Answer-first summary for fast verification
Answer: Create an Application Load Balancer. Create a target group. Set the protocol to HTTP and the port to 80 for the target group. Turn on session affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTPS listener. Set the default action to forward to the target group. Use AWS Certificate Manager (ACM) to create a certificate for the listener.
The question requires a solution that provides end-to-end encryption, distributes inbound connections across Availability Zones and EC2 instances, and ensures that all connections from the same client session are connected to the same EC2 instance. Option B is the correct answer because it uses an Application Load Balancer (ALB) which supports HTTPS listeners and can distribute traffic across multiple Availability Zones and EC2 instances. It also supports session affinity (sticky sessions) using an application-based cookie policy, ensuring that a client is consistently directed to the same EC2 instance during a session. Additionally, using AWS Certificate Manager (ACM) to create a certificate for the listener ensures end-to-end encryption. Option A is incorrect because it uses a Network Load Balancer (NLB) with TCP protocol, which does not support HTTPS or application-based cookies for session affinity. Option C is incorrect for similar reasons as A, and it also incorrectly suggests using TLS protocol for the target group, which is not a standard practice for this scenario. Option D is incorrect because it suggests creating an HTTP listener on port 443, which is not standard practice for HTTPS traffic.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is migrating an application to a new AWS account, deploying it in a single AWS Region with one VPC spanning multiple Availability Zones. The application runs on Amazon EC2 instances placed in private subnets, with multiple instances per Availability Zone. Clients access the application via HTTPS through a web browser. Inbound traffic must be evenly distributed across Availability Zones and EC2 instances, while ensuring all requests from a single client session are routed to the same EC2 instance. End-to-end encryption between clients and the application must be maintained using the application's SSL certificate.
Which solution meets these requirements?
A
Create a Network Load Balancer. Create a target group. Set the protocol to TCP and the port to 443 for the target group. Turn on session affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TCP and the port to 443 for the listener. Deploy SSL certificates to the EC2 instances.
B
Create an Application Load Balancer. Create a target group. Set the protocol to HTTP and the port to 80 for the target group. Turn on session affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTPS listener. Set the default action to forward to the target group. Use AWS Certificate Manager (ACM) to create a certificate for the listener.
C
Create a Network Load Balancer. Create a target group. Set the protocol to TLS and the port to 443 for the target group. Turn on session affinity (sticky sessions). Register the EC2 instances as targets. Create a listener. Set the protocol to TLS and the port to 443 for the listener. Use AWS Certificate Manager (ACM) to create a certificate for the application.
D
Create an Application Load Balancer. Create a target group. Set the protocol to HTTPS and the port to 443 for the target group. Turn on session affinity (sticky sessions) with an application-based cookie policy. Register the EC2 instances as targets. Create an HTTP listener. Set the port to 443 for the listener. Set the default action to forward to the target group.