AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.

The question requires a solution that supports encryption in transit without decryption between the client and the backend, mutual TLS for two-way authentication, and scalability to thousands of simultaneous connections. Option A suggests using a Network Load Balancer (NLB) with a TCP listener on port 443. NLBs operate at the transport layer (Layer 4) and can handle the encryption and decryption of traffic, supporting mutual TLS without decrypting the traffic between the client and the backend. This setup is ideal for high throughput and low latency requirements, making it suitable for scaling up to thousands of simultaneous connections. Option B, using an Application Load Balancer (ALB) with an HTTPS listener, would decrypt the traffic at the ALB, which does not meet the requirement of not decrypting traffic between the client and the backend. Options C and D involve creating target groups and adding the EKS managed node group's Auto Scaling group as a target, which does not directly address the requirement for mutual TLS and the specific need for encryption in transit without decryption between the client and the backend. Therefore, the correct answer is A.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company is designing a service that mandates encryption in transit, ensuring traffic remains encrypted from the client to the backend. The service will utilize the gRPC protocol over TCP port 443 and must support thousands of concurrent connections. The backend will be deployed on an Amazon EKS cluster with Kubernetes Cluster Autoscaler and Horizontal Pod Autoscaler enabled. Mutual TLS is required for two-way authentication between the client and the backend.

Which solution fulfills these requirements?

Exam-Like

Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.

100.0%

Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the IP addresses of the backend service Pods.

0.0%

Create a target group. Add the EKS managed node group's Auto Scaling group as a target Create an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the target group.

Create a target group. Add the EKS managed node group’s Auto Scaling group as a target. Create a Network Load Balancer with a TLS listener on port 443 to forward traffic to the target group.