AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 11

An ecommerce company is hosting a web application on Amazon EC2 instances to handle continuously changing customer demand. The EC2 instances are part of an Auto Scaling group. The company wants to implement a solution to distribute traffic from customers to the EC2 instances. The company must encrypt all traffic at all stages between the customers and the application servers. No decryption at intermediate points is allowed.
Which solution will meet these requirements?

Answer options

• A. Create an Application Load Balancer (ALB). Add an HTTPS listener to the ALB. Configure the Auto Scaling group to register instances with the ALB's target group.
• B. Create an Amazon CloudFront distribution. Configure the distribution with a custom SSL/TLS certificate. Set the Auto Scaling group as the distribution's origin.
• C. Create a Network Load Balancer (NLB). Add a TCP listener to the NLB. Configure the Auto Scaling group to register instances with the NLB's target group.
• D. Create a Gateway Load Balancer (GLB). Configure the Auto Scaling group to register instances with the GLB's target group.

Correct answer: C

Explanation

The correct answer is C, as a Network Load Balancer (NLB) can handle TCP traffic efficiently and allows for end-to-end encryption without decrypting the traffic at intermediate points. Option A, while using HTTPS, is more suited for HTTP traffic and may not fully meet the encryption requirement at all stages. Option B, using CloudFront, involves caching and potentially decrypting traffic, which violates the no decryption requirement. Option D, Gateway Load Balancer, is not designed for this type of traffic management and encryption scenario.