What should a solutions architect do to improve the security of data in transit to the web tier?

By:
In: SAA-C02
Tagged:
With: 2 Comments
A company has a three-tier environment on AWS that ingests sensor data from its users’ devices.The traffic flows through a Network Load Balancer (NLB) then toAmazon EC2 instances for the web tier, and finally toEC2 instances for the application tier that makes database calls.

What should a solutions architect do to improve the security of data in transit to the web tier?

Configure a TLS listener and add the server certificate on the NLB.

Configure AWS Shield Advanced and enable AWS WAF on the NLB.

Change the load balancer to an Application Load Balancer and attach AWS WAF to it.

Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances using AWS Key Management Service (AWS KMS).

Explanations:

Configuring a TLS listener and adding a server certificate on the NLB ensures encryption of data in transit to the web tier, securing data as it flows through the network.

AWS Shield Advanced and AWS WAF protect against DDoS and web application threats but do not directly encrypt data in transit.

An Application Load Balancer with AWS WAF improves security against application threats but does not directly secure data in transit.

Encrypting Amazon EBS volumes secures data at rest on EC2 instances but does not secure data in transit to the web tier.

2026-03-21

2 Comments

  1. Ethan
    Author

    I outline that the answer is:
    Configure a TLS listener and add the server certificate on the NLB.

  2. Rebecca
    Author

    As far as I’m aware, the answer is:
    Configure a TLS listener and add the server certificate on the NLB.

Leave a Reply

Your email address will not be published. Required fields are marked *

three × four =