Why does an AWS Network Load Balancer preserve the source IP address of the client by default, and what is the impact on backend targets?

hard📝 Conceptual Q10 of 15

AWS - Elastic Load Balancing

ATo hide client IPs for security, so targets see only NLB IPs

BTo enable TLS termination at the NLB, decrypting traffic before forwarding

CTo allow backend targets to see the original client IP, requiring targets to accept traffic from client IPs

DTo balance load evenly by rewriting source IPs to NLB IPs

Step-by-Step Solution

Solution:

Step 1: Understand source IP preservation
NLB preserves the original client IP so backend targets can log and use the real client address.
Step 2: Impact on backend targets
Targets must accept traffic from client IPs directly, which may require security group rules allowing those IPs.
Final Answer:
To allow backend targets to see the original client IP, requiring targets to accept traffic from client IPs -> Option C
Quick Check:
Source IP preserved = targets see real client IP [OK]

Quick Trick: NLB keeps client IP so targets can identify source [OK]

Common Mistakes:

Master "Elastic Load Balancing" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes