AWS Certified Security – Specialty — Question 58

A Solutions Architect is designing a web application that uses Amazon CloudFront, an Elastic Load Balancing Application Load Balancer, and an Auto Scaling group of Amazon EC2 instances. The load balancer and EC2 instances are in the US West (Oregon) region. It has been decided that encryption in transit is necessary by using a customer-branded domain name from the client to CloudFront and from CloudFront to the load balancer.
Assuming that AWS Certificate Manager is used, how many certificates will need to be generated?

Answer options

• A. One in the US West (Oregon) region and one in the US East (Virginia) region.
• B. Two in the US West (Oregon) region and none in the US East (Virginia) region.
• C. One in the US West (Oregon) region and none in the US East (Virginia) region.
• D. Two in the US East (Virginia) region and none in the US West (Oregon) region.

Correct answer: A

Explanation

The correct answer is A because you need one certificate for the customer-branded domain name from the client to CloudFront and another for the connection from CloudFront to the load balancer, which requires two certificates in total. The other options are incorrect because they either suggest unnecessary certificates or incorrect regions for the required certificates.