Multiple Choice
Example.com is hosted on Amazon EC2 instance behind an Application Load Balancer (ALB) . Third-party host intrusion detection system (HIDS) agents that capture the traffic of the EC2 instance are running on each host. The company must ensure they are using privacy enhancing technologies for users, without losing the assurance the third-party solution offers. What is the MOST secure way to meet these requirements?
A) Enable TLS pass through on the ALB, and handle decryption at the server using Elliptic Curve Diffie-Hellman (ECDHE) cipher suites.
B) Create a listener on the ALB that uses encrypted connections with Elliptic Curve Diffie-Hellman (ECDHE) cipher suites, and pass the traffic in the clear to the server.
C) Create a listener on the ALB that uses encrypted connections with Elliptic Curve Diffie-Hellman (ECDHE) cipher suites, and use encrypted connections to the servers that do not enable Perfect Forward Secrecy (PFS) .
D) Create a listener on the ALB that does not enable Perfect Forward Secrecy (PFS) cipher suites, and use encrypted connections to the servers using Elliptic Curve Diffie-Hellman (ECDHE) cipher suites.
Correct Answer:
Verified
Correct Answer:
Verified
Q83: An organization is using Amazon CloudWatch Logs
Q84: The Security Engineer for a mobile game
Q85: A recent security audit found that AWS
Q86: An audit determined that a company's Amazon
Q87: An organization wants to log all AWS
Q89: A company website runs on Amazon EC2
Q90: A company's Information Security team wants to
Q91: A company uses AWS CodePipeline for its
Q92: A company is running an application on
Q93: A company is designing the security architecture