A company wants to deploy a distributed web application on a fleet of EC2 instances. The fleet will be fronted by a Classic Load Balancer that will be configured to terminate the TLS connection. The company wants to make sure that all past and current TLS traffic to the Classic Load Balancer stays secure, even if the certificate private key is leaked. To ensure the company meets these requirements, a Security Engineer can configure a Classic Load Balancer with:
A) An HTTPS listener that uses a certificate that is managed by Amazon Certification Manager.
B) An HTTPS listener that uses a custom security policy that allows only perfect forward secrecy cipher suites.
C) An HTTPS listener that uses the latest AWS predefined ELBSecurityPolicy-TLS-1-2-2017-01 security policy.
D) A TCP listener that uses a custom security policy that allows only perfect forward secrecy cipher suites.
Correct Answer:
Verified
Q245: A company's architecture requires that its three
Q246: A company's AWS CloudTrail logs are all
Q247: A company needs to encrypt all of
Q248: A company is building an application on
Q249: A company uses an external identity provider
Q251: A city is implementing an election results
Q252: A user is implementing a third-party web
Q253: A company has developed a new Amazon
Q254: An audit determined that a company's Amazon
Q255: A company has two AWS accounts: Account
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents