Answer-first summary for fast verification
Answer: Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain.
## Explanation **Correct Answer: C** - Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain. **Why this is the correct answer:** 1. **AWS Certificate Manager (ACM)** is the AWS service specifically designed for provisioning, managing, and deploying SSL/TLS certificates. It provides automated certificate renewal, which meets the requirement for automation. 2. **DNS validation** is more operationally efficient than email validation because: - It can be fully automated through AWS Route 53 or other DNS providers - It doesn't require manual intervention from domain administrators to respond to emails - It's more reliable and less prone to human error - It's the recommended validation method for production environments 3. **CloudFront integration:** ACM certificates can be directly associated with CloudFront distributions, providing seamless TLS/SSL termination at the CloudFront edge locations. **Why the other options are incorrect:** - **A. Use a CloudFront security policy to create a certificate:** CloudFront security policies configure SSL/TLS protocols and ciphers, but they don't create or manage certificates. This option doesn't address certificate creation or renewal. - **B. Use a CloudFront origin access control (OAC) to create a certificate:** OAC is used to restrict access to CloudFront origins (like S3 buckets), not for certificate management. This is unrelated to TLS certificate creation. - **D. Use AWS Certificate Manager (ACM) to create a certificate. Use email validation for the domain:** While ACM is correct, email validation is less operationally efficient than DNS validation because it requires manual intervention to respond to validation emails, which can delay certificate issuance and renewal. **Key AWS Services Involved:** - **AWS Certificate Manager (ACM):** For automated certificate provisioning and renewal - **Amazon CloudFront:** For content delivery with TLS termination - **DNS validation:** For automated domain verification This solution provides the most operational efficiency by fully automating both certificate creation and renewal through ACM with DNS validation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company uses an Amazon CloudFront distribution to serve content pages for its website. The company needs to ensure that clients use a TLS certificate when accessing the company's website. The company wants to automate the creation and renewal of the TLS certificates.
Which solution will meet these requirements with the MOST operational efficiency?
A
Use a CloudFront security policy to create a certificate.
B
Use a CloudFront origin access control (OAC) to create a certificate.
C
Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain.
D
Use AWS Certificate Manager (ACM) to create a certificate. Use email validation for the domain.