AWS Certified Solutions Architect – Associate (SAA-C03) — Question 628

A company runs a web application on Amazon EC2 instances in an Auto Scaling group that has a target group. The company designed the application to work with session affinity (sticky sessions) for a better user experience.

The application must be available publicly over the internet as an endpoint. A WAF must be applied to the endpoint for additional security. Session affinity (sticky sessions) must be configured on the endpoint.

Which combination of steps will meet these requirements? (Choose two.)

Answer options

• A. Create a public Network Load Balancer. Specify the application target group.
• B. Create a Gateway Load Balancer. Specify the application target group.
• C. Create a public Application Load Balancer. Specify the application target group.
• D. Create a second target group. Add Elastic IP addresses to the EC2 instances.
• E. Create a web ACL in AWS WAF. Associate the web ACL with the endpoint

Correct answer: C, E

Explanation

An Application Load Balancer (ALB) is the correct choice because it natively supports both session affinity (sticky sessions) at the HTTP/HTTPS layer and direct integration with AWS WAF. Network Load Balancers and Gateway Load Balancers do not support direct AWS WAF association. To complete the security requirement, a web ACL must be created in AWS WAF and associated directly with the newly created public ALB.