A company hosts a video streaming application in a VPC using a Network Load Balancer (NLB) to handle TCP traffic for real-time processing. There have been unauthorized access attempts. The company wants to improve security with minimal architectural changes to prevent unauthorized access attempts. Which solution meets these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Recreate the NLB with a security group that allows only trusted IP addresses..
Why this is the answer
The correct solution is to recreate the NLB with a security group that allows only trusted IP addresses. Network Load Balancers (NLBs) do not directly support security groups. However, the instances or targets behind the NLB can be associated with security groups. Recreating the NLB and configuring security groups on the backend instances to allow only trusted IP addresses effectively filters unauthorized access attempts at the instance level, providing the desired security with minimal architectural changes to the overall application flow. Implementing AWS WAF rules directly on the NLB is incorrect because NLBs do not integrate with WAF. Deploying a second NLB in parallel is an unnecessary architectural change and adds complexity without directly addressing the security filtering at the NLB level. AWS Shield Advanced provides DDoS protection but does not prevent unauthorized access attempts from specific IP addresses; it's a different security layer.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed