AWS Certified Security – Specialty — Question 376

A security engineer is configuring a new website that is named example.com. The security engineer wants to secure communications with the website by requiring users to connect to example.com through HTTPS.

Which of the following is a valid option for storing SSL/TLS certificates?

Answer options

• A. Custom SSL certificate that is stored in AWS Key Management Service (AWS KMS)
• B. Default SSL certificate that is stored in Amazon CloudFront.
• C. Custom SSL certificate that is stored in AWS Certificate Manager (ACM)
• D. Default SSL certificate that is stored in Amazon S3

Correct answer: C

Explanation

AWS Certificate Manager (ACM) is the preferred and native service for provisioning, managing, and deploying SSL/TLS certificates for AWS services like Elastic Load Balancing and Amazon CloudFront. AWS KMS is designed for cryptographic key management rather than SSL certificates, and storing certificates directly in Amazon S3 or CloudFront does not provide the automated renewal and integration capabilities of ACM.