A company has a few dozen application servers in private subnets behind an Elastic Load Balancer (ELB) in an AWS Auto Scaling group. The application is accessed from the web over HTTPS. The data must always be encrypted in transit. The Security Engineer is worried about potential key exposure due to vulnerabilities in the application software. Which approach will meet these requirements while protecting the external certificate during a breach?
A) Use a Network Load Balancer (NLB) to pass through traffic on port 443 from the internet to port 443 on the instances.
B) Purchase an external certificate, and upload it to the AWS Certificate Manager (for use with the ELB) and to the instances. Have the ELB decrypt traffic, and route and re-encrypt with the same certificate.
C) Generate an internal self-signed certificate and apply it to the instances. Use AWS Certificate Manager to generate a new external certificate for the ELB. Have the ELB decrypt traffic, and route and re-encrypt with the internal certificate.
D) Upload a new external certificate to the load balancer. Have the ELB decrypt the traffic and forward it on port 80 to the instances.
Correct Answer:
Verified
Q59: A company plans to move most of
Q60: A Security Engineer must design a system
Q61: A Security Engineer for a large company
Q62: A company had one of its Amazon
Q63: A company has five AWS accounts and
Q65: Which of the following are valid event
Q66: A company is building a data lake
Q67: A Security Engineer must implement mutually authenticated
Q68: The AWS Systems Manager Parameter Store is
Q69: A company uses user data scripts that
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents