AWS Certified Security – Specialty — Question 77

A Web Administrator for the website example.com has created an Amazon CloudFront distribution for dev.example.com, with a requirement to configure HTTPS using a custom TLS certificate imported to AWS Certificate Manager.
Which combination of steps is required to ensure availability of the certificate in the CloudFront console? (Choose two.)

Answer options

• A. Call UploadServerCertificate with /cloudfront/dev/ in the path parameter.
• B. Import the certificate with a 4,096-bit RSA public key.
• C. Ensure that the certificate, private key, and certificate chain are PKCS #12-encoded.
• D. Import the certificate in the us-east-1 (N. Virginia) Region.
• E. Ensure that the certificate, private key, and certificate chain are PEM-encoded.

Correct answer: D, E

Explanation

The correct answer is D and E because AWS CloudFront requires the TLS certificate to be imported in the us-east-1 region and also expects the certificate, private key, and certificate chain to be in PEM format. Options A, B, and C are incorrect as they do not meet the specific requirements for CloudFront certificate availability.