AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 64

A company has a hybrid IT architecture with two AWS Direct Connect connections to provide high availability. The services hosted on-premises are accessible using public IPs, and are also on the 172.16.0.0/16 range. The AWS resources are on the 192.168.0.0/18 range. The company wants to use Amazon Elastic Load
Balancing for SSL offloading, health checks, and sticky sessions.
What should be done to meet these requirements?

Answer options

• A. Create a Network Load Balancer pointing to the on-premises server's private IP address.
• B. Create an Amazon CloudFront distribution for the on-premises service and use the public IPs of the on-premises servers as the origin.
• C. Create a Network Load Balancer pointing to the on-premises server's public IP address.
• D. Create an Application Load Balancer pointing to the on-premises server's private IP address.

Correct answer: A

Explanation

Option A is correct because a Network Load Balancer allows for the use of private IP addresses, which is necessary for accessing on-premises servers directly without exposing them to the public. Options B and C are not suitable since CloudFront is not intended for SSL offloading in this context, and using a public IP address in option C defeats the purpose of maintaining on-premises server privacy. Option D is incorrect as an Application Load Balancer is not typically used for direct connections to on-premises servers in this scenario.