Topic 1 Question 577
A company uses an Amazon CloudFront distribution to serve content pages for its website. The company needs to ensure that clients use a TLS certificate when accessing the company's website. The company wants to automate the creation and renewal of the TLS certificates.
Which solution will meet these requirements with the MOST operational efficiency?
Use a CloudFront security policy to create a certificate.
Use a CloudFront origin access control (OAC) to create a certificate.
Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain.
Use AWS Certificate Manager (ACM) to create a certificate. Use email validation for the domain.
ユーザの投票
コメント(8)
C is correct.
"ACM provides managed renewal for your Amazon-issued SSL/TLS certificates. This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching. These services are provided for both public and private ACM certificates."
https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html
👍 5Bmaster2023/08/01- 正解だと思う選択肢: C
The key reasons are:
AWS Certificate Manager (ACM) provides free public TLS/SSL certificates and handles certificate renewals automatically. Using DNS validation with ACM is operationally efficient since it automatically makes changes to Route 53 rather than requiring manual validation steps. ACM integrates natively with CloudFront distributions for delivering HTTPS content. CloudFront security policies and origin access controls do not issue TLS certificates. Email validation requires manual steps to approve the domain validation emails for each renewal.
👍 4Guru4Cloud2023/08/21 - 正解だと思う選択肢: C
C 似乎是正確的
👍 3chen0305_0992023/08/23
シャッフルモード