AWS Certified SysOps Administrator SOA-C01 – Question202 - AWS Certified SysOps Administrator SOA-C01

A user is trying to setup a security policy for ELB. The user wants ELB to meet the cipher supported by the client by configuring the server order preference in ELB security policy. Which of the below mentioned preconfigured policies supports this feature?

A. ELBSecurity Policy-2014-01
B. ELBSecurity Policy-2011-08
C. ELBDefault Negotiation Policy
D. ELBSample- OpenSSLDefault Cipher Policy

Correct Answer: A

Explanation:

Explanation: Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. If the load balancer is configured to support the Server Order Preference, then the load balancer gets to select the first cipher in its list that matches any one of the ciphers in the client’s list. When the user verifies the preconfigured policies supported by ELB, the policy “ELBSecurity Policy-2014-01” supports server order preference.