Amazon Exam AWS-SysOps Topic 3 Question 4 Discussion

Actual exam question for Amazon's AWS-SysOps exam

Question #: 4
Topic #: 3

A company operate a secure website running an Amazon EC2 instance behind a Classic Load Balancer. An SSL certificate from AWS Certificate Manager is deployment on the load balancer. The company's Marketing team has determined that too many customer using older browser are experiencing issues with the website has asked a SysOps Administrator to fix this issue.

What course of action should the administrator take?

AUpdate the SSL negotiation configuration of the load balancer by creating a custom security policy. Ensure the appropriate cipher has been enabled so that the web application can support the web browser.

BCreate a separate Classic Load Balancer and install custom SSL certificate with a different domain name on it that support the web browser. Ask customer with the affected browser to use this domain name instead of the one they are accustomed to using.

CCreate a new SSL certificate in Certificate Manager and install this certificate on each of the servers to accommodates the web browsers.

DRemove the load balancer from the configuration and instead install a custom SSL certificate on each of the web servers.

Show Suggested Answer

Suggested Answer: A

Update the SSL Negotiation Configuration of Your Classic Load Balancer

Elastic Load Balancing provides security policies that have predefined SSL negotiation configurations to use to negotiate SSL connections between clients and your load balancer. If you are using the HTTPS/SSL protocol for your listener, you can use one of the predefined security policies, or use your own custom security policy.

For more information about the security policies, see SSL Negotiation Configurations for Classic Load Balancers. For information about the configurations of the security policies provided by Elastic Load Balancing, see Predefined SSL Security Policies.

If you create an HTTPS/SSL listener without associating a security policy, Elastic Load Balancing associates the default predefined security policy, ELBSecurityPolicy-2016-08, with your load balancer.

If you have an existing load balancer with an SSL negotiation configuration that does not use the latest protocols and ciphers, we recommend that you update your load balancer to use ELBSecurityPolicy-2016-08. If you prefer, you can create a custom configuration. We strongly recommend that you test the new security policies before you upgrade your load balancer configuration.

The following examples show you how to update the SSL negotiation configuration for an HTTPS/SSL listener. Note that the change does not affect requests that were received by a load balancer node and are pending routing to a healthy instance, but the updated configuration will be used with new requests that are received.

by Raymon at May 26, 2022, 06:27 AM

Limited Time Offer

25%

Off

Get Premium AWS-SysOps Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!