Which solutions could a security engineer use to meet these requirements?

By:
In: SCS-C01
Tagged:
With: 1 Comment
A company has an application that processes personally identifiable information (PII).The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB).The company’s security policies require that data is encrypted in transit at all times to avoid the possibility of exposing any PII in plaintext.

Which solutions could a security engineer use to meet these requirements?

(Choose two.)

Terminate SSL from clients on the existing ALB. Use HTTPS to connect from the ALB to the EC2 instances.

Replace the existing ALB with a Network Load Balancer (NLB). On the NLB, configure an SSL listener and TCP passthrough to receive client connections. Terminate HTTPS traffic from the NLB on the EC2 instances.

Replace the existing ALB with a Network Load Balancer (NLB). On the NLB, configure TCP passthrough to receive client connections. Terminate SSL from the NLB on the EC2 instances.

Configure a Network Load Balancer (NLB) with TCP passthrough to receive client connections. Terminate SSL on the existing ALB.

Configure a Network Load Balancer (NLB) with a TLS listener to receive client connections. Configure TCP passthrough on the existing ALB so that the NLB can reach the EC2 instances.Terminate SSL from the ALB on the EC2 instances.

2025-10-08

1 Comment

  1. Adam
    Author

    I assess that the answer is:
    Terminate SSL from clients on the existing ALB. Use HTTPS to connect from the ALB to the EC2 instances.

Leave a Reply to Adam Cancel reply

Your email address will not be published. Required fields are marked *

five + 19 =