Q78 — AWS DOP-C02 Ch.3

Question 78 of 100 | ← Chapter 3

A DevOps engineer is creating an AWS CloudFormation template to deploy a web service. The web service runs on Amazon EC2 instances in private subnets behind an Application Load Balancer (ALB). The DevOps engineer wants to ensure the service can accept requests from clients with IPv6 addresses.

Correct Answer: D. Add an IPv6 CIDR block to the ALB’s VPC and subnets. Create a listener on port 443 and specify the dual-stack IP address type on the ALB. Create a target group, register the EC2 instances as targets, and associate the target group with the ALB.

Explanation

Option D is correct. To support IPv6 client access, the ALB’s VPC and subnets must be configured with IPv6 CIDR blocks. The ALB must be configured with a dual-stack IP address type (supporting both IPv4 and IPv6), and a listener must be created on the appropriate port (e.g., 443). Backend EC2 instances must be registered in a target group associated with the ALB. While EC2 instances themselves do not require public IPv6 addresses for ALB routing (they reside in private subnets), the ALB must be dual-stack enabled and properly routed. Option A incorrectly assumes EC2 instances need public IPv6 addresses. Option B misuses Elastic IPs for private instances and ignores ALB dual-stack configuration. Option C unnecessarily replaces ALB with NLB, which does not natively support HTTP/HTTPS routing features required for typical web services.