AWS Certified SysOps Administrator – Associate (legacy) — Question 356
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. The ELB security policy supports various ciphers. Which of the below mentioned options helps identify the matching cipher at the client side to the ELB cipher list when client is requesting ELB DNS over
SSL?
Answer options
- A. Cipher Protocol
- B. Client Configuration Preference
- C. Server Order Preference
- D. Load Balancer Preference
Correct answer: C
Explanation
Elastic Load Balancing uses the Server Order Preference feature to negotiate secure connections between the client and the load balancer. When this option is enabled, the ELB prioritizes its own cipher list and selects the first matching cipher that the client also supports. If Server Order Preference is disabled, the load balancer will defer to the client's preferred order of ciphers instead.