A company has its major business on selling second-hand products. Its online trading system is deployed on AWS EC2 instances. In Route53, a domain name has been configured to route the traffic to a Classic Load Balancer. As Classic Load Balancer is quite old and in AWS, there are new types of load balancers that Classic Load Balancer can easily migrate to. The operation team decides to migrate the Load Balancer. They want all the connections between clients and EC2 instances to be kept secure using certificates that they created and want a secure data encryption in transit in adherence to TLS protocol between the clients and EC2 instances. Which choices should be used together to meet the needs?

Answer options:

A.In the “Create Load Balancer” console, create an Application Load Balancer, add a listener with protocol TLS and port 443 so that the TLS connections terminate at the Load Balancer.
B.Go to the Load Balancer console, create a Network Load Balancer with a listener that listens to the traffic with protocol as TLS and port as 443.
C.Create an Application Load Balancer with a listener that listens to the traffic with protocol as HTTPS and port 80.
D.For the new Load Balancer, select the target protocol as HTTPS and port as 443, setting up the connections with targets securely.
E.For the new Load Balancer, select the target protocol as TLS and port as 443. As a result, the connections between Load Balancer and targets are secure.

Correct Answer – B, E
 
In order to make the full path secure, there are two parts to be considered if Network Load Balancer is used.
1, TLS termination on Load Balancer. A listener with TLS and port 443 is required.
2, Configure targets using protocol TLS and port 443.
The details can be found in https://network.exampleloadbalancer.com/nlbtls_demo.html.
Option A is incorrect because the ALB terminates SSL traffic, and the requirement is to get secure traffic up to the EC2 instances.
Option B is CORRECT because this is the correct way to implement the TLS termination on the load balancer.
Option C is incorrect because the ALB terminates SSL traffic, and the requirement is to get secure traffic up to the EC2 instances. 
Option D is incorrect because although this option is partially correct, as the listener is based on TLS as Option B, the target protocol cannot be HTTPS.
Option E is CORRECT because the TLS connection is set up between load balancer and targets. Together with Option B, the connections between clients and EC2 instances are kept secure.