AWS Certified SysOps Administrator – Associate — Question 445

A company runs a retail website on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The company must secure traffic to the website over an HTTPS connection.
Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)

Answer options

• A. Attach the certificate to each EC2 instance.
• B. Attach the certificate to the ALB.
• C. Create a private certificate in AWS Certificate Manager (ACM).
• D. Create a public certificate in AWS Certificate Manager (ACM).
• E. Export the certificate, and attach it to the website.

Correct answer: B, D

Explanation

To secure a public-facing retail website with HTTPS, a public SSL/TLS certificate must be requested from AWS Certificate Manager (ACM) because private certificates are not trusted by public web browsers. This certificate must then be attached directly to the Application Load Balancer (ALB) to offload the SSL/TLS decryption process, avoiding the need to manage certificates on individual backend EC2 instances.