AWS Certified SysOps Administrator – Associate — Question 248

A SysOps administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.

What would be the command line necessary to deploy one of the sites’ certificates to the load balancer?

Answer options

• A. aws kms modify-listener –-load-balancer-name my-load-balancer -–certificates CertificateArn=arn:aws:iam::123456789012:server-certifiate/my-new-server-cert
• B. aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-load-balancer –-load-balancer-port 443 –-ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert
• C. aws ec2 put-ssl-certificate –-load-balancer-name my-load-balancer –-load-balancer-port 443 –-ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert
• D. aws acm put-ssl-certificate –-load-balancer-name my-load-balancer –-load-balancer-port 443 –-ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert

Correct answer: B

Explanation

The correct command is option B, which uses 'aws elb set-load-balancer-listener-ssl-certificate' to associate an SSL certificate with the load balancer on the specified port. Options A, C, and D are incorrect as they use the wrong commands or parameters that do not apply to setting SSL certificates on an Elastic Load Balancer.