AWS Certified Developer – Associate — Question 110

A company is running its website on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group. A developer needs to secure the internet-facing connection with HTTPS. The developer uses AWS Certificate Manager (ACM) to issue an X.509 certificate.

What should the developer do to secure the connection?

Answer options

• A. Configure the ALB to use the X.509 certificate by using the AWS Management Console.
• B. Configure each EC2 instance to use the same X.509 certificate by using the AWS Management Console.
• C. Export the root key of the X.509 certificate to an Amazon S3 bucket. Configure each EC2 instance to use the same X.509 certificate from the S3 bucket.
• D. Export the root key of the X.509 certificate to an Amazon S3 bucket. Configure the ALB to use the X.509 certificate from the S3 bucket.

Correct answer: A

Explanation

The correct answer is A because the Application Load Balancer (ALB) is the component that directly handles incoming HTTPS requests, and it can be configured to use the X.509 certificate issued by AWS Certificate Manager (ACM). Options B, C, and D are incorrect because configuring individual EC2 instances with the certificate is unnecessary and not the best practice for managing SSL termination, which should be handled at the ALB level.