SAP-C02 第 49 题
题目
A company is planning to host a web application on AWS and wants to load balance the traffic across a group of Amazon EC2 instances. One of the security requirements is to enable end-to-end encryption in transit between the client and the web server. Which solution will meet this requirement?
中文翻译:
一家公司计划在 AWS 上托管 Web 应用程序,并希望在一组 Amazon EC2 实例之间实现流量负载均衡。安全要求之一是在客户端和 Web 服务器之间的传输中启用端到端加密。哪种解决方案可以满足这个要求?
选项
A. Place the EC2 instances behind an Application Load Balancer (ALB). Provision an SSL certificate using AWS Certificate Manager (ACM), and associate the SSL certificate with the ALB. Export the SSL certificate and install it on each EC2 instance. Configure the ALB to listen on port 443 and to forward traffic to port 443 on the instances. 443。
中文翻译:
将 EC2 实例放置在应用程序负载均衡器 (ALB) 后面。使用 AWS Certificate Manager (ACM) 预置 SSL 证书,并将 SSL 证书与 ALB 关联。导出 SSL 证书并将其安装在每个 EC2 实例上。配置 ALB 以侦听端口 443 并将流量转发到实例上的端口 443。 443。
B. Associate the EC2 instances with a target group. Provision an SSL certificate using AWS Certificate Manager (ACM). Create an Amazon CloudFront distribution and configure it to use the SSL certificate. Set CloudFront to use the target group as the origin server.
中文翻译:
将 EC2 实例与目标组关联。使用 AWS Certificate Manager (ACM) 预置 SSL 证书。创建 Amazon CloudFront 分配并将其配置为使用 SSL 证书。将 CloudFront 设置为使用目标组作为源服务器。
C. Place the EC2 instances behind an Application Load Balancer (ALB) Provision an SSL certificate using AWS Certificate Manager (ACM), and associate the SSL certificate with the ALB. Provision a third-party SSL certificate and install it on each EC2 instance. Configure the ALB to listen on port 443 and to forward traffic to port 443 on the instances.
中文翻译:
将 EC2 实例置于 Application Load Balancer (ALB) 后面 使用 AWS Certificate Manager (ACM) 预置 SSL 证书,并将 SSL 证书与 ALB 关联。配置第三方 SSL 证书并将其安装在每个 EC2 实例上。配置 ALB 以侦听端口 443 并将流量转发到实例上的端口 443。
D. Place the EC2 instances behind a Network Load Balancer (NLB). Provision a third-party SSL certificate and install it on the NLB and on each EC2 instance. Configure the NLB to listen on port 443 and to forward traffic to port 443 on the instances.
中文翻译:
将 EC2 实例放置在网络负载均衡器 (NLB) 后面。配置第三方 SSL 证书并将其安装在 NLB 和每个 EC2 实例上。将 NLB 配置为侦听端口 443 并将流量转发到实例上的端口 443。
答案
C
解析
正确答案:C 解析: 本题应选择 C。 正确选项: C. 将 EC2 实例置于 Application Load Balancer (ALB) 后面 使用 AWS Certificate Manager (ACM) 预置 SSL 证书,并将 SSL 证书与 ALB 关联。配置第三方 SSL 证书并将其安装在每个 EC2 实例上。配置 ALB 以侦听端口 443 并将流量转发到实例上的端口 443。 选择理由: 该选项最直接地满足题干中的...