Topic 1 Question 172
2 つ選択A company uses an Amazon API Gateway regional REST API to host its application API. The REST API has a custom domain. The REST API's default endpoint is deactivated.
The company's internal teams consume the API. The company wants to use mutual TLS between the API and the internal teams as an additional layer of authentication.
Which combination of steps will meet these requirements?
Use AWS Certificate Manager (ACM) to create a private certificate authority (CA). Provision a client certificate that is signed by the private CA.
Provision a client certificate that is signed by a public certificate authority (CA). Import the certificate into AWS Certificate Manager (ACM).
Upload the provisioned client certificate to an Amazon S3 bucket. Configure the API Gateway mutual TLS to use the client certificate that is stored in the S3 bucket as the trust store.
Upload the provisioned client certificate private key to an Amazon S3 bucket. Configure the API Gateway mutual TLS to use the private key that is stored in the S3 bucket as the trust store.
Upload the root private certificate authority (CA) certificate to an Amazon S3 bucket. Configure the API Gateway mutual TLS to use the private CA certificate that is stored in the S3 bucket as the trust store.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: AE
A. Because it's only for internal teams. E. Because the truststore dictates which CAs to trust. If you have intermediate CAs those also need to be present in the S3 bucket.
👍 2d262e672023/12/31 - 正解だと思う選択肢: AC
You shall NEVER upload private cert or key to an S3 bucket. This is a bad practise and hence C.
I also choose A because you need private cert between the internal teams and the API.
👍 2kabary2023/12/31 - 正解だと思う選択肢: AE
A and E
👍 1PrasannaBalaji2023/12/29
シャッフルモード