ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 30 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 30
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A media company is implementing a news website for a global audience. The website uses Amazon CloudFront as its content delivery network. The backend runs on Amazon EC2 Windows instances behind an Application Load Balancer (ALB). The instances are part of an Auto Scaling group. The company's customers access the website by using service example com as the CloudFront custom domain name. The CloudFront origin points to an ALB that uses service-alb.example.com as the domain name.
The company’s security policy requires the traffic to be encrypted in transit at all times between the users and the backend.
Which combination of changes must the company make to meet this security requirement? (Choose three.)

  • A. Create a self-signed certificate for service.example.com. Import the certificate into AWS Certificate Manager (ACM). Configure CloudFront to use this imported SSL/TLS certificate. Change the default behavior to redirect HTTP to HTTPS.
  • B. Create a certificate for service.example.com by using AWS Certificate Manager (ACM). Configure CloudFront to use this custom SSL/TLS certificate. Change the default behavior to redirect HTTP to HTTPS.
  • C. Create a certificate with any domain name by using AWS Certificate Manager (ACM) for the EC2 instances. Configure the backend to use this certificate for its HTTPS listener. Specify the instance target type during the creation of a new target group that uses the HTTPS protocol for its targets. Attach the existing Auto Scaling group to this new target group.
  • D. Create a public certificate from a third-party certificate provider with any domain name for the EC2 instances. Configure the backend to use this certificate for its HTTPS listener. Specify the instance target type during the creation of a new target group that uses the HTTPS protocol for its targets. Attach the existing Auto Scaling group to this new target group.
  • E. Create a certificate for service-alb.example.com by using AWS Certificate Manager (ACM). On the ALB add a new HTTPS listener that uses the new target group and the service-alb.example.com ACM certificate. Modify the CloudFront origin to use the HTTPS protocol only. Delete the HTTP listener on the ALB.
  • F. Create a self-signed certificate for service-alb.example.com. Import the certificate into AWS Certificate Manager (ACM). On the ALB add a new HTTPS listener that uses the new target group and the imported service-alb.example.com ACM certificate. Modify the CloudFront origin to use the HTTPS protocol only. Delete the HTTP listener on the ALB.
Show Suggested Answer Hide Answer
Suggested Answer: BDE 🗳️
by zaazanuna at March 18, 2023, 10:18 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
study_aws1
Highly Voted 1 year, 7 months ago
Yes it is B, D, E. C is not correct as - Public ACM certificates can be installed on Amazon EC2 instances that are connected to a Nitro Enclave, but not to other Amazon EC2 instances. The question does not mention any use of Nitro enclave here
upvoted 12 times
...
Untamables
Highly Voted 1 year, 6 months ago
Selected Answer: BDE
B, D, E ACM removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. https://aws.amazon.com/certificate-manager/ https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html You can configure one or more cache behaviors in your CloudFront distribution to require HTTPS for communication between viewers and CloudFront. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html Option C is wrong. You cannot associate ACM certificates with an EC2 instance that is not connected to a Nitro Enclave. https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html
upvoted 6 times
...
168cd9d
Most Recent 3 weeks, 2 days ago
Selected Answer: BDE
Cloudfront doesn't work with self-signed certs. ALB needs a cert provided by ACM. ACM is not supported on EC2 or either 3rd party or self signed cert can be used.
upvoted 1 times
...
Raphaello
6 months, 1 week ago
Selected Answer: BCE
BCE are the correct answers. ACM-issued PUBLIC certs cannot be installed on EC2 instances.
upvoted 2 times
Raphaello
6 months, 1 week ago
BDE are the correct answers. My mistake. ACM-issued PUBLIC certs cannot be installed on EC2 instances. That makes D a correct answer..not C.
upvoted 1 times
...
...
Marfee400704
8 months, 1 week ago
I think that it's correcty answer is ABD according to SPOTO products.
upvoted 1 times
...
marfee
8 months, 1 week ago
I think that it's correcty answer is B & D & E.
upvoted 1 times
...
WMF0187
1 year, 1 month ago
C is incorrect because if you need to secure communication between users and EC2 instances, you would typically use SSL/TLS certificates at the load balancer level (e.g., Application Load Balancer or Network Load Balancer) or terminate SSL/TLS at the web server running on the EC2 instance itself.
upvoted 1 times
...
Mishranihal737
1 year, 2 months ago
Yes Correct ans is B,D,E. A-> Incorrect as self signed certs are not supported for Cloud Front C-> Incorrect as ACM doesnot support Certificate export, ACM is not supported on EC2 F-> Incorrect as self signed certs are not supported for Cloud Front.
upvoted 5 times
...
ITgeek
1 year, 6 months ago
Selected Answer: BDE
by eliminating the self signed answers BDE
upvoted 2 times
...
jdsingh
1 year, 6 months ago
Selected Answer: BDE
BDE correct
upvoted 2 times
...
helloworldabc
1 year, 6 months ago
BDE correct
upvoted 1 times
...
flowers00
1 year, 7 months ago
B,D,E - correct.
upvoted 2 times
...
zaazanuna
1 year, 7 months ago
B, E, F - correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago