AWS Certified Security – Specialty — Question 165

A security engineer is designing a solution that will provide end-to-end encryption between clients and Docker containers running in Amazon Elastic Container
Service (Amazon ECS). This solution will also handle volatile traffic patterns.
Which solution would have the MOST scalability and LOWEST latency?

Answer options

• A. Configure a Network Load Balancer to terminate the TLS traffic and then re-encrypt the traffic to the containers.
• B. Configure an Application Load Balancer to terminate the TLS traffic and then re-encrypt the traffic to the containers.
• C. Configure a Network Load Balancer with a TCP listener to pass through TLS traffic to the containers.
• D. Configure Amazon Route to use multivalue answer routing to send traffic to the containers.

Correct answer: C

Explanation

The correct answer is C because using a Network Load Balancer with a TCP listener allows for low-latency, high-throughput handling of TLS traffic without needing to terminate it, thus maintaining end-to-end encryption. Options A and B introduce additional latency due to TLS termination and re-encryption, while option D does not provide the necessary low-latency connection for this use case.