A company runs a three-tier application on AWS that ingests sensor data from user devices. Traffic passes through a Network Load Balancer (NLB) to EC2 instances for the web tier and then to EC2 instances for the application tier, which call a database. What should a solutions architect do to improve the security of data in transit?
Choose an answer
Tap an option to check your answer.
Correct answer: Configure a TLS listener. Deploy the server certificate on the NLB..
Why this is the answer
Configuring a TLS listener on the Network Load Balancer (NLB) and deploying a server certificate directly addresses the security of data in transit by encrypting communication between the client and the NLB. This ensures that sensor data is protected as it enters the AWS environment. AWS Shield Advanced and AWS WAF protect against DDoS attacks and web exploits, respectively, but do not encrypt data in transit at the NLB level. Changing to an Application Load Balancer (ALB) would allow for TLS termination, but an NLB can also handle TLS, and the question specifically asks to improve security of data in transit with the existing NLB. Encrypting EBS volumes protects data at rest, not data in transit.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed