Topic 1 Question 198

AWS Certified Security - Specialty

Topic 1 Question 198
An application team wants to use AWS Certificate Manager (ACM) to request public certificates to ensure that data is secured in transit. The domains that are being used are not currently hosted on Amazon Route 53.

The application team wants to use an AWS managed distribution and caching solution to optimize requests to its systems and provide better points of presence to customers. The distribution solution will use a primary domain name that is customized. The distribution solution also will use several alternative domain names. The certificates must renew automatically over an indefinite period of time.

Which combination of steps should the application team take to deploy this architecture?

3 つ選択
- Request a certificate from ACM in the us-west-2 Region. Add the domain names that the certificate will secure.
- Send an email message to the domain administrators to request validation of the domains for ACM.
- Request validation of the domains for ACM through DNS. Insert CNAME records into each domain's DNS zone.
- Create an Application Load Balancer for the caching solution. Select the newly requested certificate from ACM to be used for secure connections.
- Create an Amazon CloudFront distribution for the caching solution. Enter the main CNAME record as the Origin Name. Enter the subdomain names or alternate names in the Alternate Domain Names Distribution Settings. Select the newly requested certificate from ACM to be used for secure connections.
- Request a certificate from ACM in the us-east-1 Region. Add the domain names that the certificate will secure.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: CEF
  Is the right answer
  
  👍 4
  mercespsn2024/10/12
- "To use an ACM certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region."
  
  https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html
  
  👍 2
  daburahjail2024/11/12
- 正解だと思う選択肢: CEF
  Caching solution means CloudFront , not ALB, so E is correct, D is out. F - when using ACM with CloudFront, the certificate must be in the us-east-1 region. Because CloudFront is a global service, and ACM certificates for CloudFront must be in us-east-1. A is incorrect. For Domain validation, the DNS validation is better because once the CNAME is set, future renewals are automatic. Email would require manual steps each renewal, which isn't indefinite. So C is correct.
  
  👍 1
  FlyingHawk2025/02/05
シャッフルモード

ユーザの投票

コメント(3)