ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 53 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 53
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Solutions Architect is designing a web application that uses Amazon CloudFront, an Elastic Load Balancing Application Load Balancer, and an Auto Scaling group of Amazon EC2 instances. The load balancer and EC2 instances are in the US West (Oregon) region. It has been decided that encryption in transit is necessary by using a customer-branded domain name from the client to CloudFront and from CloudFront to the load balancer.
Assuming that AWS Certificate Manager is used, how many certificates will need to be generated?

  • A. One in the US West (Oregon) region and one in the US East (Virginia) region.
  • B. Two in the US West (Oregon) region and none in the US East (Virginia) region.
  • C. One in the US West (Oregon) region and none in the US East (Virginia) region.
  • D. Two in the US East (Virginia) region and none in the US West (Oregon) region.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by BillyC at Aug. 27, 2019, 2:51 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bach999
Highly Voted 3 years, 6 months ago
I got this question in my exam on 2020-Feb-19.
upvoted 19 times
...
BillyC
Highly Voted 3 years, 7 months ago
A is correct
upvoted 13 times
...
RajAWSDevOps007
Most Recent 4 months ago
Selected Answer: A
A is ineed the answer but the reasoning for ELB certs from ACM is wrong....you can't request a cert for ELB from any region but the region where your ELB needs to support a FQDN/customer specific url than a generic CDN url- see here- https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html
upvoted 1 times
...
RajAWSDevOps007
4 months ago
A is ineed the answer. One needs to request an ACM cert for Cloudfront from us east1 and....you can't request a cert for ELB from any region but only the region where your ELB is hosted and needs to support a FQDN/customer specific url than a generic CDN url- see here- https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html
upvoted 1 times
...
skillz2investor
2 years, 5 months ago
Selected Answer: A
A - is correct. AWS Region for AWS Certificate Manager To use a certificate in AWS Certificate Manager (ACM) to require HTTPS between viewers and CloudFront, make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). If you want to require HTTPS between CloudFront and your origin, and you’re using a load balancer in Elastic Load Balancing as your origin, you can request or import the certificate in any AWS Region.
upvoted 5 times
...
janvandermerwer
2 years, 5 months ago
Selected Answer: A
A - Cloudfront is a global resource, hosted out of us-east-1 Certificates in ACM are region specific, Therefore 1 for the "global" cloudfront distribution 1 for the region.
upvoted 10 times
...
ErnstVonPappen
2 years, 6 months ago
I got this question in Sept 2022 on the Security exam.
upvoted 2 times
Gunay09
2 years, 5 months ago
Can u please tell me ,were all the questions from examtopic in your exam?
upvoted 2 times
...
...
sakibmas
2 years, 6 months ago
Selected Answer: A
- Certificates in ACM are regional resources. - To use an ACM certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. Reference: https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
upvoted 2 times
...
sapien45
2 years, 8 months ago
Selected Answer: A
To use a certificate in AWS Certificate Manager (ACM) to require HTTPS between viewers and CloudFront, make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). If you want to require HTTPS between CloudFront and your origin, and you’re using a load balancer in Elastic Load Balancing as your origin, you can request or import the certificate in any AWS Region. Viewers ------HTTPS ACM USNE----------CF--------HTTPS ACM USWEST---------LBs
upvoted 1 times
RajAWSDevOps007
4 months ago
A is ineed the answer but the reasoning for ELB certs from ACM is wrong....you can't request a cert for ELB from any region but the region where your ELB needs to support a FQDN/customer specific url than a generic CDN url- see here- https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html
upvoted 1 times
...
...
SoukelezArtibuz
3 years, 5 months ago
"AWS Region for AWS Certificate Manager To use a certificate in AWS Certificate Manager (ACM) to require HTTPS between viewers and CloudFront, make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). If you want to require HTTPS between CloudFront and your origin, and you’re using a load balancer in Elastic Load Balancing as your origin, you can request or import the certificate in any AWS Region." So A indeed. Learning a lot with those questions!
upvoted 6 times
...
hk436
3 years, 5 months ago
A is my answer.!
upvoted 2 times
...
bluetaurianbull
3 years, 5 months ago
People who are not in US now have to learn GEOGAPHY also to pass AWS certification .. ITS CRAP AWS is having such questions - if its a real question...
upvoted 2 times
EA_Practice
3 years, 5 months ago
viable alternative would be creating your own cloud
upvoted 1 times
wahlbergusa
3 years, 5 months ago
LOL :) Sad but true.
upvoted 1 times
...
...
ideoignus
3 years, 3 months ago
It's more about history/physical infrastructure of AWS, than geography. us-east1 is where it all started and hence any global resource is hosted there, all new services start there.
upvoted 2 times
...
sapien45
2 years, 8 months ago
Agreed, in addition to GEOGAPHY, some say you need to learn Spelling
upvoted 4 times
...
...
sanjaym
3 years, 5 months ago
Ans: A 100%
upvoted 1 times
...
devjava
3 years, 6 months ago
Ans > A
upvoted 1 times
...
AfricanCloudGuru
3 years, 6 months ago
Ans(A)
upvoted 1 times
...
DanMuniz
3 years, 6 months ago
A, you must have one in Virginia.
upvoted 1 times
...
bLk
3 years, 6 months ago
Answer: A Why? If you want to require HTTPS between viewers and CloudFront, you must change the AWS Region to US East (N. Virginia) in the AWS Certificate Manager console before you request or import a certificate. If you want to require HTTPS between CloudFront and your origin, and you're using an ELB load balancer as your origin, you can request or import a certificate in any Region. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html
upvoted 9 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago