Which additional set of steps should the SysOps administrator take to meet these requirements?

By:
On:
In: SOA-C02
Tagged:
With: 0 Comments
A company has an existing public web application for www.example.com.The Application Load Balancer (ALB) is configured with a single HTTP 80 listener.A SysOps administrator must ensure that all web requests to www.example.com are encrypted between the client and the ALB.The SysOps administrator already has requested and validated a public certificate for www.example.com in AWS Certificate Manager (ACM).Existing users of the application must not be required to change the endpoint to which they are connecting.

Which additional set of steps should the SysOps administrator take to meet these requirements?

Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate.

Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate. Delete the original HTTP listener on port 80.

Modify the ALB default rule for the HTTP port 80 listener. Create a rule in the listener to forward all traffic for the host www example.com to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate.

Modify the ALB default rule for the HTTP port 80 listener to redirect to HTTPS on port 443. Create an additional HTTPS listener on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www example.com as the default SSL certificate.

Explanations:

Adding an HTTPS listener on port 443 with the ACM certificate is correct, but without a redirect from HTTP to HTTPS on port 80, users could still connect over HTTP. This does not fully meet the requirement of ensuring encryption between the client and the ALB for all requests.

Similar to Option A, creating an HTTPS listener on port 443 is correct. However, deleting the original HTTP listener means existing users would be unable to access the application at all, breaking the requirement to not change the endpoint.

Modifying the default rule on the HTTP listener to forward traffic directly to the target group does not enforce HTTPS encryption. This would leave traffic unencrypted as it would bypass the HTTPS listener.

Modifying the HTTP listener to redirect traffic to HTTPS ensures that all connections are encrypted. Creating an HTTPS listener on port 443 with the ACM certificate ensures secure communication, fulfilling the encryption requirement without requiring endpoint changes for users.

Leave a Reply

Your email address will not be published. Required fields are marked *

seventeen − 16 =