AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 337

A company is deploying a non-web application on an Elastic Load Balancing. All targets are servers located on-premises that can be accessed by using AWS
Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server.
How can this requirement be achieved?

Answer options

• A. Use a Network Load Balancer to automatically preserve the source IP address.
• B. Use a Network Load Balancer and enable the X-Forwarded-For attribute.
• C. Use a Network Load Balancer and enable the ProxyProtocol attribute.
• D. Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded-For header.

Correct answer: C

Explanation

For non-web applications, a Network Load Balancer (NLB) is used instead of an Application Load Balancer. Because the backend targets are on-premises servers registered by IP address over AWS Direct Connect, the NLB does not automatically preserve the source IP address. Enabling the ProxyProtocol attribute (Proxy Protocol v2) on the NLB is required to prepend the connection information, including the source IP, to the data packet.