Most Secure Connection Between Client and ELB: Security Options for ELB

Correct Answer - B.

During SSL connection negotiations between client & ELB, a list of ciphers & protocols supported by each are presented.

When ELB has Server OrderPreference enabled, it will make sure connections are negotiated based upon the preference of ciphers at the ELB end & not negotiated based upon ciphers at the client end which may be not be recommended.

Options A & D are incorrect as SSL protocol SSL 2.0 is not recommended.

Option C is incorrect as If ELB has Server Order Preference is disabled, order of ciphers at the client end is used for negotiating connections between client & ELB.For more information on Security Policy withAWS ELB, refer to the following URL.

Option A is incorrect because SSL 2.0 is an outdated and insecure protocol that is not recommended for use. Also, disabling the Server Order Preference can lead to security vulnerabilities in the configuration.

Option B is incorrect because while enabling Server Order Preference can improve the overall security of the SSL/TLS connection, using TLS 1.2 is not the best choice as it is not the latest version available.

Option D is incorrect because SSL 2.0 is an outdated and insecure protocol that should not be used for secure connections.

The correct answer is option C, which involves configuring the ELB with a custom Security Policy having Server Order Preference disabled and SSL protocol as TLS 1.2. TLS 1.2 is the latest version of the TLS protocol and provides strong security features such as improved cipher suites and key exchange algorithms. Disabling the Server Order Preference can also improve the overall security of the SSL/TLS connection.

In summary, the IT team should configure ELB with a custom security policy that has Server Order Preference disabled and SSL protocol set to TLS 1.2. This will ensure a secure and enhanced user experience while performing banking transactions.