A DevOps team is planning to deploy a containerized application on Amazon Elastic Contain…

Question

A DevOps team is planning to deploy a containerized application on Amazon Elastic Container Service (Amazon ECS). The team will use an Application Load Balancer (ALB) to distribute the incoming traffic for the ECS application. A security engineer needs to terminate the TLS traffic at the ALB to ensure security of data in transit. Which solutions can the security engineer use to create a certificate and deploy the certificate at the ALB to meet these requirements? (Choose two.)

Accepted Answer

Correct answer: A, B. A. Use TLS tools to create a certificate signing request (CSR). Get the CSR signed by a certificate authority (CA) to produce a certificate. Import the certificate into AWS Certificate Manager (ACM).
Specify the certificate for the TLS listener on the ALB. — B. Use AWS Certificate Manager (ACM) to request a certificate. Specify the certificate fort the TLS listener on the ALB. — AWS Certificate Manager (ACM) is the primary service used to provision, manage, and deploy SSL/TLS certificates for AWS resources like an Application Load Balancer (ALB). Option B is correct because ACM can natively generate and renew public or private certificates that can be directly attached to an ALB listener. Option A is also correct because ACM allows importing third-party certificates that were generated using external TLS tools and signed by an external Certificate Authority (CA). AWS KMS (Option C) and Amazon ECS (Options D and E) do not have native features to generate CSRs or manage TLS certificates for ALBs.

AWS Certified Security – Specialty — Question 393

Answer options

Correct answer: A, B

Explanation