Q59 — AWS SOA-C02 Ch.1

Question 59 of 100 | ← Chapter 1

A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company’s security team wants to protect the website by using AWS Certificate Manager (ACM) certificates. The ELB must automatically redirect any HTTP requests to HTTPS. Which solution will meet these requirements?

Correct Answer: B. Create an Application Load Balancer that has one HTTP listener on port 80 and one HTTPS protocol listener on port 443. Attach an SSL/TLS certificate to listener port 443. Create a rule to redirect requests from port 80 to port 443.

Explanation

AWS服务中,Application Load Balancer(ALB)支持基于HTTP/HTTPS的监听器和重定向规则。使用ACM证书时,证书必须附加到HTTPS监听器(默认端口443)。HTTP监听器(端口80)需配置重定向规则至HTTPS。对于TCP监听器(如选项C、D中的Network Load Balancer),无法直接实现HTTP到HTTPS的应用层重定向。选项A错误地将HTTPS监听器配置在端口80,不符合标准端口分配。参考AWS文档,ALB的正确配置需在端口80设置HTTP监听器,端口443设置HTTPS监听器并附加证书,通过规则实现重定向。选项B符合此架构。