ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 198 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 198
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

An application team wants to use AWS Certificate Manager (ACM) to request public certificates to ensure that data is secured in transit. The domains that are being used are not currently hosted on Amazon Route 53.

The application team wants to use an AWS managed distribution and caching solution to optimize requests to its systems and provide better points of presence to customers. The distribution solution will use a primary domain name that is customized. The distribution solution also will use several alternative domain names. The certificates must renew automatically over an indefinite period of time.

Which combination of steps should the application team take to deploy this architecture? (Choose three.)

  • A. Request a certificate from ACM in the us-west-2 Region. Add the domain names that the certificate will secure.
  • B. Send an email message to the domain administrators to request validation of the domains for ACM.
  • C. Request validation of the domains for ACM through DNS. Insert CNAME records into each domain's DNS zone.
  • D. Create an Application Load Balancer for the caching solution. Select the newly requested certificate from ACM to be used for secure connections.
  • E. Create an Amazon CloudFront distribution for the caching solution. Enter the main CNAME record as the Origin Name. Enter the subdomain names or alternate names in the Alternate Domain Names Distribution Settings. Select the newly requested certificate from ACM to be used for secure connections.
  • F. Request a certificate from ACM in the us-east-1 Region. Add the domain names that the certificate will secure.
Show Suggested Answer Hide Answer
Suggested Answer: CEF 🗳️
by mercespsn at Oct. 13, 2024, 2:59 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
FlyingHawk
1 day, 16 hours ago
Selected Answer: CEF
Caching solution means CloudFront , not ALB, so E is correct, D is out. F - when using ACM with CloudFront, the certificate must be in the us-east-1 region. Because CloudFront is a global service, and ACM certificates for CloudFront must be in us-east-1. A is incorrect. For Domain validation, the DNS validation is better because once the CNAME is set, future renewals are automatic. Email would require manual steps each renewal, which isn't indefinite. So C is correct.
upvoted 1 times
...
daburahjail
2 months, 3 weeks ago
"To use an ACM certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region." https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html
upvoted 2 times
...
mercespsn
3 months, 3 weeks ago
Selected Answer: CEF
Is the right answer
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago