You work for your company as an AWS administrator. You’ve set up a Classic Load balancer and EC2 Instances for an application. You have set up HTTPS listeners with the default security policies. Your Security department has mentioned that the security policy defined for the load balancer does not meet the regulations defined for the policy. What changes would you make to be in line with the requirements of the IT security department?

Answer options:

A.Create a new SSL certificate and associate it with the underlying EC2 Instances.
B.Create a new SSL certificate and associate it with the underlying Classic Load balancer.
C.Create a custom security policy and associate it with the EC2 Instance.
D.Create a custom security policy and associate it with the Classic Load Balancer.

Answer – D
You can create a custom Security policy that is in line with the IT security department and then associate it with the Classic Load Balancer.
Options A and B are incorrect since you don’t need to change the SSL certificates.
Option C is incorrect since you need to change the security policy with the ELB.For more information on Security Policies for the Classic Load Balancer, please refer to the below URL
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ssl-config-update.html