AWS Certified Security – Specialty (SCS-C02) — Question 299

A security engineer is designing a solution that will provide end-to-end encryption between clients and Docker containers running in Amazon Elastic Container Service (Amazon ECS). This solution will also handle volatile traffic patterns.

Which solution would have the MOST scalability and LOWEST latency?

Answer options

• A. Configure a Network Load Balancer to terminate the TLS traffic and then re-encrypt the traffic to the containers.
• B. Configure an Application Load Balancer to terminate the TLS traffic and then re-encrypt the traffic to the containers.
• C. Configure a Network Load Balancer with a TCP listener to pass through TLS traffic to the containers.
• D. Configure Amazon Route 53 to use multivalue answer routing to send traffic to the containers.

Correct answer: C

Explanation

Configuring a Network Load Balancer (NLB) with a TCP listener allows TLS traffic to pass through directly to the Amazon ECS containers, ensuring true end-to-end encryption with the lowest possible latency. This Layer 4 pass-through avoids the computational overhead of TLS termination and re-encryption required by options A and B. Amazon Route 53 multivalue routing does not provide the robust, real-time load balancing and health checking needed to handle highly volatile containerized traffic patterns.