AWS Certified SysOps Administrator – Associate (legacy) — Question 687

A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.
What are possible causes for this problem? (Choose two.)

Answer options

• A. CloudFront does not have the ALB configured as the origin access identity.
• B. The DNS is still pointing to the ALB instead of the CloudFront distribution.
• C. The ALB security group is not permitting inbound traffic from CloudFront.
• D. The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.
• E. The target groups associated with the ALB are configured for sticky sessions.

Correct answer: A, B

Explanation

Option B is correct because if the DNS configuration has not been updated to point to the CloudFront distribution, client requests will continue to resolve directly to the ALB, bypassing CloudFront entirely. Option A is correct because an incorrect configuration of the origin access identity prevents CloudFront from properly associating with and fetching content from the ALB origin. The other options do not prevent traffic from routing through CloudFront or do not explain why the ALB continues to receive the entirety of the unmitigated traffic.