AWS Certified SysOps Administrator – Associate (legacy) — Question 322

A user is trying to setup a security policy for ELB. The user wants ELB to meet the cipher supported by the client by configuring the server order preference in ELB security policy. Which of the below mentioned preconfigured policies supports this feature?

Answer options

• A. ELBSecurity Policy-2014-01
• B. ELBSecurity Policy-2011-08
• C. ELBDefault Negotiation Policy
• D. ELBSample- OpenSSLDefault Cipher Policy

Correct answer: A

Explanation

The ELBSecurity Policy-2014-01 is a preconfigured policy that supports the Server Order Preference feature, which ensures that the load balancer negotiates the best mutually supported cipher based on the server's preference list. Older policies like ELBSecurity Policy-2011-08 do not support this, while the other options do not enable Server Order Preference by default.