A company is planning to create a service that requires encryption in transit. The traffi…

Question

A company is planning to create a service that requires encryption in transit. The traffic must not be decrypted between the client and the backend of the service. The company will implement the service by using the gRPC protocol over TCP port 443. The service will scale up to thousands of simultaneous connections. The backend of the service will be hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) duster with the Kubernetes Cluster Autoscaler and the Horizontal Pod Autoscaler configured. The company needs to use mutual TLS for two-way authentication between the client and the backend.
Which solution will meet these requirements?

Accepted Answer

Correct answer: A. A. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods. — The correct answer is A because it specifies a Network Load Balancer with a TCP listener, which allows for encryption in transit without decrypting the traffic, matching the requirement for mutual TLS. Option B uses an Application Load Balancer with HTTPS, which would decrypt the traffic. Option C and D also involve Application Load Balancers, and while D mentions a TLS listener, it does not fulfill the requirement of maintaining encryption in transit as required.

AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 1

Answer options

Correct answer: A

Explanation