AWS Certified SysOps Administrator – Associate — Question 256
A company has an existing public web application for www.example.com. The Application Load Balancer (ALB) is configured with a single HTTP 80 listener. A SysOps administrator must ensure that all web requests to www.example.com are encrypted between the client and the ALB.
The SysOps administrator already has requested and validated a public certificate for www.example.com in AWS Certificate Manager (ACM). Existing users of the application must not be required to change the endpoint to which they are connecting.
Which additional set of steps should the SysOps administrator take to meet these requirements?
Answer options
- A. Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate.
- B. Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate. Delete the original HTTP listener on port 80.
- C. Modify the ALB default rule for the HTTP port 80 listener. Create a rule in the listener to forward all traffic for the host www example.com to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate.
- D. Modify the ALB default rule for the HTTP port 80 listener to redirect to HTTPS on port 443. Create an additional HTTPS listener on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www example.com as the default SSL certificate.
Correct answer: D
Explanation
The correct answer is D because it not only sets up an HTTPS listener for secure connections but also redirects HTTP traffic to HTTPS, ensuring that users maintain the same endpoint. Option A does not include the necessary redirection from HTTP to HTTPS, while Option B incorrectly suggests deleting the HTTP listener, which would disrupt existing users. Option C fails to implement the needed redirection and only modifies the HTTP listener.