AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company uses an Amazon CloudFront distribution to serve content pages for its website. The company needs to ensure that clients use a TLS certificate when accessing the company's website. The company wants to automate the creation and renewal of the TLS certificates.

Which solution will meet these requirements with the MOST operational efficiency?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Use a CloudFront security policy to create a certificate.

Use a CloudFront origin access control (OAC) to create a certificate.

Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain.

Use AWS Certificate Manager (ACM) to create a certificate. Use email validation for the domain.

Explanation:

Explanation

Correct Answer: C - Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain.

Why this is the correct answer:

AWS Certificate Manager (ACM) is the AWS service specifically designed for provisioning, managing, and deploying SSL/TLS certificates. It provides automated certificate renewal, which meets the requirement for automation.
DNS validation is more operationally efficient than email validation because:
- It can be fully automated through AWS Route 53 or other DNS providers
- It doesn't require manual intervention from domain administrators to respond to emails
- It's more reliable and less prone to human error
- It's the recommended validation method for production environments
CloudFront integration: ACM certificates can be directly associated with CloudFront distributions, providing seamless TLS/SSL termination at the CloudFront edge locations.

Why the other options are incorrect:

A. Use a CloudFront security policy to create a certificate: CloudFront security policies configure SSL/TLS protocols and ciphers, but they don't create or manage certificates. This option doesn't address certificate creation or renewal.
B. Use a CloudFront origin access control (OAC) to create a certificate: OAC is used to restrict access to CloudFront origins (like S3 buckets), not for certificate management. This is unrelated to TLS certificate creation.
D. Use AWS Certificate Manager (ACM) to create a certificate. Use email validation for the domain: While ACM is correct, email validation is less operationally efficient than DNS validation because it requires manual intervention to respond to validation emails, which can delay certificate issuance and renewal.

Key AWS Services Involved:

AWS Certificate Manager (ACM): For automated certificate provisioning and renewal
Amazon CloudFront: For content delivery with TLS termination
DNS validation: For automated domain verification

This solution provides the most operational efficiency by fully automating both certificate creation and renewal through ACM with DNS validation.

Powered ByGPT-5.2

Comments

Loading comments...