Examice

Exam ANS-C01 All QuestionsBrowse all questions from this exam

Question 134

A company has developed a new web application on AWS. The application runs on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate behind an Application Load Balancer (ALB) in the us-east-1 Region. The application uses Amazon Route 53 to host the DNS records for the domain. The content that is served from the website is mostly static images and files that are not updated frequently. Most of the traffic to the website from end users will originate from the United States. Some traffic will originate from Canada and Europe.

A network engineer needs to design a solution that will reduce latency for end users at the lowest cost. The solution also must ensure that all traffic is encrypted in transit until the traffic reaches the ALB.

Which solution will meet these requirements?

Configure the ALB to use an AWS Global Accelerator accelerator in us-east-1. Create a secure HTTPS listener. Create an alias record in Amazon Route 53 for the custom domain name. Configure the alias record to route to the DNS name that is assigned to the accelerator for the ALB.

Configure the ALB to use a secure HTTPS listener. Create an Amazon CloudFront distribution. Set the origin domain name to point to the DNS record that is assigned to the ALConfigure the CloudFront distribution to use an SSL certificate. Set all behaviors to force HTTPS. Create an alias record in Amazon Route 53 for the custom domain name. Configure the alias record to route to the DNS name that is assigned to the ALB.

Configure the ALB to use a secure HTTPS listener. Create an Amazon CloudFront distribution. Set the origin domain name to point to the DNS record that is assigned to the ALB. Configure the CloudFront distribution to use an SSL certificate and redirect HTTP to HTTPS. Create an alias record in Amazon Route 53 for the custom domain name. Configure the alias record to route to the CloudFront distribution.

Configure the ALB to use an AWS Global Accelerator accelerator in us-east-1. Create a secure HTTPS listener. Create a second application stack on Amazon ECS on Fargate in the eu-west-1 Region. Create another secure HTTPS listener. Create an alias record in Amazon Route 53 for the custom domain name. Configure the alias record to use a latency-based routing policy to route to the DNS name that is assigned to the accelerator for the ALBs.

Correct Answer: C

To meet the requirements of reducing latency for end users while ensuring that all traffic is encrypted in transit until it reaches the ALB, the best solution is to use an Amazon CloudFront distribution. This will cache the mostly static content at edge locations, reducing latency for users in different regions. Additionally, configuring the CloudFront to use an SSL certificate and redirect HTTP to HTTPS ensures that all traffic is encrypted in transit. Creating an alias record in Amazon Route 53 to route to the CloudFront distribution completes the setup.

Discussion

TravelKoOption: C

C is the right answer. Route 53 record points to Cloudfront default DNS name.

JosMoOption: C

Answer: C because it redirect the HTTP to HTTPS. B, enforce HTTPS, which is good but not optimal

lygfOption: C

Global Accelerator needs NLB and static IP address which ALB won't have. A & D is out. When you create a distribution, CloudFront assigns a domain name to the distribution, such as d111111abcdef8.cloudfront.net. You can use this domain name in the URLs for your content. When you use a Route 53 domain name with a CloudFront distribution, use Amazon Route 53 to create an alias record that points to your CloudFront distribution. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html

fmunozse

Fyi, Global accelerator works With alb, https://aws.amazon.com/blogs/networking-and-content-delivery/improving-availability-and-performance-for-application-load-balancers-using-one-click-integration-with-aws-global-accelerator/

PratapOption: B

B seems to be the right Answer

[Removed]

Enforcing HTTPS will reject any HTTP traffic, , which is not optimal compared to redirecting HTTP traffic to HTTPS. HTTP redirects are generally faster than HTTP rejects from a performance perspective. Option C is more optimal.

6e5b127Option: A

The solution also MUST ensure that all traffic is encrypted in transit until the traffic reaches the ALB. CloudFront terminates SSL at the edge. This means that while traffic is encrypted from the user to CloudFront, CloudFront would then establish a new SSL connection to the origin. So the answer is A.

JoellaLiOption: C

We choose CloudFront not Accelerator since the sentence 'The content that is served from the website is mostly static images and files that are not updated frequently. '