Which of the following options would you consider for c…

You are designing an SSUTLS solution that requires HTTPS clients to be authenticated by the Web server
using client certificate authentication. The solution must be resilient.
Which of the following options would you consider for configuring the web server infrastructure? (Choose 2
answers)

You are designing an SSUTLS solution that requires HTTPS clients to be authenticated by the Web server
using client certificate authentication. The solution must be resilient.
Which of the following options would you consider for configuring the web server infrastructure? (Choose 2
answers)

A.
Configure ELB with TCP listeners on TCP/4d3. And place the Web servers behind it.

B.
Configure your Web servers with EIPS Place the Web servers in a Route53 Record Set and configure
health checks against all Web servers.

C.
Configure ELB with HTTPS listeners, and place the Web servers behind it.

D.
Configure your web servers as the origins for a CloudFront distribution. Use custom SSL certificates on your
CloudFront distribution.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


McEphin

McEphin

McEphin

Currently, ELBs cannot support authentication for the client side SSL/TLS cert required for two-way SSL authentication to succeed. Therefore, you only have two options:

A. Configure the ELB with a TCP/443 listener. This is effectively TLS “pass through” mode, where the TLS connection does not terminate on the ELB, it is passed through and decrypted on the back-end servers. This will cause quite a bit of CPU overhead on the back-end instances, due to the lack of TLS offload that cannot happen on the ELB, so an auto-scaling group which monitors the web server CPU metrics would be essential here. (Not that you probably wouldn’t have it anyway, just saying!)

B. Don’t use an ELB. Just have the web servers act as the endpoint for the traffic, and let Route53 DNS serve in the place of the ELB by load balancing client DNS queries across the web servers.

C and D are not options here, since neither are supported by AWS.