Free Amazon ANS-C01 Actual Exam Questions - Question 5 Discussion
located on-premises that can be accessed by using AWS Direct Connect. The company wants to
ensure that the source IP addresses of clients connecting to the application are passed all the way to
the end server.
How can this requirement be achieved?
If the on-prem servers don’t support ProxyProtocol v2, option C could cause issues. Also, X-Forwarded-For headers (B and D) are mainly for HTTP traffic, so might not apply here. Doesn’t that make A the safest bet?
Maybe C, since ProxyProtocol v2 is designed to forward the client IP info at the transport layer, which might be better for non-web apps if the on-prem setup supports it. A is good, but this adds extra assurance.
A, because it's the simplest way to keep the original source IP without relying on app support.
It’s A because Network Load Balancers preserve the source IP without extra config, unlike ALBs that rely on headers. Since the app isn’t web-based, ProxyProtocol might be overkill here.
D imo, Application Load Balancer mainly handles HTTP/HTTPS traffic and uses X-Forwarded-For headers, but since this is a non-web app, it probably won’t preserve the source IP as needed here.
It’s A for me. Network Load Balancers are designed to preserve the client’s original source IP by default, which fits perfectly when your targets are on-premises. The question doesn’t mention needing ProxyProtocol support on the servers, so adding that complexity with C seems unnecessary. Also, Application Load Balancers won’t work here since it’s a non-web app, so D is out. B can be discarded because the X-Forwarded-For header isn’t used with Network Load Balancers by default, especially for non-HTTP traffic. So, A makes the most straightforward sense.
It’s C because ProxyProtocol v2 explicitly passes the client’s IP to on-prem servers, which is necessary since the targets aren’t in AWS and need that info in a standard format.
I’d go with A since Network Load Balancer keeps the real source IP without extra setup.
It’s A because Network Load Balancers preserve the source IP by default without extra configuration, unlike ALBs or needing ProxyProtocol. This suits non-web apps and on-prem targets well.
Maybe C, since ProxyProtocol v2 is designed to pass client IPs through to the backend servers.