ANS-C01 Exam QuestionsBrowse all questions from this exam
Go to Exam

ANS-C01 Exam - Question 134

A company has developed a new web application on AWS. The application runs on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate behind an Application Load Balancer (ALB) in the us-east-1 Region. The application uses Amazon Route 53 to host the DNS records for the domain. The content that is served from the website is mostly static images and files that are not updated frequently. Most of the traffic to the website from end users will originate from the United States. Some traffic will originate from Canada and Europe.

A network engineer needs to design a solution that will reduce latency for end users at the lowest cost. The solution also must ensure that all traffic is encrypted in transit until the traffic reaches the ALB.

Which solution will meet these requirements?

Show Answer
Correct Answer: C

To meet the requirements of reducing latency for end users while ensuring that all traffic is encrypted in transit until it reaches the ALB, the best solution is to use an Amazon CloudFront distribution. This will cache the mostly static content at edge locations, reducing latency for users in different regions. Additionally, configuring the CloudFront to use an SSL certificate and redirect HTTP to HTTPS ensures that all traffic is encrypted in transit. Creating an alias record in Amazon Route 53 to route to the CloudFront distribution completes the setup.

Discussion

6 comments
Sign in to comment
TravelKoOption: C
Jul 15, 2023

C is the right answer. Route 53 record points to Cloudfront default DNS name.

lygfOption: C
Jun 17, 2023

Global Accelerator needs NLB and static IP address which ALB won't have. A & D is out. When you create a distribution, CloudFront assigns a domain name to the distribution, such as d111111abcdef8.cloudfront.net. You can use this domain name in the URLs for your content. When you use a Route 53 domain name with a CloudFront distribution, use Amazon Route 53 to create an alias record that points to your CloudFront distribution. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html

fmunozse
Jul 19, 2023

Fyi, Global accelerator works With alb, https://aws.amazon.com/blogs/networking-and-content-delivery/improving-availability-and-performance-for-application-load-balancers-using-one-click-integration-with-aws-global-accelerator/

JosMoOption: C
Jul 4, 2023

Answer: C because it redirect the HTTP to HTTPS. B, enforce HTTPS, which is good but not optimal

PratapOption: B
Jun 17, 2023

B seems to be the right Answer

[Removed]
Jul 18, 2023

Enforcing HTTPS will reject any HTTP traffic, , which is not optimal compared to redirecting HTTP traffic to HTTPS. HTTP redirects are generally faster than HTTP rejects from a performance perspective. Option C is more optimal.

JoellaLiOption: C
Mar 26, 2024

We choose CloudFront not Accelerator since the sentence 'The content that is served from the website is mostly static images and files that are not updated frequently. '

6e5b127Option: A
Jul 18, 2024

The solution also MUST ensure that all traffic is encrypted in transit until the traffic reaches the ALB. CloudFront terminates SSL at the edge. This means that while traffic is encrypted from the user to CloudFront, CloudFront would then establish a new SSL connection to the origin. So the answer is A.