AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 56
A company deploys a new web application on Amazon EC2 instances. The application runs in private subnets in three Availability Zones behind an Application Load Balancer (ALB). Security auditors require encryption of all connections. The company uses Amazon Route 53 for DNS and uses AWS Certificate Manager (ACM) to automate SSL/TLS certificate provisioning. SSL/TLS connections are terminated on the ALB.
The company tests the application with a single EC2 instance and does not observe any problems. However, after production deployment, users report that they can log in but that they cannot use the application. Every new web request restarts the login process.
What should a network engineer do to resolve this issue?
Answer options
- A. Modify the ALB listener configuration. Edit the rule that forwards traffic to the target group. Change the rule to enable group-level stickiness. Set the duration to the maximum application session length.
- B. Replace the ALB with a Network Load Balancer. Create a TLS listener. Create a new target group with the protocol type set to TLS Register the EC2 instances. Modify the target group configuration by enabling the stickiness attribute.
- C. Modify the ALB target group configuration by enabling the stickiness attribute. Use an application-based cookie. Set the duration to the maximum application session length.
- D. Remove the ALB. Create an Amazon Route 53 rule with a failover routing policy for the application name. Configure ACM to issue certificates for each EC2 instance.
Correct answer: C
Explanation
The correct answer is C because enabling the stickiness attribute in the ALB target group with an application-based cookie ensures that user sessions are maintained correctly, preventing users from being logged out after each request. Option A suggests modifying the ALB listener instead of the target group, which does not directly solve the session issue. Option B proposes replacing the ALB with a Network Load Balancer, which is unnecessary and does not address the session stickiness. Option D suggests removing the ALB entirely, which would disrupt the application’s load balancing and does not solve the underlying problem.