# AWS-Certified-Advanced-Networking---Specialty-ANS-C01 — Question 424

**Type:** multiple_choice
**Topics:** topic_1

## Question

A company is planning to create a service that requires encryption in transit. The traffic must not be decrypted between the client and the backend of the service. The company will implement the service by using the gRPC protocol over TCP port 443. The service will scale up to thousands of simultaneous connections. The backend of the service will be hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) duster with the Kubernetes Cluster Autoscaler and the Horizontal Pod Autoscaler configured. The company needs to use mutual TLS for two-way authentication between the client and the backend.
Which solution will meet these requirements?

## Correct Answer

_See scenario._

## Explanation

Selected Answer: A
Option B is incorrect because an Application Load Balancer (ALB) does not support TLS passthrough and decrypts the traffic before forwarding it to the backend servers.

Option C is incorrect because an Application Load Balancer (ALB) does not support mutual TLS authentication (mTLS), which is required for this use case.

Option D is incorrect because a TLS listener is not suitable for this use case. TLS passthrough is required, and the correct listener type for NLB is TCP.

**Reference:** examtopics_top_comment

---
Source: https://hiexam.net/q/amazon/AWS-Certified-Advanced-Networking---Specialty-ANS-C01/424  
Practice (tracked): https://hiexam.net/study/AWS-Certified-Advanced-Networking---Specialty-ANS-C01/practice