An ecommerce company is developing new architecture for an application release. The compa…

Question

An ecommerce company is developing new architecture for an application release. The company needs to implement TLS for incoming traffic to the application. Traffic for the application will originate from the internet. TLS does not have to be implemented in an end-to-end configuration because the company is concerned about impacts on performance The incoming traffic types will be HTTP and HTTPS The application uses ports 80 and 443. What should a security engineer do to meet these requirements?

Accepted Answer

Correct answer: A. A. Create a public Application Load Balancer. Create two listeners: one listener on port 80 and one listener on port 443. Create one target group. Create a rule to forward traffic from port 80 to the listener on port 443. Provision a public TLS certificate in AWS Certificate Manager (ACM). Attach the certificate to the listener on port 443. — Option A is correct because it sets up TLS on the appropriate listener (port 443) while forwarding traffic from HTTP (port 80) to HTTPS (port 443), which aligns with the company's requirements. Option B incorrectly attaches the TLS certificate to port 80 instead of 443, which does not provide secure traffic handling. Option C uses a Network Load Balancer where an Application Load Balancer is more suitable for HTTP/HTTPS traffic management. Option D also uses a Network Load Balancer and lacks the necessary forwarding rule from port 80 to 443.

AWS Certified Security – Specialty (SCS-C02) — Question 155

Answer options

Correct answer: A

Explanation