AWS Certified Solutions Architect Associate SAA-C03 Practice Question

Application Load Balancer (ALB) operates at Layer 7, so it can inspect HTTP requests and apply advanced rules such as matching on standard or custom HTTP headers. ALB also supports HTTPS listeners that offload TLS/SSL encryption from the targets and provides native WebSocket support for persistent, bidirectional connections-meeting all three requirements.

Network Load Balancer (NLB) can now terminate TLS by using a TLS listener, but it still works at Layer 4 and cannot look inside HTTP headers to make routing decisions; therefore it does not satisfy the header-based routing requirement.

Amazon CloudFront can terminate TLS and pass WebSocket traffic, but it is a global CDN rather than a load balancer designed to distribute traffic across a fleet of application servers inside a VPC.

AWS Global Accelerator offers static anycast IP addresses and improves global latency, but it does not provide application-layer routing or header inspection.

Because ALB is the only option that simultaneously supports SSL offload, header-based routing, and WebSockets at the application layer, it is the recommended choice.