ALB. ✓
Correct Answer: D. Add an IPv6 CIDR block to the ALB’s VPC and subnets. Create a listener on port 443 and specify the dual-stack IP address type on the ALB. Create a target group, register the EC2 instances as targets, and associate the target group with the ALB.
Explanation
Option D is correct. To support IPv6 client access, the ALB’s VPC and subnets must be configured with IPv6 CIDR blocks. The ALB must be configured with a dual-stack IP address type (supporting both IPv4 and IPv6), and a listener must be created on the appropriate port (e.g., 443). Backend EC2 instances must be registered in a target group associated with the ALB. While EC2 instances themselves do not require public IPv6 addresses for ALB routing (they reside in private subnets), the ALB must be dual-stack enabled and properly routed. Option A incorrectly assumes EC2 instances need public IPv6 addresses. Option B misuses Elastic IPs for private instances and ignores ALB dual-stack configuration. Option C unnecessarily replaces ALB with NLB, which does not natively support HTTP/HTTPS routing features required for typical web services.