AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

An international company has a subdomain for each country that the company operates in. The subdomains are formatted as example.com, country1.example.com, and country2.example.com. The company's workloads are behind an Application Load Balancer. The company wants to encrypt the website data that is in transit.

Which combination of steps will meet these requirements? (Choose two.)

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Use the AWS Certificate Manager (ACM) console to request a public certificate for the apex top domain example.com and a wildcard certificate for *.example.com.

Use the AWS Certificate Manager (ACM) console to request a private certificate for the apex top domain example.com and a wildcard certificate for *.example.com.

Use the AWS Certificate Manager (ACM) console to request a public and private certificate for the apex top domain example.com.

Validate domain ownership by email address. Switch to DNS validation by adding the required DNS records to the DNS provider.

Validate domain ownership for the domain by adding the required DNS records to the DNS provider.

Explanation:

Explanation

Correct Answers: A and E

Why A is correct:

The company needs to secure both the apex domain (example.com) and subdomains (country1.example.com, country2.example.com)
A wildcard certificate (*.example.com) will cover all subdomains including country1.example.com and country2.example.com
The certificate must be public since it's for a public-facing website behind an Application Load Balancer
Private certificates are for internal/private resources, not public websites

Why E is correct:

DNS validation is the recommended method for domain ownership validation in ACM
It's more secure and reliable than email validation
DNS validation involves adding CNAME records to the domain's DNS configuration
This method doesn't require manual intervention like email validation

Why B is incorrect:

Private certificates are not suitable for public websites. They're designed for internal resources within a private network.

Why C is incorrect:

Requesting both public and private certificates for the same domain is unnecessary and doesn't address the wildcard requirement for subdomains.

Why D is incorrect:

While email validation is an option, DNS validation is preferred and more reliable. The option suggests starting with email then switching to DNS, which adds unnecessary complexity.

Key AWS Concepts:

AWS Certificate Manager (ACM) provides free SSL/TLS certificates
Wildcard certificates (*.example.com) secure the main domain and all its subdomains
DNS validation is the recommended domain verification method
Application Load Balancer can use ACM certificates for HTTPS termination
Public certificates are for internet-facing resources, while private certificates are for internal resources

Powered ByGPT-5.2

Comments

Loading comments...