You are designing an SSL/TLS solution that requires HTTPS clients to be authenticated by the
Web server using client certificate authentication. The solution must be resilient.
Which of the following options would you consider for configuring the Web server infrastructure?
Choose 2 answers
A.
Configure your Web servers as the origins for a CloudFront distribution.
Use custom SSL certificates on your CloudFront distribution.
B.
Configure ELB with TCP listeners on TCP/443, and place the Web servers behind it.
C.
Configure your Web servers with EIPs.
Place the Web servers in a Route53 Record Set, and configure health checks against all Web
servers.
D.
Configure ELB with HTTPS listeners, and place the Web servers behind it.
Explanation:
TCP/443 or HTTPS listener either way you can configure, but you can only upload ssl certificate
on HTTPS listener.
BC
2
0
Agree, BC are correct answers.
Client-side certificate (authentication) is not supported by ELB or CloudFront.
2
0
Answer B & C
A. Configure your web servers as the origins for a CloudFront distribution. Use custom SSL certificates on your CloudFront distribution (CloudFront does not Client-Side ssl certificates)
B. Configure ELB with TCP listeners on TCP/443. And place the Web servers behind it. (terminate SSL on the instance using client-side certificate)
C. Configure your Web servers with EIPs. Place the Web servers in a Route53 Record Set and configure health checks against all Web servers. (Remove ELB and use Web Servers directly with Route 53)
D. Configure ELB with HTTPS listeners, and place the Web servers behind it. (ELB with HTTPs does not support Client-Side certificates)
1
0