ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 630 discussion

Exam question from Amazon's AWS-SysOps
Question #: 630
Topic #: 1
[All AWS-SysOps Questions]

A SysOps Administrator is implementing SSL for a domain of an internet-facing application running behind an Application Load Balancer (ALB). The Administrator decides to use an SSL certificate from Amazon Certificate Manager (ACM) to secure it.
Upon creating a request for the ALB fully qualified domain name (FQDN), it fails, and the error message `Domain Not Allowed` is displayed.
How can the Administrator fix this issue?

  • A. Contact the domain registrar and ask them to provide the verification required by AWS.
  • B. Place a new request with the proper domain name instead of the ALB FQDN
  • C. Select the certificate request in the ACM console and resend the validation email.
  • D. Contact AWS Support and verify the request by answering security challenge questions.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by saumenP at Sept. 8, 2019, 5:28 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
saumenP
Highly Voted 3 years, 1 month ago
The answer could be B
upvoted 22 times
karmaah
3 years, 1 month ago
Ans is C : https://forums.aws.amazon.com/message.jspa?messageID=869202 Pl review the question again.Domain Name is not an issue. "Upon creating a request for the ALB fully qualified domain name (FQDN), it fails"
upvoted 3 times
dman
3 years ago
When configuring the security setting in the ALB, there is an option to request Certificates from ACM. The domain name that needs to be used when requesting the certificate, we need to provide the FQDN of the site.. if we use the FQDN of the ALB in the request im not sure if it will work.. hence my answer would be B.
upvoted 6 times
karmaah
3 years ago
If ans B then, Error should be Domain Not Valid Not Domain not allowed.
upvoted 3 times
Kimle
2 years, 11 months ago
Explanation below quoted from Neal practice exams "Answer B" You must own the domain name that you register your certificate for. Also, users will not be entering the ALB FQDN in their browsers, they will be entering the domain name for the website. The Administrator must therefore submit a request to ACM using the domain name of the website. Validation can be via email or DNS. In Route 53 an Alias record can be created that maps the domain name to the ALB.
upvoted 4 times
...
...
...
...
...
ThoseWereTheDays
Highly Voted 3 years ago
B is correct. C is like re-submit certificate request. https://docs.aws.amazon.com/acm/latest/userguide/acm-ug.pdf Certificate Request Fails If your request fails ACM and you receive one of the following error messages, follow the suggested steps to fix the problem. You cannot resubmit a failed certificate request – after resolving the problem, submit a new request. Error Message: Domain Not Allowed
upvoted 12 times
...
e45af42
Most Recent 4 months, 4 weeks ago
Selected Answer: B
Here’s why: The error message Domain Not Allowed typically indicates that the domain name entered in the certificate request is not allowed or is incorrect1
upvoted 1 times
...
albert_kuo
1 year, 3 months ago
Selected Answer: A
The "Domain Not Allowed" error typically occurs when ACM determines that the domain is not permitted for certificate issuance, possibly due to restrictions imposed by ACM or because you do not have the necessary control or authorization to request a certificate for that domain. Contacting the domain registrar, which is the organization where the domain is registered, is the appropriate action to take. They can provide the verification information required by AWS to establish the ownership of the domain. The registrar will typically have specific procedures or settings to verify the domain ownership, such as adding DNS records or confirming email validation.
upvoted 1 times
...
antthomas
2 years, 7 months ago
Selected Answer: B
Explanation below quoted from Neal practice exams "Answer B" You must own the domain name that you register your certificate for. Also, users will not be entering the ALB FQDN in their browsers, they will be entering the domain name for the website. The Administrator must therefore submit a request to ACM using the domain name of the website. Validation can be via email or DNS. In Route 53 an Alias record can be created that maps the domain name to the ALB.
upvoted 2 times
...
alexsandroe
2 years, 11 months ago
letters B
upvoted 1 times
...
Rambogan12
2 years, 12 months ago
https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-failed.html#failed-domain-not-allowed
upvoted 2 times
...
hdbs
2 years, 12 months ago
B is correct.
upvoted 1 times
...
Doms
2 years, 12 months ago
B. You cannot request a certificate for Amazon-owned domain names such as those ending in amazonaws.com, cloudfront.net, or elasticbeanstalk.com.
upvoted 1 times
...
jackdryan
2 years, 12 months ago
I'll go with B
upvoted 1 times
...
dozymars
2 years, 12 months ago
Not Allowed is probably a security issue. So certification needs to be requested. Its C
upvoted 1 times
...
johnsony_ong
3 years ago
B should be correct. Since it's upon creating the request, it was already giving error where the request is not completed, therefore validation will not be sent out, request same thing again will not trigger any validation.
upvoted 1 times
...
MFDOOM
3 years ago
C. Select the certificate request in the ACM console and resend the validation email.
upvoted 1 times
...
Newguru2020
3 years ago
Ans: B Requesting certificates for domains that you don’t control violates the AWS Service Terms. In this scenario, you need to use an Alias record to yourdomain.com as *elb.amzaonaws.com
upvoted 2 times
...
waterzhong
3 years ago
i think it is C
upvoted 2 times
...
joyjyothi
3 years ago
Validation can be done through C, once it is validated then use 'B' to secure it. Is it make sense?.
upvoted 1 times
...
elies_jebri
3 years ago
B is the answer because FQDN for ELB are in general *.elb.amazonaws.com and you can not request a certificate for this domain you don't own it. So you have to request for your domain and you will recieve a mail from your registrar to which you must confirm request
upvoted 11 times
portland
3 years ago
https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html. The domain parameter is your domain that you are trying to secure. B it is.
upvoted 1 times
...
tfreeq
3 years ago
This article shows that you can do that: C. Select the certificate request in the ACM console and resend the validation email.
upvoted 1 times
tfreeq
3 years ago
This article shows that you can do that: https://aws.amazon.com/premiumsupport/knowledge-center/associate-acm-certificate-alb-nlb/
upvoted 1 times
...
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago