ExpertAWS SAP-C02 · Question 23 · Domain 2.3: Security Controls
A financial application requires end-to-end encryption. The application runs on EC2 instances behind an Application Load Balancer (ALB). The security team requires that the TLS connection terminates at the EC2 instances, not at the load balancer, to ensure data is encrypted in transit through the AWS network. How should the architect design this solution?
A financial application requires end-to-end encryption. The application runs on EC2 instances behind an Application Load Balancer (ALB). The security team requires that the TLS connection terminates at the EC2 instances, not at the load balancer, to ensure data is encrypted in transit through the AWS network. How should the architect design this solution?
Answer options:
Configure the ALB with an HTTPS listener and use a self-signed certificate on the EC2 instances for the target group.
Replace the ALB with a Network Load Balancer (NLB) and configure TCP listeners to pass traffic through to the EC2 instances.
Use AWS Global Accelerator and route traffic directly to the EC2 instances, bypassing the load balancer.
Configure the ALB with a TLS listener and use AWS Certificate Manager (ACM) to deploy certificates to the EC2 instances.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 4
75 questions · hints · full answers · grading