A popular online banking website is configured on an EC2 instance within VPC. Due to the large number of transactions recently & the requirement of secure connections, IT team is planning to terminate all secure HTTPS connections from the client on ELB instead of EC2 instance. IT team is seeking your help as an AWS expert to configure security policies for ELB which will meet the latest security guidelines & provide an enhanced user experience while performing banking transactions. Which of the following security options can be designed with ELB to have the most secure connection between the client & ELB?

Answer options:

A.Configure ELB with custom Security Policy having Server Order Preference disabled & SSL protocol as SSL 2.0
B.Configure ELB with custom Security Policy having Server Order Preference enabled & SSL protocol as TLS 1.2
C.Configure ELB with custom Security Policy having Server Order Preference disabled & SSL protocol as TLS 1.2
D.Configure ELB with custom Security Policy having Server Order Preference enabled & SSL protocol as SSL 2.0

Correct Answer – B
During SSL connection negotiations between client & ELB, a list of ciphers & protocols supported by each are presented. When ELB has Server OrderPreference enabled, it will make sure connections are negotiated based upon the preference of ciphers at the ELB end & not negotiated based upon ciphers at the client end which may be not be recommended.
Options A & D are incorrect as SSL protocol SSL 2.0 is not recommended. 
Option C is incorrect as If ELB has Server Order Preference is disabled, order of ciphers at the client end is used for negotiating connections between client & ELB.For more information on Security Policy withAWS ELB, refer to the following URL
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-ssl-security-policy.html