Answer-first summary for fast verification
Answer: Import a new third-party certificate into AWS Certificate Manager (ACM), associate it with the ALB, and then install it on the EC2 instances.
The correct answer is D. Importing a new third-party certificate into AWS Certificate Manager (ACM), associating it with the ALB, and installing it on the EC2 instances will achieve complete encryption of the traffic between external users and the application. Amazon-issued certificates in ACM cannot be directly exported to be installed on EC2 instances, making option B incorrect. AWS Secrets Manager is not designed for this purpose, and IAM is not typically used for managing SSL/TLS certificates, making options A and C inappropriate.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company seeks to ensure complete encryption of traffic between external users and their application, which is hosted on a fleet of Amazon EC2 instances managed by an Auto Scaling group and situated behind an Application Load Balancer (ALB). What should a security engineer do to achieve this level of encryption?
A
Create a new Amazon-issued certificate in AWS Secrets Manager, export it, and then import it into both the ALB and the EC2 instances.
B
Create a new Amazon-issued certificate in AWS Certificate Manager (ACM), associate it with the ALB, export it from ACM, and finally install it on the EC2 instances.
C
Import a new third-party certificate into AWS Identity and Access Management (IAM), export it from IAM, and then associate it with both the ALB and the EC2 instances.
D
Import a new third-party certificate into AWS Certificate Manager (ACM), associate it with the ALB, and then install it on the EC2 instances.
No comments yet.