An application team wants to use AWS Certificate Manager (ACM) to request public certific…

Question

An application team wants to use AWS Certificate Manager (ACM) to request public certificates to ensure that data is secured in transit. The domains that are being used are not currently hosted on Amazon Route 53. The application team wants to use an AWS managed distribution and caching solution to optimize requests to its systems and provide better points of presence to customers. The distribution solution will use a primary domain name that is customized. The distribution solution also will use several alternative domain names. The certificates must renew automatically over an indefinite period of time. Which combination of steps should the application team take to deploy this architecture? (Choose three.)

Accepted Answer

Correct answer: C, E, F. C. Request validation of the domains for ACM through DNS. Insert CNAME records into each domain's DNS zone. — E. Create an Amazon CloudFront distribution for the caching solution. Enter the main CNAME record as the Origin Name. Enter the subdomain names or alternate names in the Alternate Domain Names Distribution Settings. Select the newly requested certificate from ACM to be used for secure connections. — F. Request a certificate from ACM in the us-east-1 Region. Add the domain names that the certificate will secure. — The correct steps are C, E, and F. Option C is necessary for validating the domains through DNS, which is a required step for obtaining an ACM certificate. Option E is essential for creating a CloudFront distribution and properly configuring it with the ACM certificate. Option F is correct as it specifies the correct region for the certificate needed when the domains are not managed by Route 53. Options A and D are incorrect because they reference regions or components that do not meet the requirements of the scenario.

AWS Certified Security – Specialty (SCS-C02) — Question 188

Answer options

Correct answer: C, E, F

Explanation