AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
A company uses Amazon Route 53 failover routing to direct users to a disaster recovery site when the primary web application becomes unavailable. The primary site is fronted by an HTTPS Application Load Balancer (ALB) that presents an ACM certificate for www.example.com. A Route 53 HTTPS health check is configured against the ALB's DNS name on port 443, but the health check continually reports the endpoint as unhealthy even though users can browse the site successfully. What will most likely make the health check report the endpoint as healthy without adding extra infrastructure or cost?
Move the health check to port 80 and use HTTP instead of HTTPS to avoid SSL validation errors.
Replace the Application Load Balancer with a Network Load Balancer that uses a static IP and retry the health check.
Change the health check protocol to TCP on port 443 to ignore certificate failures.
Edit the Route 53 health check and enable Server Name Indication (SNI) so the host name is included during the TLS handshake.
When an ALB terminates TLS it relies on Server Name Indication (SNI) to determine which certificate to present. A Route 53 HTTPS health check that does not include SNI performs the TLS handshake without a host name, so the ALB returns its default certificate and the health check fails the SSL validation step. Enabling the "Enable SNI" option on the existing health check causes Route 53 to include the Host header (www.example.com) during TLS negotiation. The load balancer now returns the correct ACM certificate and a 200 response, so the health check status changes to healthy. Changing the protocol or port, or switching to TCP health checks, would bypass certificate validation but would not confirm that HTTPS content is served correctly, and replacing the ALB would add unnecessary cost.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Server Name Indication (SNI) and why is it important?
Open an interactive chat with Bash
How does Amazon Route 53 HTTPS health check use SNI?
Open an interactive chat with Bash
What is the difference between an HTTPS and TCP health check in Route 53?
Open an interactive chat with Bash
What is Server Name Indication (SNI)?
Open an interactive chat with Bash
Why does the Route 53 health check fail with HTTPS if SNI is not enabled?
Open an interactive chat with Bash
How does enabling SNI on a Route 53 health check solve the problem?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Reliability and Business Continuity
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .