AWS Certified SysOps Administrator – Associate (legacy) — Question 843

A user has configured an HTTPS listener on an ELB. The user has not configured any security policy which can help to negotiate SSL between the client and ELB.
What will ELB do in this scenario?

Answer options

• A. By default, ELB will select the first version of the security policy
• B. By default, ELB will select the latest version of the policy
• C. ELB creation will fail without a security policy
• D. It is not required to have a security policy since SSL is already installed

Correct answer: B

Explanation

When configuring an HTTPS listener on an ELB without specifying a security policy, AWS automatically assigns the default security policy, which corresponds to the latest version. This ensures that the ELB uses the most secure and up-to-date ciphers and protocols for SSL negotiation. Other options are incorrect because the ELB requires a policy to negotiate SSL, it does not fail during creation, and it defaults to the newest version rather than the first version.