AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 1

An organization with a growing ecommerce presence uses the AWS CloudHSM to offload the SSL/TLS processing of its web server fleet. The company leverages
Amazon EC2 Auto Scaling for web servers to handle the growth. What architectural approach is optimal to scale the encryption operation?

Answer options

• A. Use multiple CloudHSM instances, and load balance them using a Network Load Balancer.
• B. Use multiple CloudHSM instances to the cluster; request to it will automatically load balance.
• C. Enable Auto Scaling on the CloudHSM instance, with similar configuration to the web tier Auto Scaling group.
• D. Use multiple CloudHSM instances, and load balance them using an Application Load Balancer.

Correct answer: A

Explanation

The correct answer is A because using a Network Load Balancer allows for efficient distribution of workloads among multiple CloudHSM instances, ensuring high availability and performance. Option B is incorrect as CloudHSM instances do not automatically load balance requests without an external load balancer. Option C is not valid since CloudHSM instances cannot be scaled in the same manner as EC2 instances. Option D is also incorrect because an Application Load Balancer is typically used for HTTP/HTTPS traffic and is not suited for SSL/TLS offloading directly with CloudHSM.