AWS Certified Security – Specialty — Question 27

Compliance requirements state that all communications between company on-premises hosts and EC2 instances be encrypted in transit. Hosts use custom proprietary protocols for their communication, and EC2 instances need to be fronted by a load balancer for increased availability.
Which of the following solutions will meet these requirements?

Answer options

• A. Offload SSL termination onto an SSL listener on a Classic Load Balancer, and use a TCP connection between the load balancer and the EC2 instances.
• B. Route all traffic through a TCP listener on a Classic Load Balancer, and terminate the TLS connection on the EC2 instances.
• C. Create an HTTPS listener using an Application Load Balancer, and route all of the communication through that load balancer.
• D. Offload SSL termination onto an SSL listener using an Application Load Balancer, and re-spawn and SSL connection between the load balancer and the EC2 instances.

Correct answer: B

Explanation

Option B is correct because it ensures that the traffic is encrypted using TLS at the EC2 instances while allowing the Classic Load Balancer to manage the TCP connections. Option A does not encrypt the communication between the EC2 instances, and options C and D use HTTP/HTTPS listeners, which are not suitable for custom proprietary protocols that require TCP communication.