AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 322

You are deploying a web application in a VPC that requires SSL mutual authentication with a client- side, smartcard-stored certificate. The ELB Classic Load
Balancer listener must support mutual authentication between the client and the application.
Which load balancer protocol should you select for this application?

Answer options

• A. HTTP
• B. HTTPS
• C. SSL
• D. TCP

Correct answer: D

Explanation

To support SSL mutual authentication directly between the client and the backend application, the Classic Load Balancer must pass the encrypted traffic through without terminating the SSL connection. Selecting the TCP protocol (Layer 4) allows the load balancer to forward the raw TCP packets directly to the backend instances where the application can handle the client-side certificate validation. Using SSL or HTTPS protocols would terminate the TLS connection at the load balancer, which does not support client certificate authentication.