AWS Certified Security – Specialty (SCS-C02) — Question 1

A security engineer is configuring a new website that is named example.com. The security engineer wants to secure communications with the website by requiring users to connect to example.com through HTTPS.
Which of the following is a valid option for storing SSL/TLS certificates?

Answer options

• A. Custom SSL certificate that is stored in AWS Key Management Service (AWS KMS)
• B. Default SSL certificate that is stored in Amazon CloudFront
• C. Custom SSL certificate that is stored in AWS Certificate Manager (ACM)
• D. Default SSL certificate that is stored in Amazon S3

Correct answer: C

Explanation

The correct answer is C because AWS Certificate Manager (ACM) is specifically designed for managing SSL/TLS certificates and automating their deployment. Option A is incorrect as AWS KMS is primarily for managing encryption keys, not certificates. Option B refers to CloudFront, which does offer SSL certificates but doesn't manage custom SSL certs as ACM does. Option D is also incorrect because Amazon S3 is used for storage but not for managing SSL certificates.