AWS Certified SysOps Administrator – Associate — Question 244

A company has a secure website running on Amazon EC2 instances behind an Application Load Balancer (ALB). An SSL certificate from AWS Certificate Manager (ACM) is used on the ALB. Users with legacy web browsers are experiencing issues with the website.

How should the SysOps administrator resolve these issues in the MOST operationally efficient manner?

Answer options

• A. Create a new SSL certificate in ACM and install the new certificate on the ALB to support legacy web browsers.
• B. Create a second ALB and install a custom SSL certificate with a different domain name on the second ALB to support legacy web browsers.
• C. Remove the ALB from the configuration and install a custom SSL certificate on each web server.
• D. Update the SSL negotiation configuration of the ALB with a security policy that contains ciphers for legacy web browsers.

Correct answer: D

Explanation

The correct answer is D because adjusting the SSL negotiation settings allows the ALB to support older browsers without needing to create new certificates or infrastructure. Options A and B involve unnecessary creation of new certificates or ALBs, which increases complexity, while option C completely removes the advantages of using an ALB and would require significant reconfiguration.