Q33 — AWS SAA-C03 Ch.1
Question 33 of 65 | ← Chapter 1
Q33. A company has a dynamic web application hostes on two Amazon EC2 instances. The company has its own SSL certificate, which is on each instance to perform SSL termination. There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit. What should a solutions architect do to increase the application's performance?
- A. Create a new SSL certificate using AWS Certificate Manager (ACM).Install the ACM certificate on each instance.
- B. Create an Amazon S3 bucket Migrate the SSL certificate to the S3 bucket.Configure the EC2 instances to reference the bucket for SSL termination.
- C. Create another EC2 instance as a proxy server.Migrate the SSL certificate to the new instance and configure it to direct connctions to the existing EC2 instances.
- D. Import the SSL certificate into AWS Crtificate Manager (ACM).Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM. ✓
Correct Answer: D. Import the SSL certificate into AWS Crtificate Manager (ACM).Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM.
Explanation
To increase the performance of the web application, a common approach is to use an Application Load Balancer (ALB) for SSL termination. An ALB can handle SSL traffic more efficiently than individual EC2 instances. In this scenario, the solution architect should import the SSL certificate into AWS Certificate Manager (ACM) and create an ALB with an HTTPS listener that uses the SSL certificate from ACM. The ALB will distribute the traffic between the EC2 instances, which will help improve their performance. Option A is incorrect because installing the SSL certificate on each EC2 instance does not address the underlying issue of compute capacity reaching its maximum limit due to SSL encryption and decryption. Option B is incorrect because configuring the EC2 instances to reference an S3 bucket for SSL termination is not a common approach and may introduce additional complexity and security risks. Option C is also less optimal than Option D because creating another EC2 instance as a proxy server adds unnecessary complexity to the architecture. Additionally, using an ALB provides better scalability and elasticity compared to using a single EC2 instance as a proxy server.