Challenge - 5 Problems

🎖️

SSL/TLS Termination Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ service_behavior

intermediate

2:00remaining

How does SSL/TLS termination affect backend servers?

When SSL/TLS termination is configured on a load balancer, what is the effect on the backend servers?

ABackend servers receive encrypted traffic and must decrypt it themselves.

BBackend servers receive unencrypted traffic because the load balancer decrypts it first.

CBackend servers do not receive any traffic; the load balancer handles all requests internally.

DBackend servers receive traffic encrypted with a different certificate than the client.

Attempts:

2 left

❓ Architecture

intermediate

2:00remaining

Choosing SSL/TLS termination location for a web app

You have a web application hosted on AWS behind an Application Load Balancer (ALB). You want to secure client connections with HTTPS. Which option correctly describes where SSL/TLS termination should be configured for best practice?

ADo not use SSL/TLS termination; let clients connect over HTTP directly to backend instances.

BConfigure SSL/TLS termination only on backend instances; ALB forwards encrypted traffic.

CConfigure SSL/TLS termination on both ALB and backend instances simultaneously.

DConfigure SSL/TLS termination on the ALB so it handles HTTPS and forwards HTTP to backend instances.

Attempts:

2 left

❓ security

advanced

2:00remaining

Security risk of SSL/TLS termination at load balancer

What is a potential security risk when SSL/TLS termination is done at the load balancer and traffic between the load balancer and backend servers is unencrypted?

ASSL/TLS termination at load balancer causes data loss during transmission.

BClients will see certificate errors because backend servers do not have certificates.

CBackend servers can be exposed to man-in-the-middle attacks on internal network if it is not secure.

DLoad balancer cannot decrypt traffic, causing connection failures.

Attempts:

2 left

❓ Configuration

advanced

2:00remaining

AWS CLI command to create SSL/TLS listener on ALB

Which AWS CLI command correctly creates an HTTPS listener on an existing Application Load Balancer with SSL/TLS termination using a specified certificate ARN?

Aaws elbv2 create-listener --load-balancer-arn <alb-arn> --protocol HTTPS --port 443 --certificates CertificateArn=<cert-arn> --default-actions Type=forward,TargetGroupArn=<tg-arn>

Baws elbv2 create-listener --load-balancer-arn <alb-arn> --protocol HTTP --port 80 --certificates CertificateArn=<cert-arn> --default-actions Type=forward,TargetGroupArn=<tg-arn>

Caws elbv2 create-listener --load-balancer-arn <alb-arn> --protocol HTTPS --port 80 --certificates CertificateArn=<cert-arn> --default-actions Type=forward,TargetGroupArn=<tg-arn>

Daws elbv2 create-listener --load-balancer-arn <alb-arn> --protocol TCP --port 443 --certificates CertificateArn=<cert-arn> --default-actions Type=forward,TargetGroupArn=<tg-arn>

Attempts:

2 left

✅ Best Practice

expert

3:00remaining

Optimal SSL/TLS termination strategy for multi-tier AWS app

You have a multi-tier web application in AWS with a public Application Load Balancer (ALB) in front, an internal Network Load Balancer (NLB) for backend services, and EC2 instances behind the NLB. You want to ensure end-to-end encryption with minimal latency and simplified certificate management. Which SSL/TLS termination strategy is best?

ATerminate SSL/TLS at the ALB, re-encrypt traffic with HTTPS to the NLB, and terminate SSL/TLS at backend EC2 instances.

BTerminate SSL/TLS at the ALB and NLB, forwarding unencrypted traffic to backend EC2 instances.

CTerminate SSL/TLS only at the NLB, forwarding encrypted traffic from ALB to NLB and backend instances.

DTerminate SSL/TLS at the ALB, use HTTP between ALB and NLB, and terminate SSL/TLS again at backend EC2 instances.

Attempts:

2 left