Answer-first summary for fast verification
Answer: Position EC2 instances behind an Application Load Balancer (ALB). Obtain an SSL certificate from AWS Certificate Manager (ACM) and link it to the ALB. Additionally, procure a third-party SSL certificate for each EC2 instance. Configure the ALB to manage HTTPS traffic by listening on port 443 and forwarding it to the same port on the instances.
The requirement is to enable end-to-end encryption in transit between the client and the web server. Amazon-issued public certificates can’t be installed on EC2 instances directly. Hence, to achieve end-to-end encryption, you need to install third-party SSL certificates on each EC2 instance. Option C suggests placing the EC2 instances behind an Application Load Balancer (ALB) with an SSL certificate from AWS Certificate Manager for the ALB and third-party SSL certificates on the EC2 instances. This ensures encryption from the client to the web server. Therefore, Option C is the correct answer.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company intends to deploy a web application on AWS, aiming to distribute incoming traffic evenly across multiple Amazon EC2 instances. A key security criterion is the implementation of full encryption from the client to the web server. What AWS setup would fulfill this end-to-end encryption requirement?
A
Deploy EC2 instances behind an Application Load Balancer (ALB). Use AWS Certificate Manager (ACM) to obtain an SSL certificate, which is then associated with the ALB. Export this certificate to each EC2 instance. Set up the ALB to handle HTTPS traffic by listening on port 443 and forwarding it to the same port on the instances.
B
Group EC2 instances into a target group. Acquire an SSL certificate via AWS Certificate Manager (ACM). Establish an Amazon CloudFront distribution configured with this SSL certificate. Configure CloudFront to direct traffic to the target group serving as the origin server.
C
Position EC2 instances behind an Application Load Balancer (ALB). Obtain an SSL certificate from AWS Certificate Manager (ACM) and link it to the ALB. Additionally, procure a third-party SSL certificate for each EC2 instance. Configure the ALB to manage HTTPS traffic by listening on port 443 and forwarding it to the same port on the instances.
D
Set EC2 instances behind a Network Load Balancer (NLB). Install a third-party SSL certificate on both the NLB and each EC2 instance. Configure the NLB to handle HTTPS traffic by listening on port 443 and forwarding it to the same port on the instances.